Have slpdiscover ultimately relax password expiry, login failure behavior, password reuse restrictions, minimal change interval to help automation work and

avoid DoS attacks

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/branches/2.7@14177 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2012-10-31 15:22:11 +00:00
parent 44060947cc
commit 083154650c
2 changed files with 5 additions and 0 deletions

View File

@ -4211,6 +4211,10 @@ sub clicmds {
push @cfgtext,"The current account password has expired, please modify it first";
return ([1,\@unhandled,"Management module refuses requested password as insufficiently secure, try another password"]);
}
$t->waitfor(match=>"/system> /");
$t->cmd("accseccfg -rc 0 -pe 0 -pi 0 -ct 0 -lp 0 -lf 0 -T system:mm[1]");
$t->waitfor(match=>"/system> /");
$t->cmd("accseccfg -rc 0 -pe 0 -pi 0 -ct 0 -lp 0 -lf 0 -T system:mm[2]");
}
$t->waitfor(match=>"/system> /");
} elsif (not $t) {#ssh failed.. fallback to a telnet attempt for older AMMs with telnet disabled by default

View File

@ -238,6 +238,7 @@ sub setupIMM {
Errmode=>'return',
Prompt=>'/> $/');
if ($ssh and $ssh->atprompt) { #we are in and good to issue commands
$ssh->cmd("accseccfg -pe 0 -rc 0 -ci 0 -lf 0 -lp 0"); #disable the more insane password rules, this isn't by and large a human used interface
$ssh->cmd("users -1 -n ".$args{username}." -p ".$args{password}." -a super"); #this gets ipmi going
foreach my $ip (@ips) {
if ($ip =~ /:/) {