From owner-freebsd-questions@FreeBSD.ORG  Sat Nov 27 20:43:46 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C54416A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Nov 2004 20:43:46 +0000 (GMT)
Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net
	[66.167.251.6])	by mx1.FreeBSD.org (Postfix) with ESMTP id 392D143D5F
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Nov 2004 20:43:46 +0000 (GMT)
	(envelope-from wmoran@potentialtech.com)
Received: from working.potentialtech.com
	(pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by internet.potentialtech.com (Postfix) with ESMTP id 644F469A3F;
	Sat, 27 Nov 2004 15:43:45 -0500 (EST)
Date: Sat, 27 Nov 2004 15:43:44 -0500
From: Bill Moran <wmoran@potentialtech.com>
To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Message-Id: <20041127154344.633e80ce.wmoran@potentialtech.com>
In-Reply-To: <44llcn2fie.fsf@be-well.ilk.org>
References: <1101392541.29769.409.camel@localhost.localdomain>
	<41A8A94C.8070509@nbritton.org>
	<20041127131235.7025033b.wmoran@potentialtech.com>
	<44llcn2fie.fsf@be-well.ilk.org>
Organization: Potential Technologies
X-Mailer: Sylpheed version 0.9.99 (GTK+ 1.2.10; i386-portbld-freebsd4.10)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: Breaking password on FreeBSD 5.2.1 box
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Nov 2004 20:43:46 -0000

Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote:

> Bill Moran <wmoran@potentialtech.com> writes:
> 
> > Edit /etc/ttys and mark the console "insecure" and try it again.
> > 
> > You'll find you can't get in without the password when that change has
> > been made.  That configuration is the correct thing to do when you can't
> > guarantee the physical security of the machine.
> 
> To be more precise, it covers the case where the machine *is*
> physically secure, but its console is not.  Obviously, if the machine
> is sufficiently insecure that someone could boot off a floppy, it
> doesn't matter what /etc/ttys says.

Yeah, that's what I meant.

Thanks for clarifying my sloppy explanation.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com