Reg default user account in OpenBMC
Thomaiyar, Richard Marian
richard.marian.thomaiyar at linux.intel.com
Tue Mar 19 05:06:31 AEDT 2019
inline update on impact & solutions for CI
On 3/18/2019 7:49 PM, Thomaiyar, Richard Marian wrote:
>
> All,
>
> In OpenBMC, default password /“0penBmc” /is used for/“root” /user.
> This is getting applied for all recipes irrespective of companies
> meta-xxx layer, as this is done through phosphor-defaults.inc (under
> meta-phosphor distro). The only option is to override the same using
> local.conf.sample (but if missed, default password for root user will
> get applied). Currently this is not limited to DEBUG_BUILD but applied
> for all builds. As root user is also exposed in phosphor-user-manager,
> it is shown as valid user account in all the interfaces like IPMI /
> REDFISH / WEBUI etc. From security point of it, following
> recommendations are made.
>
> 1. Avoid having common default passwords across products. (i.e. it’s
> ok to have unique password for each device).
>
> 2. Force end-user to configure user name & password.
>
> This was also pointed out by Ed in our sync meeting - SB-327
> Information Privacy – connected Devices
> <https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327>
>
>
>
> Having said that, planning to do following. Please let me know your
> views / concerns / any other recommendations
>
> 1. Remove default password “0penBmc” from phosphor-defaults.inc. Any
> company which requires password for root user can enable the same
> using local.conf.sample, in its respective meta-xxx layer (Recommend
> to avoid using root user or in worst-case keep it for DEBUG_BUILD only)
>
This may cause problem for people, who need the default password in
deployment system. (But it's better to find a different solution, due to
security concern. If this is what really required then it can be
overridden using local.conf.sample. At the same time, we can keep root
password enabled for non-release version.
>
> 2. Can expose different user name: openBmcUser password: 0penBmc
> through local.conf.sample in DEBUG_BUILD / internal builds and make
> sure, that this doesn’t gets applied for RELEASE version
>
2.1 --> This provides option, so that CI infrastructure build will use
"/openBmcUser" /as the default user (if host interface is not available
for the CI system), using this methodology CI system won't be broken.
2.2 --> In worst case, we can have root user for CI builds alone, as
using that we can login to SSH and create default user using ipmitool -I
dbus interface.
> 3. Remove exposing user id 0 (root) in phosphor-user-manager. i.e.
> root user (uid:0) doesn’t need to be listed as user accounts in IPMI /
> REDFISH for all builds? (Reason: 1. As part of SELinux. 2. Few
> validation cases will not be covered which requires deleting all user
> accounts etc.). Note: If any-one really require this, then we can make
> it through configurable flag
>
> 4. Host interface (IPMI Commands) must be used to create user accounts
> in BMC (i.e. From BIOS Setup page user accounts for the BMC can be
> created).
>
> 5. For any systems which doesn’t have Host interface - logic can be
> applied to create a new user based on restrictions (say create user
> accounts based on certain stages – provisioning / physical presence
> check / can create unique password for each device etc.)
>
>
> Regards,
>
> Richard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20190318/119194d9/attachment-0001.htm>
More information about the openbmc
mailing list