ipmilan

a b c d e f g h i j k l m n o p q r s t u v w x y z _
ipmilan(8)	    IPMI LAN to System Interface Converter	   ipmilan(8)



NAME
       ipmilan - IPMI LAN to System Interface Converter


SYNOPSIS
       ipmilan [-c configfile] [-i ipmidevice] [-d] [-n]


DESCRIPTION
       The  ipmilan daemon allows an IPMI system interface using the OpenIPMI
       device driver to be accessed using the IPMI 1.5 LAN protocol.

       ipmilan supports the full authentication capabilities of the IPMI  LAN
       protocol.

       ipmilan supports multiple IP addresses for fault-tolerance.  Note that
       messages coming in on an address are always sent back out on the	 same
       address they came in.


OPTIONS
       -c config-file
	      Set  the	configuration  file  to one other than the default of
	      /etc/ipmi_lan.conf

       -n     Stops  the  daemon  from	forking	  and	detaching   from  the
	      controlling terminal. This is useful for running from init.

       -d     Turns  on	 debugging to standard output.	You generally have to
	      use -n with this.



CONFIGURATION
       Configuration is accomplished through the file /etc/ipmi_lan.conf.   A
       file with another name or path may be specified using the -c option.

       The following fields are used in many commands:

       boolean May be "true", "false", "on" or "off".

       priv An IPMI privilege level.  This may be "callback", "user", "opera-
       tor", or "admin".

       auth An IPMI authorization type.	 This may be "none" for no  authenti-
       cation, "straight" for straight, in-the-clear password authentication,
       "md2" for use MD2 message digest authentication, or  "md5"  for	using
       MD5 message digest authentication.



       addr IP-address [UDP-port]
	      IP-address  specifies  the IP address to use for an IP port. Up
	      to 4 addresses may be specified.	If no address  is  specified,
	      it  defaults  to	one port at 0.0.0.0 (for every address on the
	      machine) at port 623.

	      UDP-port specifies an optional port to listen on.	 It  defaults
	      to 623 (the standard port).


       PEF_alerting boolean
	      Turn PEF alerting on or off (not currently supported).


       per_msg_auth boolean
	      Turn per-message authentication on or off.


       priv_limit priv
	      The maximum privilege allowed on this interface.


       allowed_auths_callback [auth [auth [...]]]
	      auth  specifies  allowed	authorization levels for the callback
	      privilege level.	Only the levels specified on  this  line  are
	      allowed  for  the	 authorization	level.	 If  this line is not
	      present, callback authorization cannot be used.


       allowed_auths_user [auth [auth [...]]]
	      auth specifies allowed authorization levels for the user privi-
	      lege level.  Only the levels specified on this line are allowed
	      for the authorization level.  If this line is not present, user
	      authorization cannot be used.


       allowed_auths_operator [auth [auth [...]]]
	      auth  specifies  allowed	authorization levels for the operator
	      privilege level.	Only the levels specified on  this  line  are
	      allowed  for  the	 authorization	level.	 If  this line is not
	      present, operator authorization cannot be used.


       allowed_auths_admin [auth [auth [...]]]
	      auth specifies allowed authorization levels for the admin priv-
	      ilege  level.   Only  the	 levels	 specified  on	this line are
	      allowed for the authorization  level.   If  this	line  is  not
	      present, user authorization cannot be used.


       user  usernum  enabled  username	 password  max-priv max-session [auth
       [auth [...]]]
	      usernum specifies the user number for the user.  Note that user
	      number 0 is invalid, and user number 1 is the  special  "anony-
	      mous" user, whose username is ignored.  This value may be up to
	      63, the maximum possible IPMI  user.   If	 you  want  anonymous
	      access, you must have a user number 1.

	      enabled is a boolean that specified whether the user is enabled
	      or not.

	      username specifies the name of the user, specified as a name.

	      password specifies the password of the  user,  specified	as  a
	      name.

	      max-priv	specifies the maximum privilege level allowed for the
	      user.

	      max.sessions specifies the maximum number of session  the	 user
	      may open.

	      auth  specifies  the  allowed authorization types for the user.
	      Only the specified ones are allowed, so if none are  specified,
	      the user will be disabled.


       guid name
	      Allows the 16-byte GUID for the IPMI LAN connection to be spec-
	      ified.  If this is not specified, then the GUID command is  not
	      supported.


       Blank lines and lines starting with ‘#’ are ignored.


SECURITY
       ipmilan implements normal IPMI security.	 The default is no access for
       anyone, so the default is pretty safe, but be careful  what  you	 add,
       because	this is access to control your box.  straight and none autho-
       rizations are not recommended, you should probably stick with  md2  or
       md5.


SIGNALS
       SIGHUP
	    ipmilan should handle SIGHUP and reread it’s configuration files.
	    However, it doesn’t right now.  It might in the future,  for  now
	    you	 will  have to kill it and restart it.	Clients should handle
	    reconnecting in this case.	If they don’t, they are broken.


ERROR OUTPUT
       At startup, all error output goes to stderr.  After  that,  all	error
       output goes to syslog.


FILES
       /etc/ipmi_lan.conf


SEE ALSO
       ipmi_ui(1)


KNOWN PROBLEMS
       Currently,  ipmilan  does not implement writing the config file.	 IPMI
       commands to change configuration options are accepted, but the  perma-
       nent writing of the changes does not currently work.


AUTHOR
       Corey Minyard <cminyard@mvista.org>



OpenIPMI			   05/13/03			   ipmilan(8)