BladeSystem - General
1747984 Members
4491 Online
108756 Solutions
New Discussion юеВ

Re: hponcfg online utility overides ILO2 blade access control

 
joel Krajden
Occasional Contributor

hponcfg online utility overides ILO2 blade access control

We sometimes hand out blades to users to manage but we do not want them to have administrator access to the ILO. We create an account for them on the ILO but remove privileges to add users. They do not have access as administrator, but can reboot etc.

If they install the hponcfg and run as administrator on a windows or root on linux box, they are not prompted for administrator password set on the ILO and can make any changes including adding a user account.

Is there a way to require a prompt for the administrator password before allowing settings to be changed on the ILO

Joel
3 REPLIES 3
Adrian Clint
Honored Contributor

Re: hponcfg online utility overides ILO2 blade access control

I think the simplest way round this is to prevent hponcfg from running in some sort of security policy in the OS. Or if you dont controll the OS...

Check out two factor authentication or AD integration of iLO. But I believe whatever security rights you can put in the iLO they can be overwritten with hponcfg.
David Claypool
Honored Contributor

Re: hponcfg online utility overides ILO2 blade access control

Even if you were able to disallow hponcfg in some way, because these users have physical possession, all they need to do is set the iLO security override switch and they can do anything they want.
joel Krajden
Occasional Contributor

Re: hponcfg online utility overides ILO2 blade access control

The physical access to the blades are controlled. By giving out a blade we really mean that the owner/administrator has remote access to the ILO and OS.

It would be nice if hponcfg enforced the password for access to administrative privileges if it has been set.

J