vSphere Authentication Mechanism

The vMA authentication interface allows users and applications to authenticate with the target servers using vi-fastpass or Active Directory. While adding a server as a target, the Administrator can determine if the target can use vi-fastpass or Active Directory authentication. For vi-fastpass authentication, the credentials that a user has on the VMware vCenter Server system or VMware ESXi host are stored in a local credential store. For Active Directory authentication, the user is authenticated with an Active Directory server.

When you add an ESXi host as a fastpass target server, vi-fastpass creates two users with obfuscated passwords on the target server and stores the password information on vMA:

■	vi-admin with administrator privileges
■	vi-user with read-only privileges

The creation of vi-admin and vi-user does not apply for Active Directory authentication targets. When you add a system as an Active Directory target, vMA does not store any information about the credentials. To use the Active Directory authentication, the administrator must configure vMA for Active Directory. For more information on how to configure vMA for Active Directory, see ConfigurevSphere Management Assistant for Active Directory Authentication Configure vMA for Active Directory Authentication.

After adding a target server, you must initialize vi-fastpass so that you do not have to authenticate each time you run vSphere CLI commands. If you run a vSphere CLI command without initializing vi-fastpass, you are asked for a user name and password.

You can initialize vi-fastpass in two ways:

■	Run vifptarget. For more information about this script, see vifptarget command for vi-fastpass initialization

Call the Login method in a Perl or Java application. For more information about this method, see VmaTargetLib Reference.

After setting up a target using the vifptarget command, you can run vSphere CLI commands or scripts that use VMware vSphere SDK for Perl without providing any authentication information. Use the --vihost command to run commands against a VMware ESXi host managed by a VMware vCenter Server.

Each time you log in to vMA, you must run thevifptargetcommand or the Login method at least once. The target that you select in thevifptarget command is the default target. Target servers remain targets across reboots. To set another host as the target, use the --server command of the vSphere CLI commands as shown in the following example:

vifptarget -s esx1.foo.com
vicfg-nics -l #lists the nics on esx1.foo.com
vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com