Stored credentials are used to manage authorization
and access to chassis and servers that are managed by Lenovo XClarity Administrator using local authentication.
Before you begin
You must have lxc-supervisor or lxc-security-admin authority to create, modify, or delete stored credentials.
About this task
A stored credential must be a local user account on a device or
a user account in an Active Directory server.
If you choose
to manage devices using local authentication instead of XClarity Administrator managed authentication, you must select a stored-credentials
account during the management process.
Important: XClarity Administrator does not validate the user name and password that you
specify for the stored credential. It is your responsibility to ensure
that specified information corresponds to an active user account on
the local device or Active Directory (if the managed device is configured
to use Active Directory for authentication).
Attention: The stored credentials must have supervisor access
or sufficient authority to make configuration changes on the device.
If you attempt to manage a server with stored credentials that do
not have sufficient authority on the device, the manage process might
succeed but additional administrative inventory actions on the device
might fail due to access-denied errors, which could lead to perceived
connectivity problems with the device.
Procedure
To add a stored credential to XClarity Administrator, complete the following steps.
- From the XClarity Administrator menu bar, click . The Security page is displayed.
- Click Stored Credentials under the
Managed Authentication section to display the Stored Credential page.
- Click the Create icon () to create a stored credential. The Create New Stored Credentials dialog is displayed
- Fill in the following information in the dialog.
Enter a user name and optional description for the stored credential.
Enter and then confirm the password for the stored credential.
Optionally enter and then confirm the password for the RECOVERY_ID
stored recovery credentials.
- Click Create Stored Credential.
After you finish
The stored-credential account is displayed in the Stored Credential
table. The table shows the associated ID and description for each
stored-credential account.
From the Stored Credentials page, you
can perform the following actions on a selected stored-credential
account:
Modify the user name, password, and description for a stored-credential
account by clicking the Edit icon ().
Note: If you manage a device using
a stored credential and enable managed authentication, you cannot
edit the stored credential.
Delete the stored-credential account by clicking the Delete icon ().
To resolve stored credentials that have become expired or
invalid, see Resolving expired or invalid stored credentials for a server.