Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Software Development Kit (SDK) and API Discussions

Automating API commands and securing passwords

DRCLEND123

Hello there. I have written some scripts using the undocumented system-cli API command. I am also using the apitest.pl script to run them. An example for running "cifs shares" is as follows:

perl apitest.pl -i $host $user $pass "<system-cli><args><arg>cifs</arg><arg>shares</arg></args></system-cli>

There are two potential problems I see here:

1. The command takes in a plain text password. I have written something to turn off echo and take in a password typed in by the user running the script. This however is not convenient for scripts we want to run automatically, say from crontab. Is there any default way to go about securing a password for this cause? So far my conclusion has been to create a config file housing the encoded/encrypted password and decoding/decrypting it every time the script runs.

2. As per my limited knowledge, these commands are sent unencrypted over port 80. Are there any ways to secure the transmission of these commands so the plain text username and password cannot be sniffed?

I believe the easiest solution is to use ssh keys and run the equivalent cli commands over the ssh session instead of using the api commands. This however requires a rewrite of my scripts. Are there any other known solutions when working with the API commands?

2 REPLIES 2

aashray

1) You could add host ip in the hosts.equiv file. You don’t need to give password in the scripts provided your host is secured enough.

2) SDK also has a HTTPS transport type (uses port 443) that you can set while making your connection.


robinpeter

Yes we know this can be used in 7-mode. how can we use the hosts.equiv method (HOST) in C-Mode.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public