Forum Stats

  • 3,840,358 Users
  • 2,262,592 Discussions


EMCLI Security

User_01DQ2 Member Posts: 1 Green Ribbon
edited Jan 18, 2020 5:28AM in Database Security - General


I intend to use

$OMS_HOME/bin/emcli -login -username=SYSMAN -autologin -trustall

But I need to know how safe, I'd like to know where emcli record this "autologin" , and how it works exactly, is it an encrypted file or a kind of http-cookie ?  I don't find a lot of documentation about the "emcli -autologin" mechanism

Thank you in advance



  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited Jan 18, 2020 5:28AM


    i hope this helps & clarifies the confusion !

    the documentation is clear "noautologin" is considered the secure method

    2.4.3 Secure Mode for the EM CLI Setup

    The EM CLI client installs certain configuration files and a client-side implementation of verbs on the EM CLI client system. The EM CLI client configuration files contain information such as the OMS URL, Enterprise Manager user names, and Enterprise Manager passwords.

    By default, the EM CLI client is set up in secure mode. In this mode, EM CLI does not store any Enterprise Manager or SSO passwords on the EM CLI client disk. The command emcli setup -noautologin sets up the EM CLI client in secure mode. By default, -noautologin is true. Therefore, you do not need to specify it if you want to set up the EM CLI client in secure mode. In secure mode, if the EM CLI session times out due to inactivity, explicit login (using the login verb) is required before invoking any verb.

    If you want to set up EM CLI in the insecure auto-login mode, you can use the emcli setup -autologin command. In this mode, if an EM CLI session times out due to inactivity, EM CLI automatically re-establishes the session when a verb needs to execute. However, if you explicitly logged out by running emcli logout, you need to explicitly log in again using emcli login.

    Regarding trustall

    Automatically accepts any server certificate from the OMS, which results in lower security. Also indicates that the setup directory is local and trusted. Either pass this option or the set environment variable EMCLI_CERT_LOC, which has the certificate keystore file. If the file is not present, the system stores the certificate at this location.