Man Linux: Main Page and Category List

NAME

       ipmilan - IPMI LAN to System Interface Converter

SYNOPSIS

       ipmilan [-c configfile] [-i ipmidevice] [-d] [-n]

DESCRIPTION

       The  ipmilan  daemon allows an IPMI system interface using the OpenIPMI
       device driver to be accessed using the IPMI 1.5 LAN protocol.

       ipmilan supports the full authentication capabilities of the  IPMI  LAN
       protocol.

       ipmilan  supports multiple IP addresses for fault-tolerance.  Note that
       messages coming in on an address are always sent back out on  the  same
       address they came in.

OPTIONS

       -c config-file
              Set  the  configuration  file  to  one other than the default of
              /etc/ipmi_lan.conf

       -n     Stops  the  daemon  from   forking   and   detaching   from  the
              controlling terminal. This is useful for running from init.

       -d     Turns  on  debugging  to standard output.  You generally have to
              use -n with this.

CONFIGURATION

       Configuration is accomplished through the file  /etc/ipmi_lan.conf.   A
       file with another name or path may be specified using the -c option.

       The following fields are used in many commands:

       boolean May be "true", "false", "on" or "off".

       priv  An  IPMI  privilege  level.   This  may  be  "callback",  "user",
       "operator", or "admin".

       auth  An  IPMI  authorization  type.   This  may  be  "none"   for   no
       authentication,   "straight"   for   straight,   in-the-clear  password
       authentication, "md2" for use MD2  message  digest  authentication,  or
       "md5" for using MD5 message digest authentication.

       addr IP-address [UDP-port]
              IP-address specifies the IP address to use for an IP port. Up to
              4 addresses may be specified.  If no address  is  specified,  it
              defaults  to  one  port  at  0.0.0.0  (for  every address on the
              machine) at port 623.

              UDP-port specifies an optional port to listen on. It defaults to
              623 (the standard port).

       PEF_alerting boolean
              Turn PEF alerting on or off (not currently supported).

       per_msg_auth boolean
              Turn per-message authentication on or off.

       priv_limit priv
              The maximum privilege allowed on this interface.

       allowed_auths_callback [auth [auth [...]]]
              auth  specifies  allowed  authorization  levels for the callback
              privilege level.  Only the levels specified  on  this  line  are
              allowed  for  the  authorization  level.   If  this  line is not
              present, callback authorization cannot be used.

       allowed_auths_user [auth [auth [...]]]
              auth  specifies  allowed  authorization  levels  for  the   user
              privilege  level.   Only  the  levels specified on this line are
              allowed for the  authorization  level.   If  this  line  is  not
              present, user authorization cannot be used.

       allowed_auths_operator [auth [auth [...]]]
              auth  specifies  allowed  authorization  levels for the operator
              privilege level.  Only the levels specified  on  this  line  are
              allowed  for  the  authorization  level.   If  this  line is not
              present, operator authorization cannot be used.

       allowed_auths_admin [auth [auth [...]]]
              auth  specifies  allowed  authorization  levels  for  the  admin
              privilege  level.   Only  the  levels specified on this line are
              allowed for the  authorization  level.   If  this  line  is  not
              present, user authorization cannot be used.

       user usernum enabled username password max-priv max-session [auth [auth
       [...]]]
              usernum  specifies the user number for the user.  Note that user
              number  0  is  invalid,  and  user  number  1  is  the   special
              "anonymous"  user, whose username is ignored.  This value may be
              up to 63, the maximum possible IPMI user.  If you want anonymous
              access, you must have a user number 1.

              enabled  is a boolean that specified whether the user is enabled
              or not.

              username specifies the name of the user, specified as a name.

              password specifies the password of  the  user,  specified  as  a
              name.

              max-priv  specifies  the maximum privilege level allowed for the
              user.

              max.sessions specifies the maximum number of  session  the  user
              may open.

              auth  specifies  the  allowed  authorization types for the user.
              Only the specified ones are allowed, so if none  are  specified,
              the user will be disabled.

       guid name
              Allows  the  16-byte  GUID  for  the  IPMI  LAN connection to be
              specified.  If this is not specified, then the GUID  command  is
              not supported.

       Blank lines and lines starting with ‘#’ are ignored.

SECURITY

       ipmilan  implements normal IPMI security.  The default is no access for
       anyone, so the default is pretty safe, but be  careful  what  you  add,
       because  this  is  access  to  control  your  box.   straight  and none
       authorizations are not recommended, you should probably stick with  md2
       or md5.

SIGNALS

       SIGHUP
            ipmilan  should handle SIGHUP and reread it’s configuration files.
            However, it doesn’t right now.  It might in the  future,  for  now
            you  will  have  to kill it and restart it.  Clients should handle
            reconnecting in this case.  If they don’t, they are broken.

ERROR OUTPUT

       At startup, all error output goes to stderr.   After  that,  all  error
       output goes to syslog.

FILES

       /etc/ipmi_lan.conf

SEE ALSO

       ipmi_ui(1)

KNOWN PROBLEMS

       Currently,  ipmilan  does  not implement writing the config file.  IPMI
       commands  to  change  configuration  options  are  accepted,  but   the
       permanent writing of the changes does not currently work.

AUTHOR

       Corey Minyard <cminyard@mvista.org>