Manualshelf

HP Integrated Lights-Out Security, 7th edition

ManualsBrandsHP ManualsSoftwareInsight Software
11121314151617181920
16
Figure 10. Process that iLO uses to create the one-time login token for Java applet login
The result is that the applet passes the web server session ID as username and the ASCII hash as
password to iLO. If iLO detects a match with the original 40-character random secret stored in
firmware, iLO allows the login and matches the connection credentials with those stored in the
session. Comparing the password with the stored secret destroys the secret. Successive attempts to
connect using that 40-character secret will fail.
In addition to supporting the one-time secret login, the remote console applet supports traditional
username and password login. With the remote console port configuration enabled and the remote
console data encryption set to <no>, telnet can use the username and password credentials to
connect iLO to the remote console port.
The new connection that the Java applet will use stays open as long as the server receives a
“heartbeat” once every 30 seconds. The connection closes if the server does not receive a heartbeat
within one minute.
iLO and iLO 2 support the Remote Console Computer Lock feature, which self-locks the operating
system console when the session is closed or times out. Even though the session is closed, the
connection remains active and authenticated to the OS. Without the Remote Console Computer Lock,
another iLO user could access that open connection and start a new session. The console also self-
locks if the network connection breaks during a remote session. Microsoft Windows and Linux
®
operating systems support this function. Server administrators can configure Remote Console
Computer Lock using programmable RC hot-keys to let iLO users maintain a connection.
Login process for remote console and virtual serial port with iLO 3
iLO3 gives a second session key when you authenticate over HTTPs. The remote console application
uses the second session key to authenticate to iLO 3 as indicated in Figure 9. Using a second session
key does not require iLO 3 to perform an MD5 hash as described previously and shown in Figure 10.
Note also that iLO 3 does not support telnet. Authentication with iLO 3 differs from authentication with
iLO and iLO 2.