[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module
From: |
Jan Tiri |
Subject: |
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module |
Date: |
Sun, 16 Jan 2005 23:03:10 +0100 (CET) |
User-agent: |
SquirrelMail/1.4.3a |
> Hi Jan,
Hi Albert, all,
>> - I see md2/md5; is the password hashed by default ?
>
> It depends on the version of ipmipower that you are using. With
> FreeIPMI 1.3, the default was cleartext passwords. So to use md2/md5,
> you'd have to specify an alternate authtype to ipmipower (i.e.
> --authtype md2). You'd also have to ensure the remote BMC is configured
> to allow md2/md5 authentication too.
Can I update (md5) passwords via bmc-config too ? I tried some options like
/usr/local/sbin/bmc-config --commit --key-pair="User2:Password=test" to
change the password of the Operator user, but none seem to work for
ipmipower -h gentoo -u Operator -p test -a md5 -s
Section LAN_Conf_Auth
Operator_Enable_Auth_Type_None No
Operator_Enable_Auth_Type_Md2 No
Operator_Enable_Auth_Type_Md5 Yes
Operator_Enable_Auth_Type_Straight_Password No
Operator_Enable_Auth_Type_Oem_Proprietary No
EndSection
I would like to disable all user accounts but administrator and use a
difficult password for that one. Do I have to feed bmc-config with the
md5-hashed value ?
> With the newer version in CVS, I have it automated to use the most
> secure (md5 more secure than md2, md2 more than cleartext) mechanism
> available from the remote BMC.
>
>> - can someone change the passwords of the user accounts via an ipmi
>> tool(like bmc-config) ?
>
> By "user", I assume a non-root user? In terms of in-band use, you need
> to be root to use bmc-config. In terms of out of band use, I believe
> the accounts can be changed if someone connects to the BMC with
> administrator privileges.
So if someone gets root on my box (okay, this should never happen) they
can overwrite the bmc password.
Another question :)
Can I synchronize the bmc date/time with some linux command ? When I read
out 'sel' I get some logs from 1970 :/
Kind regards,
Jan