Issue:
IPMITool allows user wih more than 16 bytes password in lan.
Stpes to reproduce:
1. create a user with 16 byte pasword for ipmi 1.5. [ex: password 1234567890123456]
2. send ipmitool command (-I lan) with that user and password with more than 16 byte [ex: password 12345678901234567, 123456789012345678, etc.,
3. it gets succeeed for all password, because it take care for only 16 bytes).
Expected result:
if the command is given for -I lan then tool should give error for password more than 16 bytes.
This will be patched in CVS. I just want to note this issue is similar to CRYPT. Despite it is going to be limited what ipmitool will and won't accept, there are other clients that do not. Or you can compile ipmitool without these checks. There simply is no way this can be fixed as whatever is beyond 16 bytes, resp. 20 bytes, is ignored.
Limit user input password length
committed to cvs