Re: [Freeipmi-users] Remotely change a user password without a timeout

[Albert Chu]

(oops, forgot to reply to all, this is a resend)

Hi Jean,

I just tried this on some of my systems and it works perfectly.  I have a
speculation that it may be specific to your machine.

After setting the new password on the remote system, I bet that it has
begun using the new password for all of it's internal hashing mechanisms,
leading new authentication hashes and what not.  Either the remote system
is no longer accepted new packets from FreeIPMI b/c it's sending "bad
packets" w/ the wrong hashes, or perhaps the system is sending FreeIPMI
"bad packets" and FreeIPMI is dropping them.  Eventually leading to the
session timeout.

If it happens to be the latter case, the FreeIPMI workaround
"noauthcodecheck" could alleve your situation.  Use that workaround at your
own discretion, I hope it's obvious what it does.  If it's the former, I
think it's a bug that has to be reported to the vendor.  It should still be
using the originally information from when the session was created.

Another possibility might be to use other authentication mechanisms, and
see if they work.  Perhaps some of the IPMI 2.0 ones (-D lan20 and -I w/
various cipher suites) were implemented better.

Al


On Sat, Dec 13, 2014 at 8:38 AM, jbd <address@hidden> wrote:
>
> Hi,
>
> I'm trying to remotely change the password of a (unique) user :
>
> $ ipmi-config --commit -h hostname -u MYUSER -p CURRENT_PASSWORD -e
> User2:Password=NEW_PASSWORD
> ipmi_cmd_set_user_password: session timeout
>
> The new password is working though :
>
> $ ipmi-config --checkout -h hostname -u MYUSER -p NEW_PASSWORD -S Lan_Conf
>
> Is there some way not having this session timeout ? If not, what would
> be the good way to remotely change a password ?
>
> Thank you !
>
> Jean-Baptiste
>
>
>
> _______________________________________________
> Freeipmi-users mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/freeipmi-users
>