Credentials
- Credentials are objects that include the specification of a user account and password that can be used for authenticattion:
- HTTP Authentication with a JobScheduler Master.
- HTTP Authentication with a Proxy.
- Credentials objects can be created once and can be re-used:
- Credentials can be created within a PowerShell session. The PowerShell built-in
Get-Credentialcmdlet can be used to specify credentials on the fly, e.g. prompting the user for input of the user account and password. - Credentials can be created outside of a PowerShell session and can be used in a PowerShell session. The
Get-JobSchedulerSystemCredentialscmdlet can be used to retrieve an existing credentials object for authentification with the JobScheduler Master.
- Credentials can be created within a PowerShell session. The PowerShell built-in
Windows Credential Management
- Windows remembers accounts and passwords that a user has been prompted for. The operating system will store user credentials in an encrypted file scheme known as the Windows Vault. Such credentials are used to automatically log on to a server/site without first being prompted to provide an account and password.
- Windows provides the Credential Manager API that allows to create, read, update and delete credentials objects.
A number of tools are available for credential management based on the Windows Credential Manager API:
- Use of the Windows
cmdkeycommand. - Use of the Windows Credential Manager GUI front end for the Windows Vault. Search for "Credentials" (German: "Anmeldungsinformationsverwaltung") in the Windows Search Settings page.
In addition a vast number of tools is available for credentials management.
- Use of the Windows
- Credentials can be managed in a number of scopes, e.g. generic credentials for a local environment and enterprise credentials for use within a domain.
Use Cases
Using the Windows cmdkey command to manage credentials
The following example shows how add and read credentials by use of the cmdkey command:
C:\> cmdkey /add:login_as_ap /user:ap /pass:ap C:\> cmdkey /list:login_as_ap
Explanations
- Line 1 adds credentials for the account
apwith passwordapand specifies the target namelogin_as_ap. - Line 2 reads the credentials that have been stored with the target name
login_as_ap. - The
cmdkeycommand can only be used for generic credentials within a local scope.
Using the Get-JobSchedulerSystemCredentials cmdlet to retrieve credentials
Using the target name login_as_ap from the above example allows the user who owns this credential to retrieve the credentials object.
- The
Get-JobSchedulerSystemCredentialscmdlet accepts the target name of a system credentials object that is owned by the current user. This cmdlet returns a system credentials object. - The
Set-JobSchedulerCredentialscmdlet expects a PowerShell credentials object, that is used for authentication when accessing the JobScheduler Master. - Therefore a conversion of objects is required that can be achieved e.g. like this:
Import-Module JobScheduler $systemCredentials = Get-JobSchedulerSystemCredentials -TargetName 'login_as_ap' $credentials = ( New-Object -typename System.Management.Automation.PSCredential -ArgumentList $systemCredentials.UserName, $systemCredentials.Password ) Set-JobSchedulerCredentials -Credentials $credentials
Explanations
- Line 1 imports the JobScheduler PowerShell Module
- Line 2 reads an existing system credentials object that has been stored with the target name
login_as_ap. - Line 3 copies the user account and password of the system credentials object to the PowerShell credentials object.
- Line 4 forwards the PowerShell credentials object to the JobScheduler CLI for authentification with the JobScheduler Master.
Using the PowerShell profile to apply credentials
Credentials can be added to the JobScheduler CLI by a PowerShell profile. A number of locations are available for profiles. Check the value of the $Profile built-in variable for the currently active profile.
You can copy & paste the above example for use of the Get-JobSchedulerSystemCredentials cmdlet to your PowerShell profile. This allows to automatically use the specified credentials for the JobScheduler Master.