Date: Thu, 23 Nov 2006 16:20:04 +0100 From: Michal Mertl <mime@traveller.cz> To: VeeJay <maanjee@gmail.com> Cc: Olivier Nicole <on@cs.ait.ac.th>, jerrymc@msu.edu, freebsd-questions@freebsd.org Subject: Re: Password Security Message-ID: <1164295204.1755.31.camel@genius.i.cz> In-Reply-To: <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
VeeJay wrote: > On 11/23/06, Olivier Nicole <on@cs.ait.ac.th> wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Not much. Default FreeBSD install has two more places where one can influence booting with console access - boot blocks and loader. To disable the access to OK prompt of boot blocks create file /boot.config with '-n'. To disable access to loader put autoboot_delay="-1" and beastie_disable=YES into /boot/loader.conf. You can also instead put password=... into it and the loader will then require password to allow access to it. Michal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1164295204.1755.31.camel>