ipmi password storage
Joseph Reynolds
jrey at linux.ibm.com
Wed Apr 15 08:03:41 AEST 2020
On 4/14/20 11:46 AM, Vernon Mauery wrote:
> On 14-Apr-2020 10:50 AM, Patrick Williams wrote:
>> On Mon, Apr 13, 2020 at 04:00:15PM -0700, Vernon Mauery wrote:
>>
>> Vernon,
>>
>> Is there some background pointers on why IPMI needs to store passwords
>> in a reverable way? I never understood that.
>
> Sure. I think this is most clearly described in section 13.31 "RMCP+
> Authenticated Key-Exchange Protocol (RAKP)" in the IPMI v2 1.1 spec.
This may be a bit naive.... Is it possible to expand the RCMP+ spec
with a new cipher suite or similar, to use a mechanism more like HTTPS
or SSH that does not require the server to be able to produce a clear
text password? Given that IPMI will be used for many years, this seems
worthwhile, and would solve the current problem.
- Joseph
> --Vernon
>
>>>
>>>
>>> --Vernon
>>
>> --
>> Patrick Williams
>
>
More information about the openbmc
mailing list