ipmilan

ipmilan(8)	    IPMI LAN to System Interface Converter	    ipmilan(8)



NAME
       ipmilan - IPMI LAN to System Interface Converter


SYNOPSIS
       ipmilan [-c configfile] [-i ipmidevice] [-d] [-n]


DESCRIPTION
       The  ipmilan  daemon allows an IPMI system interface using the OpenIPMI
       device driver to be accessed using the IPMI 1.5 LAN protocol.

       ipmilan supports the full authentication capabilities of the  IPMI  LAN
       protocol.

       ipmilan	supports multiple IP addresses for fault-tolerance.  Note that
       messages coming in on an address are always sent back out on  the  same
       address they came in.


OPTIONS
       -c config-file
	      Set  the	configuration  file  to	 one other than the default of
	      /etc/ipmi_lan.conf

       -n     Stops  the  daemon  from	forking	 and  detaching	 from the con-
	      trolling terminal. This is useful for running from init.

       -d     Turns  on	 debugging  to standard output.	 You generally have to
	      use -n with this.



CONFIGURATION
       Configuration is accomplished through the file  /etc/ipmi_lan.conf.   A
       file with another name or path may be specified using the -c option.

       The following fields are used in many commands:

       boolean May be "true", "false", "on" or "off".

       priv  An IPMI privilege level.  This may be "callback", "user", "opera-
       tor", or "admin".

       auth An IPMI authorization type.	 This may be "none" for no authentica-
       tion,  "straight"  for  straight, in-the-clear password authentication,
       "md2" for use MD2 message digest authentication, or "md5" for using MD5
       message digest authentication.



       addr IP-address [UDP-port]
	      IP-address specifies the IP address to use for an IP port. Up to
	      4 addresses may be specified.  If no address  is	specified,  it
	      defaults	to  one	 port  at  0.0.0.0  (for  every address on the
	      machine) at port 623.

	      UDP-port specifies an optional port to listen on. It defaults to
	      623 (the standard port).


       PEF_alerting boolean
	      Turn PEF alerting on or off (not currently supported).


       per_msg_auth boolean
	      Turn per-message authentication on or off.


       priv_limit priv
	      The maximum privilege allowed on this interface.


       allowed_auths_callback [auth [auth [...]]]
	      auth  specifies  allowed	authorization  levels for the callback
	      privilege level.	Only the levels specified  on  this  line  are
	      allowed  for  the	 authorization	level.	 If  this  line is not
	      present, callback authorization cannot be used.


       allowed_auths_user [auth [auth [...]]]
	      auth specifies allowed authorization levels for the user	privi-
	      lege  level.  Only the levels specified on this line are allowed
	      for the authorization level.  If this line is not present,  user
	      authorization cannot be used.


       allowed_auths_operator [auth [auth [...]]]
	      auth  specifies  allowed	authorization  levels for the operator
	      privilege level.	Only the levels specified  on  this  line  are
	      allowed  for  the	 authorization	level.	 If  this  line is not
	      present, operator authorization cannot be used.


       allowed_auths_admin [auth [auth [...]]]
	      auth specifies allowed authorization levels for the admin privi-
	      lege  level.  Only the levels specified on this line are allowed
	      for the authorization level.  If this line is not present,  user
	      authorization cannot be used.


       user usernum enabled username password max-priv max-session [auth [auth
       [...]]]
	      usernum  specifies the user number for the user.	Note that user
	      number 0 is invalid, and user number 1 is	 the  special  "anony-
	      mous"  user, whose username is ignored.  This value may be up to
	      63, the maximum possible	IPMI  user.   If  you  want  anonymous
	      access, you must have a user number 1.

	      enabled  is a boolean that specified whether the user is enabled
	      or not.

	      username specifies the name of the user, specified as a name.

	      password specifies the password of  the  user,  specified	 as  a
	      name.

	      max-priv	specifies  the maximum privilege level allowed for the
	      user.

	      max.sessions specifies the maximum number of  session  the  user
	      may open.

	      auth  specifies  the  allowed  authorization types for the user.
	      Only the specified ones are allowed, so if none  are  specified,
	      the user will be disabled.


       guid name
	      Allows the 16-byte GUID for the IPMI LAN connection to be speci-
	      fied.  If this is not specified, then the GUID  command  is  not
	      supported.


       Blank lines and lines starting with ‘#’ are ignored.


SECURITY
       ipmilan	implements normal IPMI security.  The default is no access for
       anyone, so the default is pretty safe, but be  careful  what  you  add,
       because	this  is access to control your box.  straight and none autho-
       rizations are not recommended, you should probably stick	 with  md2  or
       md5.


SIGNALS
       SIGHUP
	    ipmilan  should handle SIGHUP and reread it’s configuration files.
	    However, it doesn’t right now.  It might in the  future,  for  now
	    you	 will  have  to kill it and restart it.	 Clients should handle
	    reconnecting in this case.	If they don’t, they are broken.


ERROR OUTPUT
       At startup, all error output goes to stderr.   After  that,  all	 error
       output goes to syslog.


FILES
       /etc/ipmi_lan.conf


SEE ALSO
       ipmi_ui(1)


KNOWN PROBLEMS
       Currently,  ipmilan  does  not implement writing the config file.  IPMI
       commands to change configuration options are accepted, but  the	perma-
       nent writing of the changes does not currently work.


AUTHOR
       Corey Minyard <cminyard@mvista.org>



OpenIPMI			   05/13/03			    ipmilan(8)
ipmilan

Views

Personal Tools

Search
