Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1380 Discussions

what is the effect of setting Username & Password = DISABLED?

theperfectwave
Beginner
695 Views
In our tests we set in the MEBX:
Intel AMT Configuration => SOL/IDER/KVM => Username & Password = DISABLED

But we still can logon to the MEBX with the user admin and his password.

And we still can use the user admin and his password to logon at the WEB UI and to start a KVM connection with the RealVNC Viewer.


==> So the question, which we have is, what is the result of setting Username & Password to DISABLED?


Thanks in advance for your answers.
0 Kudos
1 Solution
Gael_H_Intel
Moderator
695 Views

Hello - I have a slight clarification after talking to some of my colleagues.

In AMT 6.0 the "Disable" optionreally has no meaning anymore. This is because "Username and Password" in previous versions was sent in the clear. By disabling them, you would enforce the use of Kerberos. But now, AMT automatically tries digest authentication first. If that fails (like maybe the password is incorrect) it will try basic authentication (but if the password is wrong, I suspect this would fail too..) - if those methods fail then it would try kerberos. If you disable username and password, it simply skips trying the basic authentication if digest authentication doesn't work.

What I was trying to accomplish with my last post was to let you know that SOL/IDER and KVM use different forms of authentication and KVM wouldn't fail by modifying your authentication method for SOL/IDER. The RFB password only applys to port 5900 and if port 5900 is not enabled, then your KVM session is using the AMT redirection ports and the RFB password is never involved.

We found that the SDK documentation was not very clear regarding this and are working on getting it up to date. I apologize for the confusion.

Gael

View solution in original post

0 Kudos
4 Replies
Gael_H_Intel
Moderator
695 Views
Hi,

The menu option for enabling/disabling username and password determines whether the redirection interface can use a username and password to authenticate a remote SOL/IDE-R session. Disable limits the redirection interface to Kerberos authentication.

Why does KVM work? If you have enabled Port 5900, it is used for interoperability with the RFB protocol (the authentication required for KVM.) Ports 16994/16995 are used to transport RFB over Intel rediection protocol and includes various authentication modes which are supported by the Intel redirection protocol. If port 5900 is not enabled then the standard redirection ports would be used and would require either username and password to be enabled, or kerberos authentication.


Gael

0 Kudos
Gael_H_Intel
Moderator
696 Views

Hello - I have a slight clarification after talking to some of my colleagues.

In AMT 6.0 the "Disable" optionreally has no meaning anymore. This is because "Username and Password" in previous versions was sent in the clear. By disabling them, you would enforce the use of Kerberos. But now, AMT automatically tries digest authentication first. If that fails (like maybe the password is incorrect) it will try basic authentication (but if the password is wrong, I suspect this would fail too..) - if those methods fail then it would try kerberos. If you disable username and password, it simply skips trying the basic authentication if digest authentication doesn't work.

What I was trying to accomplish with my last post was to let you know that SOL/IDER and KVM use different forms of authentication and KVM wouldn't fail by modifying your authentication method for SOL/IDER. The RFB password only applys to port 5900 and if port 5900 is not enabled, then your KVM session is using the AMT redirection ports and the RFB password is never involved.

We found that the SDK documentation was not very clear regarding this and are working on getting it up to date. I apologize for the confusion.

Gael

0 Kudos
theperfectwave
Beginner
695 Views

>>....
... In AMT 6.0 the "Disable" optionreally has no meaning anymore. ....
........<<



1. Ok that mean's, they just forgot to remove this point from the MEBx?

2. So the poinrt:
Username & Password = ENABELED | DISABLED
will be remove from the MEBx in it's next version?




0 Kudos
Gael_H_Intel
Moderator
695 Views
Hi - I don't know what the plans for deprecation in the firmware would be. In anycase, just know that it doesn't really matter how it's set - your SOL/IDER sessions should still authenticate.

Gael
0 Kudos
Reply