Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module

[Jan Tiri]

> Hi Jan,

Hi Albert, all,

>> - I see md2/md5; is the password hashed by default ?
>
> It depends on the version of ipmipower that you are using.  With
> FreeIPMI 1.3, the default was cleartext passwords.  So to use md2/md5,
> you'd have to specify an alternate authtype to ipmipower (i.e.
> --authtype md2).  You'd also have to ensure the remote BMC is configured
> to allow md2/md5 authentication too.

Can I update (md5) passwords via bmc-config too ? I tried some options like
/usr/local/sbin/bmc-config --commit --key-pair="User2:Password=test" to
change the password of the Operator user, but none seem to work for
ipmipower -h gentoo -u Operator -p test -a md5 -s

Section LAN_Conf_Auth
        Operator_Enable_Auth_Type_None               No
        Operator_Enable_Auth_Type_Md2                No
        Operator_Enable_Auth_Type_Md5                Yes
        Operator_Enable_Auth_Type_Straight_Password  No
        Operator_Enable_Auth_Type_Oem_Proprietary    No
EndSection

I would like to disable all user accounts but administrator and use a
difficult password for that one. Do I have to feed bmc-config with the
md5-hashed value ?

> With the newer version in CVS, I have it automated to use the most
> secure (md5 more secure than md2, md2 more than cleartext) mechanism
> available from the remote BMC.
>
>> - can someone change the passwords of the user accounts via an ipmi
>> tool(like bmc-config) ?
>
> By "user", I assume a non-root user?  In terms of in-band use, you need
> to be root to use bmc-config.  In terms of out of band use, I believe
> the accounts can be changed if someone connects to the BMC with
> administrator privileges.

So if someone gets root on my box (okay, this should never happen) they
can overwrite the bmc password.

Another question :)
Can I synchronize the bmc date/time with some linux command ? When I read
out 'sel' I get some logs from 1970 :/

Kind regards,
Jan