Enhance Redfish to allow IPMI users
Joseph Reynolds
jrey at linux.ibm.com
Wed Sep 16 05:38:26 AEST 2020
I am working on a new feature so the BMC admin can use Redfish
operations to allow or deny specific users to use the BMC's network IPMI
interface.
The goal is to be able to configure the BMC out of the box with no users
authorized to use the IPMI network service, and then as needed enable
network IPMI and allow specific users to use that service.
The direction for this seems to be adding the IPMI enum to the
ManagerAccount AccountTypes array.
https://redfishforum.com/thread/219/account-groups-property?page=1&scrollTo=1289
If we had this, the BMC admin could allow someuser to use IPMI like
this: PATCH /redfish/v1/AccountService/Account/someuser with
{AccountTypes: [...,IPMI,...]} and possibly also changing the password.
Would this work with OpenBMC phosphor user management? The forum thread
has additional considerations. Will the IPMI maintainers please comment
here or on the forum?
- Joseph
More information about the openbmc
mailing list