Re: [Ipmitool-devel] SOL activation - error in activate payload

Mon, 21 May 2007 00:03:05 -0700 


________________________________

        
        
        Hi,
              I am using ipmitool v1.8.8 in Red Hat Enterprise Linux. I
have a doubt regarding SOL in lanplus.
              ipmitool -v -v -v -A MD5 -o intelplus -C 0 -I lanplus -H
192.168.3.81 <http://192.168.3.81/>  sol activate
         
              RMCP+ open session request negotiates with BMC for
authentication NONE. After successful RAKP(1-4) messages, the Activate
Payload command is sent requesting for SOL payload activation with
encryption and authentication. This cannot be done as per the IPMIv2.0
specifications, right?
         
        There are two things to be noted,
        1. I am specifying the authentication type as MD5. But while
opening the session, it doesn't go for it.
        [Liebig, Holger] MD5 Authentication is only valid for IPMI 1.5
sessions. This option is ignored for lanplus, only the Ciphersuite -C n
is evaluated. There are ciphersuites defined which use HMAC-MD5 for
Authentication and HMAC-MD5-128 or MD5-128 for integrity, but these are
not mandatory for a BMC to implement. 
        2. Encryption cannot be done alone, it should be accompanied by
authentication too. So how can it ask for encryption while the
authentication is negotiated for none. 
        [Liebig, Holger] See above, the -C 0 command line parameter
specifies no auth / no integrity / no encryption. 
        For these reasons, the payload activation is getting rejected. 
        [Liebig, Holger] As far as I remember, the sol activate command
always uses encryption and authentication for this payload type,
independend from the specified ciphersuite.  Even if you modify ipmitool
to evaluate/match the generic session settings, the BMC can decide that
the SOL payload needs to be activated with encryption. The ipmi spec
also defines for SOL, that if you use encryption, you also need to use
authentication. 
         
        Please try again without specifying a ciphersuite, which will
default to Ciphersuite 3.
         
        Best regards,
        Holger
         
         


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel






















					Reply via email to