Ip restricted logins, Ip binding, Trust modes – HP Systems Insight Manager User Manual

IP Restricted Logins

IP addresses can be explicitly permitted or restricted based on user type. If there are IP addresses in the
permitted list, only those IP addresses are allowed login access. If there are no IP addresses in the permitted
list, login access is granted to any IP address not in the restricted list.

The following command enables or disables IP restricted login:

smhconfig -P|--ip-restricted-logins[=] True | False

IP Address Inclusion

Perform the IP address permitted command as follows:

smhconfig -i|--ip-restricted-include[=] IPLIST

The following is an example of how IPLIST is formatted:

122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128

IP Address Exclusion

Perform the IP address restricted command as follows:

smhconfig -e|--ip-restricted-exclude[=] IPLIST

The following is an example of how IPLIST is formatted:

122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128

NOTE:

For systems running on Windows and Linux, IPv4 and IPv6 address ranges are supported.

For systems running on HP-UX operation system, currently, IPv4 address ranges are supported.

IP Binding

IP binding provides HP SMH the ability to listen only to the addresses configured in the IP binding list. If IP
binding is enabled and the IP binding list is empty, HP SMH will only be accessible locally.

Perform the IP binding command as follows:

smhconfig -g|--ip-binding[=] True | False

IP binding list

Use the following command to configure the IP binding list to be used when IP binding is

enabled.

smhconfig -I|--ip-binding-list[=] IPBINDLIST

IPBINDLIST

must be a list of semicolon-separated IP addresses and/or IP address/netmask pairs.

The following is an example of how IPBINDLIST is formatted:

172.24.31.10/255.255.255.0;128.88.236.189/255.255.255.0;172.25.86.69/255.255.0.0

Trust Modes

The HP SMH trusts HP SIM (HP SIM) or HP Insight Manager 7 7 (IM 7) secure task execution requests and
single sign on requests with various levels of security, ranging from trust all to only trust HP SIM or HP Insight
Manager 7 7 with trusted certificates:

•

Trust All

This command sets up the http server to accept all secure task execution requests and single

sign on requests from any HP SIM or HP Insight Manager 7 7 server:

smhconfig -t|--trustmode[=] TrustByAll

•

Trust By Name

This command sets up the HP SMH to only accept secure task execution requests and

single sign on requests from the listed HP SIM or HP Insight Manager 7 7 servers:

smhconfig -t|--trust-mode[=] TrustByName

To configure the trusted servers name list for the TrustByName trust mode, use the following command:

smhconfig -X|--xenamelist[=] XENAMELIST

XENAMELIST

is a list of the HP SIM or HP Insight Manager 7 7 servers that trust, using a comma or

semicolon as a delimiter. The following is an example of the name list format:

66

Command Line Interface configuration