You can refer to the Microsoft Web site for detailed information on SSPI.

You can use

--passthroughauth

to establish a connection with a

vCenter Server

system. After the connection has been established, authentication for the

vCenter Server

system or any

ESXi

system that it manages is no longer required. Using

--passthroughauth

passes the credentials of the user who runs the command to the target

vCenter Server

system. No additional authentication is required if the user who runs the command is known by the computer from which you access the

vCenter Server

system and by the computer running the

vCenter Server

software.

If ESXCLI commands and the

vCenter Server

software run on the same computer, the user needs only a local account to run the command. If the ESXCLI command and the

vCenter Server

software run on different machines, the user who runs the command must have an account in a domain trusted by both machines.

SSPI supports several protocols. By default, it selects the Negotiate protocol, where client and server try to find a protocol that both support. You can use

--passthroughauthpackage

to explicitly specify a protocol that is supported by SSPI. Kerberos, the Windows standard for domain-level authentication, is used frequently. If the

vCenter Server

system is configured to accept only a specific protocol, specifying the protocol with

--passthroughauthpackage

might be required for successful authentication. If you use

--passthroughauth

, you do not have to specify authentication information by using other options.

This example establishes a connection to a server that is set up to use SSPI. When a trusted user runs the command, the system calls the ESXCLI command with the

--list

option. The system does not prompt for a user name and password.