On 04/11/2017 08:39 PM, Corey Minyard wrote: > On 03/28/2017 04:17 PM, Alan Ott wrote: >> Per-user allowed_auths are stored in the persistence file, but there's >> no way to change them from their defaults, which is 0 (no allowed auths) >> for users which are not in lan.conf (ie: for users which are added using >> the IPMI interface). Ignoring user allowed_auths when they are 0 will >> cause ipmi_sim to use the per-privilege allowed_auths for the user's >> privilege level instead. > > Well, this was pretty hard. I'm not sure where the per-user > allowed_auths came > from, I don't see any evidence that there is anything like that in the > spec. The > only thing that it says is that the auth in the Get Session Challenge > and Activate > Session commands must match, but there's no real way to do that because > the point of this is to avoid DOS attacks, and so you can't really > save info for > the other command. > > So my proposal would be to just delete the per-user allowed_auths. > Does that > make sense?
Makes perfect sense to me. Thanks! Alan. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openipmi-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openipmi-developer
