IBM eserver p Series Service Manual page 502

Passwords
Passwords can be any combination of up to eight alphanumeric characters. You can enter longer
passwords, but the entries are truncated to include only the first eight characters. The privileged access
password can be set from service processor menus or from System Management Services (SMS) utilities
(see Chapter 8, "Using System Management Services," on page 527). The general access password can
be set only from service processor menus.
For security purposes, the service processor counts the number of attempts to enter passwords. The
results of not recognizing a password within this error threshold are different, depending on whether the
attempts are being made locally (at the server) or remotely (through a modem). The error threshold is
three attempts.
If the error threshold is reached by someone entering passwords at the server, the service processor
commands the server to resume the initial program load (IPL). This action is taken based on the
assumption that the server is in an adequately secure location with only authorized users having access.
Such users must still successfully enter a login password to access the operating system.
If the error threshold is reached by someone entering passwords remotely, the service processor
commands the server to power off to prevent potential security attacks on the server by unauthorized
remote users. The following table lists what you can access with the privileged-access password and the
general-access password.
Privileged
Access
Password
None
Set
Set
If you forget the password, you must remove the battery for at least 30 seconds to disable the password.
v Change Privileged-Access Password
Set or change the privileged-access password. It provides the user with the capability to access all
service processor functions. This password is usually used by the system administrator or root user.
v Change General-Access Password
Set or change the general-access password. It provides limited access to service processor menus, and
is usually available to all users who are allowed to power on the server, especially remotely.
Note: The general-access password can only be set or changed after the privileged access password
is set.
v Enable/Disable Console Mirroring
Note: Console mirroring is disabled in partitioned systems.
Console mirroring is supported on serial port 1 (S1) and serial port 2 (S2). When console mirroring is
enabled, the service processor sends information to all serial ports. The serial port from which console
mirroring is enabled is referred to as the active port. The mirror port is determined when keyboard input
is detected from one of the other ports. From this point on, the service processor sends information only
to the active port and the mirror port. This capability can be enabled by local or remote users, providing
local users with the capability to monitor remote sessions. Console mirroring can be enabled for the
current session only. For more information, see "Console Mirroring" on page 519.
482 EserverpSeries 650 Service Guide
General Resulting Menu
Access
Password
None Service processor MAIN MENU displays.
None Users with the password see the service processor MAIN MENU.
Users without password cannot log in.
Set Users see menus associated with the entered password.