Security Working Group meeting Wednesday December 11
Joseph Reynolds
jrey at linux.ibm.com
Tue Dec 10 12:29:01 AEDT 2019
This is a reminder of the OpenBMC Security Working Group meeting
scheduled for this Wednesday December 11 at 10:00am PDT.
We'll discuss current development items, and anything else that comes
up. The current topics:
1.
BMCWeb patch to allow BMC admin to disable authentication
methods<https://github.com/openbmc/bmcweb/commit/78158631aeab5b77ea9a5f566508285cb839fadf>
2.
Gerrit code review to “Provide feedback from Linux PAM about why the
new password is not accepted”
<https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27503>
3.
Gerrit code review to “lockout a user account for 5 minutes after 5
login failures”
4.
Gerrit code review to implement the Refish ConfigureSelf privilege
correctly, which lets non-admin users change their own password and
log out of their own sessions.
5.
Email about TFTP vulnerabilities and SCP or SFTP
replacement<https://lists.ozlabs.org/pipermail/openbmc/2019-December/019725.html>
6.
Trivial PAM bmcweb config file change
Access, agenda, and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
- Joseph
More information about the openbmc
mailing list