HostInterface Account related questions

AMI_archerwen
Guppy

Posts: 69

HostInterface Account related questions Nov 13, 2023 6:44:31 GMT

Quote

Post by AMI_archerwen on Nov 13, 2023 6:44:31 GMT

Hi,

As I know, the HostInterface spec defined "Bootstrap accounts shall be usable only on the host interface."

And if we take the bootstrap account to created a Session from out-of-band, I think it should be created (Return 201) but it cannot do anything while using the Session to access any resource with out-of-band ip.

Am I correct?
Or it should be reject when creating a Session (Return 401)?

Thanks,
Archer.

Last Edit: Nov 13, 2023 6:50:45 GMT by AMI_archerwen

mraineri Administrator Posts: 1,132	HostInterface Account related questions Nov 13, 2023 13:47:48 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by mraineri on Nov 13, 2023 13:47:48 GMT It's expected to be rejected with 401 Unauthorized; the user provided invalid credentials (since the credentials are not usable on other interfaces).

AMI_Mani
Tuna

AMI

Posts: 178

HostInterface Account related questions Feb 19, 2024 17:51:42 GMT

Quote

Post by AMI_Mani on Feb 19, 2024 17:51:42 GMT

When we provide bootstrap user credential in basic auth, session auth through OOB request(corrct username, password), we should return 401. Is it right?
User can get username, password from IPMI command response(Get bootstrapcredentials command) in host which can be used in basic auth, session auth through OOB request(correct username, password)

Thanks,
Mani

Last Edit: Feb 19, 2024 18:02:57 GMT by AMI_Mani

mraineri
Administrator

Posts: 1,132

HostInterface Account related questions Feb 19, 2024 20:35:39 GMT

Quote

Post by mraineri on Feb 19, 2024 20:35:39 GMT

Yes, you'd return 401 since the credentials are not valid over that interface. 401 is used to tell the client they need to specify different credentials to gain access. The IPMI bootstrap credentials are only allowed on the interface designated as the "host interface", which is typically a point-to-point network connection between the CPU complex and the BMC.

Post by AMI_archerwen on Nov 13, 2023 6:44:31 GMT

Post by mraineri on Nov 13, 2023 13:47:48 GMT

Post by AMI_Mani on Feb 19, 2024 17:51:42 GMT

Post by mraineri on Feb 19, 2024 20:35:39 GMT