tags:

views:

70

answers:

2
+2  Q: 

Get current user's credentials object in Powershell without prompting

I have a Powershell script that is going to be run through an automation tool against multiple servers. It works fine on Windows machines, as the remote calls use the tool's service account without any need for prompting or exposing any credentials in code. This script also runs against Linux machines via SSH using the SharpSSH package. SharpSSH does not automatically use the Powershell user's credentials but requires either a username and password, an RSA key file, or a PSCredential object. I can't prompt for credentials using Get-Credential because it's being run through the automation tool. I don't want to expose the username and password in code or have an RSA key sitting out there. I would like to construct a PSCredential object from the current Powershell user (the service account). Trying [System.Net.CredentialCache]::DefaultNetworkCredentials shows a blank, and [System.Security.Principal.WindowsIdentity]::GetCurrent() doesn't provide the object or information I need.

Does anyone have a method for creating a PSCredential object from the current user? Or maybe a completely different alternative for this problem?

Many thanks!

A: 

Since you can get the password in plaintext from a credential object, I doubt you can get this without prompting.

Mike Shepard  2010-10-12 19:17:56
+3  A: 

The Windows API will not expose the information you need, which is why Powershell can't get to them. Its an intentional feature of the security subsystem. The only way for this to work is for the Linux machines to trust the calling machine, such as joining them to an Active Directory (or any kerberos setup really).

Aside from that, you'd need to store and pass this information somehow.

You could store the RSA key in the user's keystore and extract it at runtime (using the .NET Crypto/Keystore libs), so you aren't storing the key around with the code. That way the key itself would be protected by the OS and available only when the calling user was authenticated. You'd have one more thing to install, but may be the only way to achieve what you are aiming for.

Taylor  2010-10-12 21:56:34
Ahh, that's unfortunate. After some discussions and research, we're going to go with the RSA key. It'll end up enabling more in the future anyway. Thanks, Taylor!
Beege  2010-10-13 19:34:10

related questions

Direct3D over Remote Desktop
Looking for software to remotely control iTunes from PC
java.net versus java.nio
mysql import sql via cli from remote server
How can I automate running commands remotely over SSH?
Is an SSH tunnel through Citrix Client possible?
Best way to run remote commands on a Windows server from Java?
How do I make git-svn use a particular svn branch as the remote repository?
Check out from a remote SVN repository TO a remote location?
Remote print module in Java
How do I put a File (Excel) online (Apache Server) with Password Protection but with the Option for Users to alter the File and save the changes?
How do I setup remote debugging from scratch for an Asp.Net app
How do you remotely update Java applications?
Free (affordable) remote web based administration for Windows/IIS?
What is the best way to connect remotely to a mac
Agile development in a distributed team
debug an embedded system containing gdb remotely using some kind of gui.
Remote Linux server to remote linux server dir copy. How?
continuous integration web service
Remote debugging an NT application from XP with Visual Studio 6.0
Can you pair program remotely?
Remote debugging accross domains
How can I prevent a server from becoming locked after a Remote Desktop session
Geographically Distributed Development
How do I access a remote form in php?