By default, the NISH client prompts for user credentials when connecting to each SR OS node. The user credentials are cached for the duration of the NISH client session with the node.
It is common in SR OS node cluster deployments for a user’s credentials to be the same over all devices. This is either because a centralized provisioning and management system configures the user manually on all devices, or because an external system such as TACACS or RADIUS manages the user.
The NISH client can streamline such environments by caching a single username and password combination and automatically authenticating against each node as the user navigates into them, without further prompting.
To enable this feature, start the NISH client with the --credential-cache option.
When the NISH client starts with this feature enabled, it prompts immediately for the username and password combination, and caches this information until it closes.
When the credentials are cached and a user connects to a specific node, the NISH client attempts to authenticate using the global cached password. If this password is incorrect, the user is prompted to re-enter the password. If the authentication is successful, the password is cached for the duration of the NISH client session for that node only. This process is repeated each time the user connects to another node.
Credential caching can also be enabled in the NISH rc file; see Table 1. If credential caching is enabled within the NISH rc file but is not needed for a specific session, you can disable it using the --no-credential-cache option.