ipmi password storage

Joseph Reynolds jrey at linux.ibm.com
Wed Apr 15 08:03:41 AEST 2020



On 4/14/20 11:46 AM, Vernon Mauery wrote:
> On 14-Apr-2020 10:50 AM, Patrick Williams wrote:
>> On Mon, Apr 13, 2020 at 04:00:15PM -0700, Vernon Mauery wrote:
>>
>> Vernon,
>>
>> Is there some background pointers on why IPMI needs to store passwords
>> in a reverable way?  I never understood that.
>
> Sure. I think this is most clearly described in section 13.31 "RMCP+ 
> Authenticated Key-Exchange Protocol (RAKP)" in the IPMI v2 1.1 spec.

This may be a bit naive....  Is it possible to expand the RCMP+ spec 
with a new cipher suite or similar, to use a mechanism more like HTTPS 
or SSH that does not require the server to be able to produce a clear 
text password?  Given that IPMI will be used for many years, this seems 
worthwhile, and would solve the current problem.

- Joseph

> --Vernon
>
>>>
>>>
>>> --Vernon
>>
>> -- 
>> Patrick Williams
>
>



More information about the openbmc mailing list