2.2. Authentication
Some commands based on the
pki
utility require the user to authenticate. The utility supports authentication with the user name and password credentials or with a client certificate.
Authentication with a User Name and Password
To supply the user name, add the
-u
option to the particular pki
command. To supply the password, use the -W
or -w
option; alternatively, if you do not add the password directly to the command using -W
or -w
, pki
prompts for the password interactively if required.
For batch operations, it is recommended to use
-W
to provide the password because this option enables you to take certain security measures to protect the password, such as set system permissions, system ACLs, or SELinux policies. With -w
, you supply the password in plain text.
For individual command-line invocations, it is recommended not to supply the password directly with the command and instead provide it interactively. For example, by executing the following command, the user only supplies the user name and lets
pki
prompt for the password:
pki -u user_name user-find
For more information about the described options, see the pki(1) man page.
Authentication with a Client Certificate
To supply the required certificate information, use the
-C
or -c
options to specify the security database file and the -n
option to specify the certificate nickname.
For batch operations, it recommended to use
-C
to pass the file because this option enables you to take certain security measures to protect the file, such as set system permissions, system ACLs, or SELinux policies. With -c
, the file is provided in plain text.
pki -C security_database_password_file -n certificate_nickname user-find
For more information about the described options, see the pki(1) man page.