This simple approach has been working great in Discovery for a long time — but recently a couple of folks independently suggested an improvement: some way to let them tell Discovery what order to try the credentials in. There are two situations I've run into where this might help:
- Lots of credentials, with some more common than others. For example, if you had 150 SSH credentials, but 5 of them covered 90% of your systems. In this case, trying those 5 common credentials first will save time and reduce network chatter in the initial discoveries (after the first discovery, the system will know which credential to try first next time).
- Some systems with aggressive login security. For example, you might have a group of Solaris database servers that will only allow three login attempts with bad credentials before they lock out the client (e.g., the MID server). To handle this scenario, you could assign special credentials to those systems (if they're not already), and tell Discovery to try those credentials first. Problem solved.
So we've added an order field to the credentials table; this new field appears by default on the list and form views of that table. We've also modified the MID server to use this new field to determine the order that it will try credentials in. By default, this field has a value of 100. To force a credential to be tried earlier, just give it a smaller value for order. To force a credential to be tried later, give it a larger value. If you have multiple credentials with the same value, that's ok, but those credentials won't be tried in any particular order...
