Using API to create Distribution Points

andrew_hooker
New Contributor

Hi

I am successfully using the API to do various things we require. One of the items on my list is to automate the creation of Distribution Points in the Casper interface. I can do this successfully except for the fact that I am unable to set the SMB RO and RW User Passwords via the api for the distribution points (both on creation and by doing an update)?

Has anyone managed to do this successfully? (I am able to set each of the other items required okay but without being able to set the passwords as well it really loses the benefit of an api call at all)

Andrew

1 ACCEPTED SOLUTION

BrysonTyrrell
Contributor II

You won't find much documentation on using the API besides various posts around the web.

These XML tags:

<read_only_password>
<read_write_password>

...were removed from the API when reading objects as they provided plain text account passwords and were a security issue.

They exist in previous versions of the JSS.

The MD5 and SHA-256 hashes are salted so you can't reverse them right out of the XML.

View solution in original post

5 REPLIES 5

BrysonTyrrell
Contributor II

I just did a quick test and was able to POST a distribution point with the credentials. What does your XML look like? See my example here:

<distribution_point>
  <name>CasperShare</name>
  <ip_address>my.caspershare.corp</ip_address>
  <is_master>false</is_master>
  <connection_type>AFP</connection_type>
  <share_name>CasperShare</share_name>
  <share_port>548</share_port>
  <read_only_username>casperinstall</read_only_username>
  <read_only_password>pass1234</read_only_password>
  <read_write_username>casperadmin</read_write_username>
  <read_write_password>p@ss1234!</read_write_password>
</distribution_point>

andrew_hooker
New Contributor

Interesting.....

The xml we get does not have the field<read_only_password>pass1234</read_only_password>. We only have the <read_only_password_md5 since="9.23"> and <read_only_password_sha256 since="9.23"> when we get the xml for an existing DP.

Will try this extra xml node and see if it works. It is always easier when you know what is available.... How did you find this? As far as I can tell API documentation is very scarce.......

BrysonTyrrell
Contributor II

You won't find much documentation on using the API besides various posts around the web.

These XML tags:

<read_only_password>
<read_write_password>

...were removed from the API when reading objects as they provided plain text account passwords and were a security issue.

They exist in previous versions of the JSS.

The MD5 and SHA-256 hashes are salted so you can't reverse them right out of the XML.

milesleacy
Valued Contributor

@brysontyrrell

Before I waste time on this, can I get a clarification?

Is it just the GET that has been removed?

Does POST work [for these attributes]?

BrysonTyrrell
Contributor II

@milesleacy GETs on objects that contain passwords were updated a while back to not provide the plaintext password (more secure now).

POSTing a new resource using those attributes should work still. I can't remember which one just now, but I was in another discussion about this and we determined that passing the <password> worked so I would expect similar behavior throughout the JSS API.