Menu
▾
▴
Re: [Ipmitool-devel] Reg issue with password having 16 bytes [ID:3184687]
|
From: Jim M. <jm...@hp...> - 2012-04-30 21:41:37
|
Duncan, Your validation is reasonable for password "input" verification since the input password is only applicable to lan/lanplus. You were correct when you said that I was talking about the code which sets the password. For that case, we simply permit folks to specify up to 20 characters independent of the interface or IPMI version. When I looked at your changes I was thinking about password "set" verification which is why I my comments didn't make sense with regard to your changes. Sorry for the all the confusion. -- Jim Mankovich | jm...@hp... -- On 4/30/2012 2:39 PM, Duncan Idaho wrote: > I'm probably have a very thick skull. Have any of you looked at the > patch? Because I still feel like it handles what's described in the > ticket. > Anyway, I obviously fail to understand and thus I'm not correct person > to fix it. Anyone else give it a go, please ;) > > --Duncan > > On Mon, Apr 30, 2012 at 8:33 PM, Andy Cress<and...@us...> wrote: >> Duncan, >> >> From the remote client (before it connects), you would verify that the >> -P input is<= 20 characters. >> Then after initiating the connection (GetChanAuthCap), you could detect >> if it is IPMI 2.0 or not, and then be able to find out if it supports >> 20-byte passwords. >> >> IPMI 1.5 and prior = only 16-byte passwords can be used >> IPMI 2.0 = many vendors implement 20-byte passwords, but not all. >> >> To make it (much) simpler, just validate the input once at 20 >> characters, and let it go through after that. The user has to know the >> correct password anyway. >> >> Andy >> >> -----Original Message----- >> From: Duncan Idaho [mailto:dun...@gm...] >> Sent: Monday, April 30, 2012 4:10 PM >> To: Jim Mankovich >> Cc: ipm...@li...; Albert Chu >> Subject: Re: [Ipmitool-devel] Reg issue with password having 16 bytes >> [ID:3184687] >> >> Jim, >> >> I'm sorry, but I don't follow. What? I feel like you're talking about >> setting password now, eg. % ipmitool user set password UID PASSWORD;. >> I thought the issue is % ipmitool -P veryLongPassword -H myhost some >> commands here ; And that's what patch should address. I haven't tried >> password from file and via ask-pass, come to think of it, but I have >> tested -P parameter. >> >> Please, elaborate your e-mail a bit more. I'm, well, confused. >> >> Thanks, >> --Duncan >> >> On Mon, Apr 30, 2012 at 8:01 PM, Jim Mankovich<jm...@hp...> wrote: >>> Duncan, >>> >>> After I looked at this I came to the realization that I had over >> simplified >>> the 16 vrs 20 byte >>> password to lan vrs lanplus, when in fact it is really an IPMI 1.5 vrs >> IPMI >>> 2.0 issue. >>> It is also possible to set a password via the /dev/ipmi interface so >>> qualification of >>> password length using the interface is not sufficient to cover all the >>> cases. >>> >>> I believe doing this correctly will require password length >> verification >>> based on the current >>> IPMI version. >>> >>> This patch will ca >>> >>> -- Jim Mankovich | jm...@hp... -- >>> >>> >>> >>> On 4/28/2012 5:41 AM, Duncan Idaho wrote: >>>> Jim, >>>> >>>> attached is proposed solution to constrain password length to 16, >>>> resp. 20, bytes when LAN, resp. LAN+, interface is used. >>>> >>>> Comments are, of course, welcome from anybody. >>>> >>>> --Duncan >> ------------------------------------------------------------------------ >> ------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions >> will include endpoint security, mobile security and the latest in >> malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Ipmitool-devel mailing list >> Ipm...@li... >> https://lists.sourceforge.net/lists/listinfo/ipmitool-devel > |