<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:宋体;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
border:none;
padding:0cm;
font-size:12.0pt;
font-family:宋体;}
span.EmailStyle18
{mso-style-type:personal-compose;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>thank you for your reply.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I have tried this method and got the result I want, thank you very much!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Maxiaochao<o:p></o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span lang=EN-US><hr size=2 width="98%" align=center></span></div><div id="x_divRplyFwdMsg"><p class=MsoNormal><b><span style='font-size:11.0pt;color:black'>发件人</span></b><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> Joseph Reynolds <jrey@linux.ibm.com><br></span><b><span style='font-size:11.0pt;color:black'>发送时间</span></b><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> 2022</span><span style='font-size:11.0pt;color:black'>年</span><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>1</span><span style='font-size:11.0pt;color:black'>月</span><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>19</span><span style='font-size:11.0pt;color:black'>日</span><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> 10:02<br></span><b><span style='font-size:11.0pt;color:black'>收件人</span></b><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> Zhao, Jiaqing; Mantey, JohnathanX; Xiaochao Ma (</span><span style='font-size:11.0pt;color:black'>马小超</span><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>); mine260309@gmail.com<br></span><b><span style='font-size:11.0pt;color:black'>抄送</span></b><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> openbmc@lists.ozlabs.org<br></span><b><span style='font-size:11.0pt;color:black'>主题</span></b><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> Re: </span><span style='font-size:11.0pt;color:black'>答复</span><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>: Update (or generate) /etc/ipmi_pass file</span><span lang=EN-US><o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:10.0pt'>On 1/6/22 11:09 AM, Zhao, Jiaqing wrote:<br>> Even you set minlen=0 in /etc/pam.d/common-password, the password <br>> length will still be checked by pam-cracklib. Pam-cracklib will call <br>> FascistCheck() function of cracklib, and inside cracklib, it will call <br>> FascistLookUser(), which also checkes ZjQcmQRYFpfptBannerStart<br>> This Message Is From an External Sender<br>> This message came from outside your organization.<br>> ZjQcmQRYFpfptBannerEnd<br>><br>> Even you set minlen=0 in /etc/pam.d/common-password, the password <br>> length will still be checked by pam-cracklib. Pam-cracklib will call <br>> FascistCheck() function of cracklib, and inside cracklib, it will call <br>> FascistLookUser(), which also checkes the password length and there is <br>> no way to bypass it unless you modify cracklib code. The minimum <br>> length forced by cracklib is 6.<br>><br>> <a href="https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721">https://github.com/cracklib/cracklib/blob/c66d74fc38e1632726da8230714bf62f6128e212/src/lib/fascist.c#L721</a><br>><br>> FascistLookUser() also contain other implicit conditions your password <br>> must met. Please also be careful about them.<br>><br>> Of course, you can comment out the pam_cracklib.so to bypass all these <br>> checks.<br>><br><br>If your /etc/pam.d/common-password file look like this <br>(meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password): <br><a href="https://github.com/openbmc/openbmc/blob/master/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password">https://github.com/openbmc/openbmc/blob/master/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password</a><br>then you should be able to comment out the pam_cracklib.so and <br>pam_ipmicheck.so and pam_pwhistory.so lines<br>but then you have to remove the "use_authtok" parameter from the <br>pam_unix.so line (or whichever is your first module).<br><br>Be sure to:<br>- keep the pam_unix.so line (it writes the password into /etc/shadow file).<br>- keep the pam_ipmisave.so line (it writes the password to the <br>etc/ipmi_pass file)<br>- keep the deny and permit lines as they are.<br><br>Good luck,<br>- Joseph<br><br>> *From:* openbmc <br>> <openbmc-bounces+jiaqing.zhao=intel.com@lists.ozlabs.org> *On Behalf <br>> Of *Johnathan Mantey<br>> *Sent:* Friday, January 7, 2022 00:55<br>> *To:* Xiaochao Ma (</span><span style='font-size:10.0pt'>马小超<span lang=EN-US>) <maxiaochao@inspur.com>; mine260309@gmail.com<br>> *Cc:* openbmc@lists.ozlabs.org<br>> *Subject:* Re: </span>答复<span lang=EN-US>: Update (or generate) /etc/ipmi_pass file<br>><br>> The OBMC PAM requires the password to be 8 characters in length, and <br>> probably requires a numeral as well.<br>> I realize you want to get to a 5 character password.<br>> I recommend you try adding a user with a password that works with the <br>> existing rules to see if your automated creation method works. After <br>> that you can try creating shorter passwords.<br>><br>> On 1/5/22 23:02, Xiaochao Ma (</span>马小超<span lang=EN-US>) wrote:<br>><br>> Sorry I didn't explain some of the methods I tried : (<br>><br>> 1. I tried the method you mentioned, but failed.<br>><br>> The length of the password I want to set is 5 digits.<br>><br>> I modified the complexity setting via /etc/pam.d/common-password, but still cannot set a 5-digit password. (The setting for reducing the length requirement failed to take effect)<br>><br>> 2. I also tried to temporarily remove pam_cracklib.so in /etc/pam.d/common-pasword so that it does not perform complexity detection. Failed very directly......<br>><br>> -----</span>邮件原件<span lang=EN-US>-----<br>><br>> </span>发件人<span lang=EN-US>: Lei YU [mailto:mine260309@gmail.com <<a href="mailto:mine260309@gmail.com">mailto:mine260309@gmail.com</a>>]<br>><br>> </span>发送时间<span lang=EN-US>: 2022</span>年<span lang=EN-US>1</span>月<span lang=EN-US>6</span>日<span lang=EN-US> 14:41<br>><br>> </span>收件人<span lang=EN-US>: Xiaochao Ma (</span>马小超<span lang=EN-US>)<maxiaochao@inspur.com> <<a href="mailto:maxiaochao@inspur.com">mailto:maxiaochao@inspur.com</a>><br>><br>> </span>抄送<span lang=EN-US>:openbmc@lists.ozlabs.org<br>><br>> </span>主题<span lang=EN-US>: Re: Update (or generate) /etc/ipmi_pass file<br>><br>> On Thu, Jan 6, 2022 at 11:39 AM Xiaochao Ma (</span>马小超<span lang=EN-US>)<maxiaochao@inspur.com> <<a href="mailto:maxiaochao@inspur.com">mailto:maxiaochao@inspur.com</a>> wrote:<br>><br>> Hello everyone<br>><br>> I now want to add a default user to my own machine (I modified<br>><br>> obmc-phosphor-image.bbappend, use the useradd… ),<br>><br>> but the new default user cannot use Ipmi. It is because the ipmi_pass file is not updated.<br>><br>> I couldn't find a method/tool to generate ipmi_pass file. So how can I generate a new ipmi_pass file?<br>><br>> What I do is to use qemu or a real BMC, adjust the ipmi username/passwords, and then copy the ipmi_pass out.<br>><br>> -- <br>> Johnathan Mantey<br>> Senior Software Engineer<br>> *azad technology partners*<br>> Contributing to Technology Innovation since 1992<br>> Phone: (503) 712-6764<br>> Email: johnathanx.mantey@intel.com<br>><o:p></o:p></span></span></p></div></div></body></html>