[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module
From: |
Albert Chu |
Subject: |
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module |
Date: |
Tue, 18 Jan 2005 09:20:48 -0800 |
Hi Jan,
Hmmmm. Can you try turning md5 on for the User privilege level too to
see if that works? The power control operations on, off, cycle, reset
require Operator privilege, but power status queries require User
privilege. So if User authentication w/ md5 isn't enabled, I think that
is what will cause your connection problems.
This is something that has been fixed in later ipmipower releases. If
you'd like a backported version/patch, PLMK.
Al
> Can I update (md5) passwords via bmc-config too ? I tried some
> options like
> /usr/local/sbin/bmc-config --commit --key-
> pair="User2:Password=test" to
> change the password of the Operator user, but none seem to work for
> ipmipower -h gentoo -u Operator -p test -a md5 -s
>
> Section LAN_Conf_Auth
> Operator_Enable_Auth_Type_None No
> Operator_Enable_Auth_Type_Md2 No
> Operator_Enable_Auth_Type_Md5 Yes
> Operator_Enable_Auth_Type_Straight_Password No
> Operator_Enable_Auth_Type_Oem_Proprietary No
> EndSection
>
> I would like to disable all user accounts but administrator and use a
> difficult password for that one. Do I have to feed bmc-config with the
> md5-hashed value ?
>
> > With the newer version in CVS, I have it automated to use the most
> > secure (md5 more secure than md2, md2 more than cleartext) mechanism
> > available from the remote BMC.
> >
> >> - can someone change the passwords of the user accounts via an ipmi
> >> tool(like bmc-config) ?
> >
> > By "user", I assume a non-root user? In terms of in-band use,
> you need
> > to be root to use bmc-config. In terms of out of band use, I
> believe> the accounts can be changed if someone connects to the BMC
> with> administrator privileges.
>
> So if someone gets root on my box (okay, this should never happen)
> theycan overwrite the bmc password.
>
> Another question :)
> Can I synchronize the bmc date/time with some linux command ? When
> I read
> out 'sel' I get some logs from 1970 :/
>
> Kind regards,
> Jan
>
Al
--
Albert Chu
address@hidden
Lawrence Livermore National Laboratory
----- Original Message -----
From: Jan Tiri <address@hidden>
Date: Sunday, January 16, 2005 2:03 pm
Subject: Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module
> > Hi Jan,
>
> Hi Albert, all,
>
> >> - I see md2/md5; is the password hashed by default ?
> >
> > It depends on the version of ipmipower that you are using. With
> > FreeIPMI 1.3, the default was cleartext passwords. So to use
> md2/md5,> you'd have to specify an alternate authtype to ipmipower
> (i.e.> --authtype md2). You'd also have to ensure the remote BMC
> is configured
> > to allow md2/md5 authentication too.
>
> Can I update (md5) passwords via bmc-config too ? I tried some
> options like
> /usr/local/sbin/bmc-config --commit --key-
> pair="User2:Password=test" to
> change the password of the Operator user, but none seem to work for
> ipmipower -h gentoo -u Operator -p test -a md5 -s
>
> Section LAN_Conf_Auth
> Operator_Enable_Auth_Type_None No
> Operator_Enable_Auth_Type_Md2 No
> Operator_Enable_Auth_Type_Md5 Yes
> Operator_Enable_Auth_Type_Straight_Password No
> Operator_Enable_Auth_Type_Oem_Proprietary No
> EndSection
>
> I would like to disable all user accounts but administrator and use a
> difficult password for that one. Do I have to feed bmc-config with the
> md5-hashed value ?
>
> > With the newer version in CVS, I have it automated to use the most
> > secure (md5 more secure than md2, md2 more than cleartext) mechanism
> > available from the remote BMC.
> >
> >> - can someone change the passwords of the user accounts via an ipmi
> >> tool(like bmc-config) ?
> >
> > By "user", I assume a non-root user? In terms of in-band use,
> you need
> > to be root to use bmc-config. In terms of out of band use, I
> believe> the accounts can be changed if someone connects to the BMC
> with> administrator privileges.
>
> So if someone gets root on my box (okay, this should never happen)
> theycan overwrite the bmc password.
>
> Another question :)
> Can I synchronize the bmc date/time with some linux command ? When
> I read
> out 'sel' I get some logs from 1970 :/
>
> Kind regards,
> Jan
>
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, (continued)
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Bala.A, 2005/01/17
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module,
Albert Chu <=
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Bala.A, 2005/01/18
- Message not available
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Bala.A, 2005/01/19
- Message not available
- Message not available
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Bala.A, 2005/01/19
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Joshua Williams, 2005/01/19
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Bala.A, 2005/01/19
- Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Joshua Williams, 2005/01/20
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Albert Chu, 2005/01/19
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Albert Chu, 2005/01/19
Re: [Freeipmi-users] Tyan Thunder S2882 with m3289 bmc module, Albert Chu, 2005/01/20