what is the effect of setting Username & Password = DISABLED?

what is the effect of setting Username & Password = DISABLED?

In our tests we set in the MEBX:
Intel AMT Configuration => SOL/IDER/KVM => Username & Password = DISABLED

But we still can logon to the MEBX with the user admin and his password.

And we still can use the user admin and his password to logon at the WEB UI and to start a KVM connection with the RealVNC Viewer.

==> So the question, which we have is, what is the result of setting Username & Password to DISABLED?

Thanks in advance for your answers.

5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi,

The menu option for
enabling/disabling username and password determines whether the redirection
interface can use a username and password to authenticate a remote SOL/IDE-R
session. Disable limits the redirection interface to Kerberos authentication.

Why does KVM work? If you have enabled Port 5900, it is used for interoperability with the RFB
protocol (the authentication required for KVM.) Ports 16994/16995 are used to transport RFB over Intel rediection
protocol and includes various authentication modes which are supported by the
Intel redirection protocol. If port 5900 is not enabled then the standard redirection ports would be used and would require either username and password to be enabled, or kerberos authentication.

Gael

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof
Best Reply

Hello - I have a slight clarification after talking to some of my colleagues.

In AMT 6.0 the "Disable" optionreally has no meaning anymore. This is because "Username and Password" in previous versions was sent in the clear. By disabling them, you would enforce the use of Kerberos. But now, AMT automatically tries digest authentication first. If that fails (like maybe the password is incorrect) it will try basic authentication (but if the password is wrong, I suspect this would fail too..) - if those methods fail then it would try kerberos. If you disable username and password, it simply skips trying the basic authentication if digest authentication doesn't work.

What I was trying to accomplish with my last post was to let you know that SOL/IDER and KVM use different forms of authentication and KVM wouldn't fail by modifying your authentication method for SOL/IDER. The RFB password only applys to port 5900 and if port 5900 is not enabled, then your KVM session is using the AMT redirection ports and the RFB password is never involved.

We found that the SDK documentation was not very clear regarding this and are working on getting it up to date. I apologize for the confusion.

Gael

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

>>....
... In AMT 6.0 the "Disable" optionreally has no meaning anymore. ....
........<<

1. Ok that mean's, they just forgot to remove this point from the MEBx?

2. So the poinrt:
Username & Password = ENABELED | DISABLED
will be remove from the MEBx in it's next version?

Hi - I don't know what the plans for deprecation in the firmware would be. In anycase, just know that it doesn't really matter how it's set - your SOL/IDER sessions should still authenticate.

Gael

Follow me on Twitter: @GaelHof
Facebook: https://www.facebook.com/GaelHof

Leave a Comment

Please sign in to add a comment. Not a member? Join today