In the course of automation, you might need to validate credentials that a script would use to perform a set of complex tasks before the script is run. The Validate-WindowsCredential and Validate-LinuxCredential PowerShell functions are two of the latest additions to the AZSBTools PowerShell module that simplify this task.
The Validate-WindowsCredential function/cmdlet takes 2 parameters:
- ‘Credential’ which is a PSCredential object that can be obtained from the Get-Credential cmdlet of the Microsoft.PowerShell.Security, or the Get-SBCredential function of the SB-Tools PS module.
- Optional: ‘Session’ which is a PSSession object that can be obtained via the New-PSSession cmdlet of the Microsoft.PowerShell.Core
A simple example may look like:
$Session = New-PSSession -ComputerName test-vm0116.test.domain.com -Credential (Get-SBCredential 'test\superuser') Validate-WindowsCredential -Credential (Get-SBCredential '.\administrator') -Session $Session
The function returns TRUE if the provided credential (name/password set) was able to successfully authenticate in the provided remote PowerShell session, or FALSE if authentication fails.
The function can validate local accounts presented in the format ‘.\username’ or domain accounts presented in the format ‘domain\username’
The Validate-WindowsCredential function relies on the ValidateCredentials() method of the DirectoryServices.AccountManagement.PrincipalContext class
The Validate-LinuxCredential function/cmdlet is similar to the Validate-WindowsCredential function/cmdlet in that it takes the same 2 parameters:
- ‘Credential’ which is the same PSCredential object as before.
- ‘Session’ which is an SSH.SshSession object that can be obtained via the New-SSHSession cmdlet of the POSH-SSH PS module
A simple use example would look like:
$Session = New-SSHSession -ComputerName test-vm0112.test.domain.com -Credential (Get-SBCredential 'opsuser') -AcceptKey Validate-LinuxCredential -Credential (Get-SBCredential 'root') -Session $Session
Similarly, TRUE is returned if authentication is successful or FALSE if authentication fails.
It also displays additional information to the console such as the account hash.
Unlike the Validate-WindowsCredential cmdlet, the Validate-LinuxCredential cmdlet relies on reading and parsing the /etc/shadow file that has the hashes of user accounts of this Linux machine. The current revision of the cmdlet is designed to validate MD5 hashed accounts only. A possible enhancement is to add functionality to validate accounts hashed with other algorithms such as Blowfish and SHA
To download and install the latest version of AZSBTools from the PowerShell Gallery and its dependencies, type
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
To trust the Microsoft PowerShell Gallery repository, then
Install-Module AZSBTools,AZ -Force -AllowClobber
AZSBTools contains functions that depend on AZ modules, and they’re typically installed together.
To load the AZSBTools, and AZ modules type:
Import-Module AZSBTools,AZ -DisableNameChecking
To view a list of cmdlets/functions in AZSBTools, type
Get-Command -Module AZSBTools
To view the built-in help of one of the AZSBTools functions/cmdlets, type
help <function/cmdlet name> -show
help New-SBAZServicePrincipal -show