Hey there,
after i install our ESXi hosts and put them into the vcenter i use a powershell script which will do the rest of configuration needed...
One of the points is to create a local readonly esxi User with a password. I dont like to have passwords in my scripts and in this case the script will only run with user interaction.
So in the first case i try to use a simple
$pwd = read-host "Enter a password:"
the problem here is here you can read the password which is provided...
I read little bit and try..
$pwd = read-host "Enter a password:" -asSecureString
This looks nice in the first step but to avoid password missmatches i fetch the password twice and compare both. In this case $pwd1 & $pwd2 are securestrings and do not match.
Now i try something like...
---Snip----
$check = "0"
while ($check -eq "0") {
$encpasswort1 = Read-Host "Please Enter pwd: " -AsSecureString
$encpasswort2 = Read-Host "again" -AsSecureString
$password1 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword1))
$password2 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword2))
if ($passwort1 -eq $passwort2) {
write-host -ForegroundColor Green "Lege Nutzer auf " $esx_Host.Name "an `n"
$status = Connect-VIServer $esx_Host.Name -User root -wa 0
$status = New-VMHostAccount -Id $user -Password $passwort1 -Description $desc -UserAccount
$status = New-VIPermission -Principal $user -Role $role -Entity (Get-Datacenter)
$status = Disconnect-VIServer $esx_Host.Name -Confirm:$false
$check = "1"
}
}
---snip----
This works so far but maybe there is a better way...
Maybe to compare to Securestring objects or pass them to an esxi host...
Some ideas would be welcome.
Thanks
You can do the following to compare them
$encpasswort2 = Read-Host "again" -AsSecureString
$clearpasswort1 = (New-Object pscredential "user",$encpasswort1).GetNetworkCredential().Password
$clearpasswort2 = (New-Object pscredential "user",$encpasswort2).GetNetworkCredential().Password
$clearpasswort1 -eq $clearpasswort2
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
One simple builtin solution is to use the New-VICredentialStoreItem cmdlet.
You can use the Get-VICredentialStoreItem cmdlet to retrieve user/password information.
This can be used for credentials that have nothing to do with vSphere as well.
Use the Server as a tag for the credentials.
The credentials can only be decrypted by the same user and on the same station where the encryption was done.
Note, since this is based on a Windows encryption/decryption API, it will not work on PowerShell Core.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi,
that looks good so far..
the problem is that the Password must be System.String. I have to provide the password in the script or in the cmd. Both would be clear text..
with the readline -asSecurestring command the input is hidden and cant be read.
You can do the following to compare them
$encpasswort2 = Read-Host "again" -AsSecureString
$clearpasswort1 = (New-Object pscredential "user",$encpasswort1).GetNetworkCredential().Password
$clearpasswort2 = (New-Object pscredential "user",$encpasswort2).GetNetworkCredential().Password
$clearpasswort1 -eq $clearpasswort2
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference