From owner-freebsd-questions  Sat Apr 28 18:36: 3 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from Ion.var.cx (e166066.upc-e.chello.nl [213.93.166.66])
	by hub.freebsd.org (Postfix) with ESMTP id 5EF2837B423
	for <questions@freebsd.org>; Sat, 28 Apr 2001 18:36:00 -0700 (PDT)
	(envelope-from fvw@var.cx)
Received: from Hypnos.var.cx (IDENT:root@hypnos [192.168.0.2])
	by Ion.var.cx (8.9.3/8.9.3) with ESMTP id DAA07566;
	Sun, 29 Apr 2001 03:35:59 +0200
Received: (from fvw@localhost)
	by Hypnos.var.cx (8.9.3/8.9.3) id DAA04226;
	Sun, 29 Apr 2001 03:36:08 +0200
Date: Sun, 29 Apr 2001 03:36:08 +0200
From: Frank v Waveren <fvw@var.cx>
To: Mike Meyer <mwm@mired.org>
Cc: questions@freebsd.org
Subject: Re: securing the bootup sequence
Message-ID: <20010429033608.A4161@var.cx>
References: <27431173@toto.iv> <15083.17376.926579.60552@guru.mired.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <15083.17376.926579.60552@guru.mired.org>; from mwm@mired.org on Sat, Apr 28, 2001 at 05:27:44PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Apr 28, 2001 at 05:27:44PM -0500, Mike Meyer wrote:
> You don't *have* to use boot0. You could, for instance, use a standard
> MBR to avoid that. Or any other boot loader. For instance, if you set
> up grub as recommended, it boots /boot/loader, thus skipping both
> boot0 and boot2.
Now why didn't I think of that.. *autolart*


> It's not 'set password=foo', it's just 'password="foo"' in
> /boot/loader.conf. It works fine for me. You could also try skipping
> /boot/loader and just loading the kernel, but there the loader
> apparently sets some stuff up that the running system needs.
I was under the impression that loader.rc was read before BTX went
into interactive mode aswell? After all, that's where the
check-password function is called... And loader.rc appears to use the
same syntax as at the BTX prompt, ie 'set password=test'. 
Anyway, setting the password in loader.conf does work, so I'm happy.

> Well, you still can't make it perfect - but there's no reason not to
> make it as hard as possible.
My point exactly, thanks for your help! I'll forward your message to
the person whose question I'd found...

-- 
Frank v Waveren                                      Fingerprint: 0EDB 8787
fvw@[var.cx|dse.nl|stack.nl|chello.nl] ICQ#10074100     09B9 6EF5 6425 B855
Public key: http://www.var.cx/pubkey/fvw@var.cx-gpg     7179 3036 E136 B85D


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message