Keeping Passwords Secure¶
Offline Environments Online Environments
Some commands documented in this guide allow the use of the -p
flag to provide password values inline, rather than stopping for a user input prompt. Although the HP Anyware License Server does not log or distribute passwords provided this way, it can be difficult to tell whether other system loggers (like /var/log/secure and bash history) are capturing them, leading to inadvertent disclosures. For this reason, we strongly discourage the use of the -p
flag (or the related -n
flag used by pcoip-set-password
).
The HP Anyware license server supports the use of system environment variables to securely store and recall the license server password. To register the password as an environment variable, open a console window and run the following commands, substituting your password for your_license_server_password
:
export HISTIGNORE="export*"
export TERADICI_LICENSE_SERVER_PASSWORD=<your_license_server_password>
If the HP Anyware License Server password is registered in this way, the HP Anyware License Server can use it automatically without needing the -p
flag.
If you must use the -p
flag
If you prefer to use these flags, or have no alternative, you should run sudo -i
first. This changes to the Linux root user, and may avoid logging your password into /var/log/secure. You may also run export HISTIGNORE="sudo pcoip-*"
to avoid logging password into bash history.