192 MPCMM0001 Chassis Management Module Software Technical Product Specification
RMCP
returned by the Get Channel Authentication Capabilities command. The response packet will
contain a challenge string and a Session ID.
3. The RMCP client activates the session by issuing an Activate Session request. The Activate
Session packet is typically authenticated. For message-digest algorithms, the packet includes a
signature (AuthCode) that is a hash of the challenge, the Session ID, the password, and the
message data using one of the supported algorithms from the Get Channel Authentication
Capabilities command. The client also sets the initial value for the outbound sequence number
that it wants the RMCP server to use for packets it sends to the console.
4. The RMCP server returns a response confirming that the Session has been successfully
activated. It also returns the Session ID to be used for the remainder of the session, and the
initial inbound session sequence number that it wants the RMCP client to use for subsequent
messages it sends to the RMCP server for that session. The Activate Session response is also
authenticated (signed) in the same manner as the request. This allows the RMCP client to
validate that it has a correct Session ID. Note that IPMI does not support switching
authentication algorithms ‘mid stream’. The algorithm used with the Activate Session
command is the algorithm that will be used for subsequent authenticated messages for the
session. The exception to this is that the ‘none’ authentication type is allowed if options such
as ‘Per-Message Authentication’ and/or ‘User Authentication’ are disabled.
5. At this point the session is active. The RMCP client can send a Close Session request to
terminate an active session. The RMCP server will return the Close Session response to
acknowledge the client request.
During a session-active phase:
• Administrator-level requests must be sent as secured (authenticated) messages using the
authentication type that was requested in the Activate RMCP Session message request.
• Authentication type cannot be changed. Secured messages with authentication type other than
that requested in the Activate RMCP Session message request will be silently discarded.
• The RMCP server sends the response using the same authentication type that was used in the
request.
• The RMCP server implements a session-active phase expiration timer. The server will
terminate the session if it does not receive any valid secured message request for a time since
last valid secured message request was received. The client, in this case, should reestablish the
session initiating with the Activate RMCP Session message-request. The following table
shows the RMCP Session Timers.
20.6 RMCP Port Numbers
RMCP messages are sent via UDP datagrams over Ethernet. The RMCP server communicates on
management port 623 (26Fh) for handling RMCP requests.
A secondary port 664 (298h) is used when encryption is necessary.
Table 87. RMCP Session Timers
RMCP Session Phase Time-out Interval
Activation 120 Seconds
Active Session 120 Seconds