.TH ipmilan 8 05/13/03 OpenIPMI "IPMI LAN to System Interface Converter" .SH NAME ipmilan \- IPMI LAN to System Interface Converter .SH SYNOPSIS .B ipmilan .RB [ \-c .IR configfile ] .RB [ \-i .IR ipmidevice ] .RB [ \-d ] .RB [ \-n ] .SH DESCRIPTION The .B ipmilan daemon allows an IPMI system interface using the OpenIPMI device driver to be accessed using the IPMI 1.5 LAN protocol. .B ipmilan supports the full authentication capabilities of the IPMI LAN protocol. .B ipmilan supports multiple IP addresses for fault-tolerance. Note that messages coming in on an address are always sent back out on the same address they came in. .SH OPTIONS .TP .BI \-c\ config-file Set the configuration file to one other than the default of .I "/etc/ipmi_lan.conf" .TP .B \-n Stops the daemon from forking and detaching from the controlling terminal. This is useful for running from init. .TP .B \-d Turns on debugging to standard output. You generally have to use .B \-n with this. .SH CONFIGURATION Configuration is accomplished through the file .IR /etc/ipmi_lan.conf . A file with another name or path may be specified using the .B \-c option. The following fields are used in many commands: .I "boolean" May be "\fBtrue\fP", "\fBfalse\fP", "\fBon\fP" or "\fBoff\fP". .I "priv" An IPMI privilege level. This may be "\fBcallback\fP", "\fBuser\fP", "\fBoperator\fP", or "\fBadmin\fP". .I "auth" An IPMI authorization type. This may be "\fBnone\fP" for no authentication, "\fBstraight\fP" for straight, in-the-clear password authentication, "\fBmd2\fP" for use MD2 message digest authentication, or "\fBmd5\fP" for using MD5 message digest authentication. .TP \fBaddr\fP \fIIP-address\fP [\fIUDP-port\fP] .I IP-address specifies the IP address to use for an IP port. Up to 4 addresses may be specified. If no address is specified, it defaults to one port at \fB0.0.0.0\fP (for every address on the machine) at port \fB623\fP. .I UDP-port specifies an optional port to listen on. It defaults to \fB623\fP (the standard port). .TP .BI PEF_alerting\ boolean Turn PEF alerting on or off (not currently supported). .TP .BI per_msg_auth\ boolean Turn per-message authentication on or off. .TP .BI priv_limit\ priv The maximum privilege allowed on this interface. .TP \fBallowed_auths_callback\fP [\fIauth\fP [\fIauth\fP [...]]] .I auth specifies allowed authorization levels for the callback privilege level. Only the levels specified on this line are allowed for the authorization level. If this line is not present, callback authorization cannot be used. .TP \fBallowed_auths_user\fP [\fIauth\fP [\fIauth\fP [...]]] .I auth specifies allowed authorization levels for the user privilege level. Only the levels specified on this line are allowed for the authorization level. If this line is not present, user authorization cannot be used. .TP \fBallowed_auths_operator\fP [\fIauth\fP [\fIauth\fP [...]]] .I auth specifies allowed authorization levels for the operator privilege level. Only the levels specified on this line are allowed for the authorization level. If this line is not present, operator authorization cannot be used. .TP \fBallowed_auths_admin\fP [\fIauth\fP [\fIauth\fP [...]]] .I auth specifies allowed authorization levels for the admin privilege level. Only the levels specified on this line are allowed for the authorization level. If this line is not present, user authorization cannot be used. .TP \fBuser\fP \fIusernum\fP \fIenabled\fP \fIusername\fP \fIpassword\fP \fImax-priv\fP \fImax-session\fP [\fIauth\fP [\fIauth\fP [...]]] .I usernum specifies the user number for the user. Note that user number \fB0\fP is invalid, and user number \fB1\fP is the special "anonymous" user, whose username is ignored. This value may be up to \fB63\fP, the maximum possible IPMI user. If you want anonymous access, you .B must have a user number \fB1\fI. .I enabled is a boolean that specified whether the user is enabled or not. .I username specifies the name of the user, specified as a name. .I password specifies the password of the user, specified as a name. .I max-priv specifies the maximum privilege level allowed for the user. .I max.sessions specifies the maximum number of session the user may open. .I auth specifies the allowed authorization types for the user. Only the specified ones are allowed, so if none are specified, the user will be disabled. .TP \fBguid\fP \fIname\fP Allows the 16-byte GUID for the IPMI LAN connection to be specified. If this is not specified, then the GUID command is not supported. .PP Blank lines and lines starting with `#' are ignored. .SH SECURITY .B ipmilan implements normal IPMI security. The default is no access for anyone, so the default is pretty safe, but be careful what you add, because this is access to control your box. \fBstraight\fP and \fBnone\fP authorizations are not recommended, you should probably stick with \fBmd2\fP or \fBmd5\fP. .SH "SIGNALS" .TP 0.5i .B SIGHUP .B ipmilan should handle SIGHUP and reread it's configuration files. However, it doesn't right now. It might in the future, for now you will have to kill it and restart it. Clients should handle reconnecting in this case. If they don't, they are broken. .SH "ERROR OUTPUT" At startup, all error output goes to stderr. After that, all error output goes to syslog. .SH "FILES" /etc/ipmi_lan.conf .SH "SEE ALSO" .BR ipmi_ui (1) .SH "KNOWN PROBLEMS" Currently, .B ipmilan does not implement writing the config file. IPMI commands to change configuration options are accepted, but the permanent writing of the changes does not currently work. .SH AUTHOR .PP Corey Minyard