Duncan, >From the remote client (before it connects), you would verify that the -P input is <= 20 characters. Then after initiating the connection (GetChanAuthCap), you could detect if it is IPMI 2.0 or not, and then be able to find out if it supports 20-byte passwords.
IPMI 1.5 and prior = only 16-byte passwords can be used IPMI 2.0 = many vendors implement 20-byte passwords, but not all. To make it (much) simpler, just validate the input once at 20 characters, and let it go through after that. The user has to know the correct password anyway. Andy -----Original Message----- From: Duncan Idaho [mailto:dune.id...@gmail.com] Sent: Monday, April 30, 2012 4:10 PM To: Jim Mankovich Cc: ipmitool-devel@lists.sourceforge.net; Albert Chu Subject: Re: [Ipmitool-devel] Reg issue with password having 16 bytes [ID:3184687] Jim, I'm sorry, but I don't follow. What? I feel like you're talking about setting password now, eg. % ipmitool user set password UID PASSWORD;. I thought the issue is % ipmitool -P veryLongPassword -H myhost some commands here ; And that's what patch should address. I haven't tried password from file and via ask-pass, come to think of it, but I have tested -P parameter. Please, elaborate your e-mail a bit more. I'm, well, confused. Thanks, --Duncan On Mon, Apr 30, 2012 at 8:01 PM, Jim Mankovich <jm...@hp.com> wrote: > Duncan, > > After I looked at this I came to the realization that I had over simplified > the 16 vrs 20 byte > password to lan vrs lanplus, when in fact it is really an IPMI 1.5 vrs IPMI > 2.0 issue. > It is also possible to set a password via the /dev/ipmi interface so > qualification of > password length using the interface is not sufficient to cover all the > cases. > > I believe doing this correctly will require password length verification > based on the current > IPMI version. > > This patch will ca > > -- Jim Mankovich | jm...@hp.com -- > > > > On 4/28/2012 5:41 AM, Duncan Idaho wrote: >> >> Jim, >> >> attached is proposed solution to constrain password length to 16, >> resp. 20, bytes when LAN, resp. LAN+, interface is used. >> >> Comments are, of course, welcome from anybody. >> >> --Duncan ------------------------------------------------------------------------ ------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
