Highlighted
Contributor
Contributor

How do I use a local ticket acquired via VMware.Vim?

Object vSphereClient is already established and logged in.

using VMware.Vim;

private SessionManager GetSessionManager() {

  SessionManager sessionManager = null;

  try {

  ManagedObjectReference _svcRef = new ManagedObjectReference();

  _svcRef.Type = "ServiceInstance";

  _svcRef.Value = "ServiceInstance";

  ServiceInstance _service = new ServiceInstance(vSphereClient, _svcRef);

  ServiceContent _sic = _service.RetrieveServiceContent();

  sessionManager = (SessionManager)vSphereClient.GetView(_sic.SessionManager, null);

  }

  catch (Exception e) {

  throw (e);

  }

  return sessionManager;

}

public SessionManagerLocalTicket GetLocalTicket(string userName) {

  return GetSessionManager().AcquireLocalTicket(userName);

}

Here you see at method GetLocalTicket I can acquire a local ticket.

It creates a file with a one time username and password on the host, for instance:

/var/run/vmware-hostd-ticket/52b65cfa-d0d1-0dc6-ffc1-c8428d10e973

This file is available for a few seconds only (4 or 5 seconds, or so), after that it dissapears. I can use the contents of it to authenticate against for instance a vSphere host, one time.

The firstproblem is:

1. How do I read it from the host or use it for authentication directly?

I tried displaying it with "more /var/run/vmware-hostd-ticket/52b65cfa-d0d1-0dc6-ffc1-c8428d10e973"and I only get data similar to this: "52 1f 94 41 69 db 7c 67-ee d9 3a e4 dc 2d 6e b9~"

That doesn't make any sense to me, so the second problem is:

2. When acquired from the host, how do I use it? Is this the password string maybe?


And my third question:

3. How do I set the expiration time for the ticket to be more then a few seconds? Or in other words, the server-determined expiration time?

According to https://www.vmware.com/support/developer/vc-sdk/visdk2xpubs/ReferenceGuide/vim.SessionManager.html the expiration time is set some where on the host.

" The local ticket that is returned becomes invalid either after it is used or after a server-determined ticket expiration time passes."


0 Kudos
2 Replies
Highlighted
Contributor
Contributor

I have answers for two of three questions now. Missing answer to question number three.

1. AcquireLocalTicket is meant to be used locally on the host where you can read the local ticket. If I want to send it somewhere, I will have to code something smart that runs on the host and makes the LocalTicket available as soon as it shows up. For instance a file watcher that copies the file to a tftp location where I run a tftp server.

2. When acquired from the host, the file contains the password that can be used for authentication as long as the ticket has not timed out.

3. ?

0 Kudos
Highlighted
Enthusiast
Enthusiast

I would ask what is the reason you are trying to use a local ticket?  What exactly is it that you are trying to accomplish because there probably is a better way.  Local tickets are meant to be used in the session, id:  I use acquirecloneticket() (slightly different method) to open a remote html5 console to a vm, but I don't leave it there and save it for a long time to use it later.  I would be happy to discuss with you what your requirements are so we can come up with a better solution.

Josh

0 Kudos