Dell iDRAC8 Using Hash Passwords for Improved Security

To enable Auto Config:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network.

The Network page is displayed.

2. In the Auto Config section, select one of the following options to enable Auto Config:

server. After this, Auto Config is disabled.

the XML file referenced by the DHCP server. After this, Auto Config is disabled.

To disable the Auto Config feature, select Disable.

hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you

can provide the password in plain text format.

With the new password hash feature:

• You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This

allows you to have the SHA256 values in the server configuration profile, RACADM, and WSMAN.

When you provide the SHA256 password values, you cannot authenticate through SNMPv3 and IPMI.

• You can set up a template server including all the iDRAC user accounts and BIOS passwords using the

current plain text mechanism. After the server is set up, you can export the server configuration profile

with the password that has hash values. The export includes the hash values required for SNMPv3 and

IPMI authentication.

Use the following objects with the set racadm sub command to set hash passwords:

• iDRAC.Users.SHA256Password

• iDRAC.Users.SHA256PasswordSalt

Use the following command to include the hash password in the exported server configuration profile:

racadm get -f <file name> -l <NFS / CIFS share> -u <username> -p <password> -t

<filetype> --includePH

You must set the Salt attribute when the associated hash is set.