Previous Topic

Next Topic


The MOD_TWOFACTOR_SETTINGS command is used to modify the Two-Factor Authentication settings on the iLO 3. For this command to parse correctly, the MOD_TWOFACTOR_SETTINGS command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. You must have the configure RILOE II privilege to execute this command. Changing the value of AUTH_TWOFACTOR_ENABLE will cause the iLO 3 to reset for the new setting to take effect.

NOTE: The GET_TWOFACTOR_SETTINGS and MOD_TWOFACTOR_SETTINGS commands are supported with iLO firmware version 1.80 and above and with iLO 2 firmware version 1.10 and above. iLO 1.80 requires CPQLOCFG version 2.24, and iLO 1.10 requires CPQLOCFG version 2.25.

A Trusted CA Certificate is required for Two-Factor Authentication to function. The iLO 3 will not allow the AUTH_TWOFACTOR_ENABLE setting to be set to Yes if a Trusted CA certificate has not been configured. Also, a client certificate must be mapped to a local user account if local user accounts are being used. If the iLO 3 is using directory authentication, client certificate mapping to local user accounts is optional.

To provide the necessary security, the following configuration changes are made when Two-Factor Authentication is enabled:

If telnet, SSH or Serial CLI access is required, re-enable these settings after Two-Factor Authentication is enabled. However, because these access methods do not provide a means of Two-Factor Authentication, only a single factor is required to access the iLO 3 with telnet, SSH, or serial CLI.

When Two-Factor Authentication is enabled, access with the CPQLOCFG utility is disabled because CPQLOCFG does not supply all authentication requirements. However, the HPONCFG utility is functional, since administrator privileges on the host system are required to execute this utility.