Authenticating Through
and vCenter Single Sign-On
For all
hosts that
are managed by a
system that is integrated with vCenter Single Sign-On 6.0 and later, you can
authenticate directly to the
system, or you can authorize to
through vCenter Single Sign-On.
The best practice is to
authenticate through vCenter Single Sign-On. The vCenter Single Sign-On service
is included in the Platform Services Controller. The Platform Services
Controller can be embedded in your
installation, or one Platform Services Controller can handle authentication,
certificate management, and some other tasks for multiple
systems.
You cannot use this
approach if
is integrated with vCenter Single Sign-On 5.0.
You use the
--psc
option
and, optionally, the
--server
option.
- psc- Specifies the Platform Services Controller instance associated with the system that manages the host.
- server- Specifies the system that manages the host. Required if the Platform Services Controller instance is associated with more than one system.
- vihost- Specifies the host, as in earlier versions of vCLI.
Examples
vicfg-nics -l --username <sso_username> --password "<admin_pwd>" --server <vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>
esxcli --server vc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP> --username USERNAME> --password <PASSWORD> --psc <psc_HOSTNAME_OR_IP> hardware clock get
If the specified user is known
to vCenter Single Sign-On, a session is created. You can save the session with
the
--savesessionfile
argument, and later use that session
with the
--sessionfile
argument. For example, you can save the
session by running the following command.
vicfg-nics -l --username sso_username> --password "<admin_pwd>" --server vc_HOSTNAME_OR_IP> --psc <psc_HOSTNAME_OR_IP> --vihost <esxi_HOSTNAME_OR_IP>
Using a session file results
in less overhead and better performance than connecting to the Platform
Services Controller repeatedly.