HP Web Jetadmin 10.3 - User Guide
●
SNMP Set Community Name: A grouping mechanism for SNMPv1/v2 used as a security mechanism by
many customers. Device configuration is not possible without knowledge of the Set name value. The
Set name value traverses the network in clear text and can be “sniffed” by eavesdroppers.
●
SNMP Get Community Name: Sometimes used to prevent device discovery from other HP Web Jetadmin
installations. Devices only respond to Get packets that have the correct value. The Get name value
traverses the network in clear text and can be “sniffed” by eavesdroppers.
Two actions cause the value of any credential to be stored:
●
Configuration: The credential becomes stored once it has been configured onto the device.
●
Use: The credential value, when used successfully, becomes stored.
HP Web Jetadmin reuses stored credentials any time it encounters the requirement for them. When
configuring a device that has had a credential stored, you are not required to re-enter the credential into
HP Web Jetadmin. The application uses the credential in the background. In fact, you are not even required to
know the credential because HP Web Jetadmin is using stored values.
Credentials Delegation
With credentials stored in the Credentials Store, HP Web Jetadmin can apply them transparently any time the
need arises. This is known as credentials delegation. While configuring devices, you do not have to remember
or even know the credential to perform the configuration. You just need access to HP Web Jetadmin and
device configuration features. Characteristics of credentials delegation are:
●
Only one or a few device administrators know the device credentials.
●
Some HP Web Jetadmin users are allowed configuration access to the devices via Roles and User
Security.
●
Users can be added or removed from this delegation through Roles and User Security (
User Security
on page 271).
●
Other HP Web Jetadmin users can be restricted from device configuration.
●
Knowledge about device passwords is required before you can change any password value.
Credentials delegation is used to allow configuration of devices without having to share the credential
“secrets” across a large distribution. Staffs can control and configure devices while administrators control
and configure passwords. Any user with access to devices and configuration features has delegated access to
the Credential Store.
Credentials Needed
When HP Web Jetadmin, during an action such as device configuration, encounters a device with a credential
such as SNMP Set Community Name, it follows a specific sequence. Here is a simplified example showing how
HP Web Jetadmin attempts to resolve a credential:
●
HP Web Jetadmin checks the Credential Store for a credential.
●
If a credential exists, HP Web Jetadmin attempts the configuration using the credential value.
If a credential does not exist, HP Web Jetadmin checks Global Credentials.
●
If the configuration is successful, the credential check is resolved and complete.
If it fails, HP Web Jetadmin checks Global Credentials.
During a user-attended configuration session, HP Web Jetadmin prompts for credentials. If the user does not
supply the credential or the session is not live, the device is flagged as Credentials Required and listed in the
46 Chapter 2 Introduction to HP Web Jetadmin ENWW