HP Web Jetadmin Software Use, Configuration, Credential Store, Credentials Needed, Credentials Delegation, SNMP Get Community Name

●SNMP Set Community Name: A grouping mechanism for SNMPv1/v2 used as a security mechanism by many customers. Device configuration is not possible without knowledge of the Set name value. The Set name value traverses the network in clear text and can be “sniffed” by eavesdroppers.

●SNMP Get Community Name: Sometimes used to prevent device discovery from other HP Web Jetadmin installations. Devices only respond to Get packets that have the correct value. The Get name value traverses the network in clear text and can be “sniffed” by eavesdroppers.

Two actions cause the value of any credential to be stored:

●Configuration: The credential becomes stored once it has been configured onto the device.

●Use: The credential value, when used successfully, becomes stored.

HP Web Jetadmin reuses stored credentials any time it encounters the requirement for them. When configuring a device that has had a credential stored, you are not required to re-enter the credential into HP Web Jetadmin. The application uses the credential in the background. In fact, you are not even required to know the credential because HP Web Jetadmin is using stored values.

With credentials stored in the Credentials Store, HP Web Jetadmin can apply them transparently any time the need arises. This is known as credentials delegation. While configuring devices, you do not have to remember or even know the credential to perform the configuration. You just need access to HP Web Jetadmin and device configuration features. Characteristics of credentials delegation are:

●Only one or a few device administrators know the device credentials.

●Some HP Web Jetadmin users are allowed configuration access to the devices via Roles and User Security.

●Users can be added or removed from this delegation through Roles and User Security (User Security on page 271).

●Other HP Web Jetadmin users can be restricted from device configuration.

●Knowledge about device passwords is required before you can change any password value.

Credentials delegation is used to allow configuration of devices without having to share the credential “secrets” across a large distribution. Staffs can control and configure devices while administrators control and configure passwords. Any user with access to devices and configuration features has delegated access to the Credential Store.

When HP Web Jetadmin, during an action such as device configuration, encounters a device with a credential such as SNMP Set Community Name, it follows a specific sequence. Here is a simplified example showing how HP Web Jetadmin attempts to resolve a credential:

●HP Web Jetadmin checks the Credential Store for a credential.

●If a credential exists, HP Web Jetadmin attempts the configuration using the credential value. If a credential does not exist, HP Web Jetadmin checks Global Credentials.

●If the configuration is successful, the credential check is resolved and complete. If it fails, HP Web Jetadmin checks Global Credentials.

During a user-attended configuration session, HP Web Jetadmin prompts for credentials. If the user does not supply the credential or the session is not live, the device is flagged as Credentials Required and listed in the