What's the meaning of Auth Type Support: NONE MD2 MD5 PASSWORD
and Auth Type Enable : Callback : MD2 MD5 PASSWORD
?
When I use lan print 1
in my server, ipmitool
shows the following output:
[root@localhost ~]# ipmitool -I open lan print 1
Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback : MD2 MD5 PASSWORD
: User : MD2 MD5 PASSWORD
: Operator : MD2 MD5 PASSWORD
: Admin : MD2 MD5 PASSWORD
: OEM : MD2 MD5 PASSWORD
IP Address Source : Static Address
IP Address : 172.16.22.237
Subnet Mask : 255.255.255.0
MAC Address : 00:25:90:a9:42:4a
SNMP Community String : public
IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 0.0.0.0
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max : aaaaXXaaaXXaaXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Bad Password Threshold : Not Available
Best Answer
Like most tools,
ipmitool
comes with a man pageman ipmitool
. The application's online manual will usually either explain outricht or more often than not hint at what the output means.Often a bit of background knowledge helps for context though.
In other words:
The IPMI protocol allows different mechanisms to authenticate. Your IPMI device does not need to support all of them to be standards compliant, so ipmitool will display which ones YOUR device does support:
So your device supports all authentication types, except
OEM
.That is a list of which authentication mechanisms are supported for each (default) ipmi user account. As you can see
NONE
is absent there, in other words, you will always need a valid password to log in to and use any of those accounts.You can supply the password in plain text: the
PASSWORD
mechanism,or use a (cryptographic weak)
MD2
message digest,or use a (cryptographically stronger)
MD5
message digest to authenticate .