Menu
▾
▴
Re: [Ipmitool-devel] Reg issue with password having 16 bytes [ID:3184687]
|
From: Duncan I. <dun...@gm...> - 2012-04-30 20:47:01
|
I'm probably have a very thick skull. Have any of you looked at the patch? Because I still feel like it handles what's described in the ticket. Anyway, I obviously fail to understand and thus I'm not correct person to fix it. Anyone else give it a go, please ;) --Duncan On Mon, Apr 30, 2012 at 8:33 PM, Andy Cress <and...@us...> wrote: > Duncan, > > From the remote client (before it connects), you would verify that the > -P input is <= 20 characters. > Then after initiating the connection (GetChanAuthCap), you could detect > if it is IPMI 2.0 or not, and then be able to find out if it supports > 20-byte passwords. > > IPMI 1.5 and prior = only 16-byte passwords can be used > IPMI 2.0 = many vendors implement 20-byte passwords, but not all. > > To make it (much) simpler, just validate the input once at 20 > characters, and let it go through after that. The user has to know the > correct password anyway. > > Andy > > -----Original Message----- > From: Duncan Idaho [mailto:dun...@gm...] > Sent: Monday, April 30, 2012 4:10 PM > To: Jim Mankovich > Cc: ipm...@li...; Albert Chu > Subject: Re: [Ipmitool-devel] Reg issue with password having 16 bytes > [ID:3184687] > > Jim, > > I'm sorry, but I don't follow. What? I feel like you're talking about > setting password now, eg. % ipmitool user set password UID PASSWORD;. > I thought the issue is % ipmitool -P veryLongPassword -H myhost some > commands here ; And that's what patch should address. I haven't tried > password from file and via ask-pass, come to think of it, but I have > tested -P parameter. > > Please, elaborate your e-mail a bit more. I'm, well, confused. > > Thanks, > --Duncan > > On Mon, Apr 30, 2012 at 8:01 PM, Jim Mankovich <jm...@hp...> wrote: >> Duncan, >> >> After I looked at this I came to the realization that I had over > simplified >> the 16 vrs 20 byte >> password to lan vrs lanplus, when in fact it is really an IPMI 1.5 vrs > IPMI >> 2.0 issue. >> It is also possible to set a password via the /dev/ipmi interface so >> qualification of >> password length using the interface is not sufficient to cover all the >> cases. >> >> I believe doing this correctly will require password length > verification >> based on the current >> IPMI version. >> >> This patch will ca >> >> -- Jim Mankovich | jm...@hp... -- >> >> >> >> On 4/28/2012 5:41 AM, Duncan Idaho wrote: >>> >>> Jim, >>> >>> attached is proposed solution to constrain password length to 16, >>> resp. 20, bytes when LAN, resp. LAN+, interface is used. >>> >>> Comments are, of course, welcome from anybody. >>> >>> --Duncan > > ------------------------------------------------------------------------ > ------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Ipmitool-devel mailing list > Ipm...@li... > https://lists.sourceforge.net/lists/listinfo/ipmitool-devel |