Skip to content

Keeping Passwords Secure

Offline Environments     Online Environments

Some commands documented in this guide allow the use of the -p flag to provide password values inline, rather than stopping for a user input prompt. Although the HP Anyware License Server does not log or distribute passwords provided this way, it can be difficult to tell whether other system loggers (like /var/log/secure and bash history) are capturing them, leading to inadvertent disclosures. For this reason, we strongly discourage the use of the -p flag (or the related -n flag used by pcoip-set-password).

The HP Anyware license server supports the use of system environment variables to securely store and recall the license server password. To register the password as an environment variable, open a console window and run the following commands, substituting your password for your_license_server_password:

export HISTIGNORE="export*"
export HP_ANYWARE_LICENSE_SERVER_PASSWORD=<your_license_server_password>    

If the HP Anyware License Server password is registered in this way, the HP Anyware License Server can use it automatically without needing the -p flag.

If you must use the -p flag

If you prefer to use these flags, or have no alternative, you should run sudo -i first. This changes to the Linux root user, and may avoid logging your password into /var/log/secure. You may also run export HISTIGNORE="sudo pcoip-*" to avoid logging password into bash history.