Question on passing username and password credentials through PLDM
Patrick Williams
patrick at stwcx.xyz
Tue Jan 2 23:27:50 AEDT 2024
On Tue, Jan 02, 2024 at 10:16:04AM +0530, Jayashankar Padath wrote:
> We do have a requirement in which the Host needs to pass the username and
> password credentials to the BMC PAM module for authentication OR during a
> password change. These details are passed through the PLDM stack.
This doesn't sound like a requirement, but an implementation decision.
What is the requirement from the host side?
> BMC specific requirements:
>
> ◦ The ability to prompt for a username/password and provide authentication
> ◦ The ability to change a password when the current password is expired
>
> Seeing two design options here.
>
> 1. PLDM calls the PAM APIs directly
> 2. Make use of BIOS Config manager (But this has only password change and
> no direct authentication. Also this does not make use of PAM)
My suggestion: Do whatever bmcweb does. PLDM is another external
interface. If you want to use BMC-side authentication, follow what
other external interface programs are doing.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20240102/3ab55bdb/attachment.sig>
More information about the openbmc
mailing list