3.6.0 Matrix Server 3.6.0 Administration Guide (5697-7081, December 2007)

Chapter 4: Matrix Administration 24

When the PolyServe Management Console is used, credentials are

processed in this order:

•If a .matrixrc file exists, the user credentials specified in the file for the

selected server are used.

• If there is not a .matrixrc file or the file does not include user

credentials, the credentials provided by single sign-on semantics are

used.

• If single sign-on fails, the user is prompted for a user name and

password.

Authentication Considerations

You should be aware of the following recommendations and guidelines:

• We recommend that single sign-on be used to authenticate users.

When users connect to the PolyServe Management Console, they can

use the “As User” feature to log in as another user if necessary. On the

command line, the Windows runas command can be used to become a

administrative user before running the PolyServe Management

Console or matrix commands.

• By default, the machine local Administrators group has full cluster

rights and can perform all matrix operations. You can use the Role-

Based Security feature to create administrative roles that allow or

deny other users and groups the ability to perform specific matrix

operations.

• If the Management Console or matrix commands will be run from a

machine that is not in the domain (or trusted domain), single sign-on

cannot be used to authenticate the users of that machine. Instead, you

will need to create a .matrixrc file containing the authentication

information. You can use the PolyServe Management Console

bookmarks feature, described later, to do this.

• Including user names and passwords manually in the .matrixrc file can

be a security issue if the passwords are in clear text. Matrix Server

provides a utility (the mxgenpass command) that can be used to

generate encrypted passwords. When the PolyServe Management

Console bookmarks feature is used to generate the .matrixrc file,