Community
cancel
Showing results for 
Search instead for 
Did you mean: 
theperfectwave
Beginner
81 Views

what is the effect of setting Username & Password = DISABLED?

Jump to solution
In our tests we set in the MEBX:
Intel AMT Configuration => SOL/IDER/KVM => Username & Password = DISABLED

But we still can logon to the MEBX with the user admin and his password.

And we still can use the user admin and his password to logon at the WEB UI and to start a KVM connection with the RealVNC Viewer.


==> So the question, which we have is, what is the result of setting Username & Password to DISABLED?


Thanks in advance for your answers.
0 Kudos

Accepted Solutions
Gael_H_Intel
Moderator
81 Views

Hello - I have a slight clarification after talking to some of my colleagues.

In AMT 6.0 the "Disable" optionreally has no meaning anymore. This is because "Username and Password" in previous versions was sent in the clear. By disabling them, you would enforce the use of Kerberos. But now, AMT automatically tries digest authentication first. If that fails (like maybe the password is incorrect) it will try basic authentication (but if the password is wrong, I suspect this would fail too..) - if those methods fail then it would try kerberos. If you disable username and password, it simply skips trying the basic authentication if digest authentication doesn't work.

What I was trying to accomplish with my last post was to let you know that SOL/IDER and KVM use different forms of authentication and KVM wouldn't fail by modifying your authentication method for SOL/IDER. The RFB password only applys to port 5900 and if port 5900 is not enabled, then your KVM session is using the AMT redirection ports and the RFB password is never involved.

We found that the SDK documentation was not very clear regarding this and are working on getting it up to date. I apologize for the confusion.

Gael

View solution in original post

4 Replies
Gael_H_Intel
Moderator
81 Views
Hi,

The menu option for enabling/disabling username and password determines whether the redirection interface can use a username and password to authenticate a remote SOL/IDE-R session. Disable limits the redirection interface to Kerberos authentication.

Why does KVM work? If you have enabled Port 5900, it is used for interoperability with the RFB protocol (the authentication required for KVM.) Ports 16994/16995 are used to transport RFB over Intel rediection protocol and includes various authentication modes which are supported by the Intel redirection protocol. If port 5900 is not enabled then the standard redirection ports would be used and would require either username and password to be enabled, or kerberos authentication.


Gael

Gael_H_Intel
Moderator
82 Views

Hello - I have a slight clarification after talking to some of my colleagues.

In AMT 6.0 the "Disable" optionreally has no meaning anymore. This is because "Username and Password" in previous versions was sent in the clear. By disabling them, you would enforce the use of Kerberos. But now, AMT automatically tries digest authentication first. If that fails (like maybe the password is incorrect) it will try basic authentication (but if the password is wrong, I suspect this would fail too..) - if those methods fail then it would try kerberos. If you disable username and password, it simply skips trying the basic authentication if digest authentication doesn't work.

What I was trying to accomplish with my last post was to let you know that SOL/IDER and KVM use different forms of authentication and KVM wouldn't fail by modifying your authentication method for SOL/IDER. The RFB password only applys to port 5900 and if port 5900 is not enabled, then your KVM session is using the AMT redirection ports and the RFB password is never involved.

We found that the SDK documentation was not very clear regarding this and are working on getting it up to date. I apologize for the confusion.

Gael

View solution in original post

theperfectwave
Beginner
81 Views

>>....
... In AMT 6.0 the "Disable" optionreally has no meaning anymore. ....
........<<



1. Ok that mean's, they just forgot to remove this point from the MEBx?

2. So the poinrt:
Username & Password = ENABELED | DISABLED
will be remove from the MEBx in it's next version?




Gael_H_Intel
Moderator
81 Views
Hi - I don't know what the plans for deprecation in the firmware would be. In anycase, just know that it doesn't really matter how it's set - your SOL/IDER sessions should still authenticate.

Gael