Question of ipmi command "Set User Access" in phosphor-host-ipmid

Joseph Reynolds jrey at linux.ibm.com
Tue Jun 2 04:56:49 AEST 2020


On 5/25/20 11:28 AM, Thomaiyar, Richard Marian wrote:
> Hi Tony,
>
> Only IPMI offers channel based user level privilege as of now, Redfish 
> uses single privilege across all channels. OpenBMC user management is 
> designed to have single user level privilege. IPMI is designed to bind 
> one of the channel privilege user to the user management, and rest 
> maintain in it's own database. LAN 1 is used for that sync.
>
> Note: Discussion started in Redfish forum to have a channel based 
> restriction, but it's not yet materialized and requires more takers.

here: 
https://redfishforum.com/thread/279/channel-privilege-support-direction-redfish


>
> Regards,
>
> Richard
>
> On 5/25/2020 12:58 PM, Tony Lee (李文富) wrote:
>> In the process of creating an user,
>> I used the ipmi command "ipmitool priv <user id> <privilege level> 
>> [<channel number>]".
>> The "UserPrivilege" of the user I created in dbus is empty. Because 
>> my LAN channel number is not 1.
>>
>> https://github.com/openbmc/phosphor-host-ipmid/blob/master/user_channel/user_mgmt.cpp#L878 
>>
>>
>> Why did it need to check the request channel number before setting 
>> the dbus?
>> I can't find the related restriction of it in "Set User Access 
>> Command" in IPMI SPEC.
>>
>> Thanks
>> Best Regards,
>> Tony



More information about the openbmc mailing list