From 5604a61f534a457334f5bf3fd746599f4fd9f06c Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Wed, 31 Oct 2012 15:21:45 +0000 Subject: [PATCH] Have slpdiscover ultimately relax password expiry, login failure behavior, password reuse restrictions, minimal change interval to help automation work and avoid DoS attacks git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14176 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/lib/xcat/plugins/blade.pm | 4 ++++ xCAT-server/lib/xcat/plugins/slpdiscover.pm | 1 + 2 files changed, 5 insertions(+) diff --git a/xCAT-server/lib/xcat/plugins/blade.pm b/xCAT-server/lib/xcat/plugins/blade.pm index 68d31889b..28c71632e 100644 --- a/xCAT-server/lib/xcat/plugins/blade.pm +++ b/xCAT-server/lib/xcat/plugins/blade.pm @@ -4286,6 +4286,10 @@ sub clicmds { push @cfgtext,"The current account password has expired, please modify it first"; return ([1,\@unhandled,"Management module refuses requested password as insufficiently secure, try another password"]); } + $t->waitfor(match=>"/system> /"); + $t->cmd("accseccfg -rc 0 -pe 0 -pi 0 -ct 0 -lp 0 -lf 0 -T system:mm[1]"); + $t->waitfor(match=>"/system> /"); + $t->cmd("accseccfg -rc 0 -pe 0 -pi 0 -ct 0 -lp 0 -lf 0 -T system:mm[2]"); } $t->waitfor(match=>"/system> /"); } elsif (not $t) {#ssh failed.. fallback to a telnet attempt for older AMMs with telnet disabled by default diff --git a/xCAT-server/lib/xcat/plugins/slpdiscover.pm b/xCAT-server/lib/xcat/plugins/slpdiscover.pm index b97958522..ed43e2bc1 100644 --- a/xCAT-server/lib/xcat/plugins/slpdiscover.pm +++ b/xCAT-server/lib/xcat/plugins/slpdiscover.pm @@ -238,6 +238,7 @@ sub setupIMM { Errmode=>'return', Prompt=>'/> $/'); if ($ssh and $ssh->atprompt) { #we are in and good to issue commands + $ssh->cmd("accseccfg -pe 0 -rc 0 -ci 0 -lf 0 -lp 0"); #disable the more insane password rules, this isn't by and large a human used interface $ssh->cmd("users -1 -n ".$args{username}." -p ".$args{password}." -a super"); #this gets ipmi going foreach my $ip (@ips) { if ($ip =~ /:/) {