From owner-freebsd-questions@freebsd.org  Fri Oct  2 22:14:47 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CBDDA0E680
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri,  2 Oct 2015 22:14:47 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E54EA18FC
 for <freebsd-questions@freebsd.org>; Fri,  2 Oct 2015 22:14:46 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de (port-92-195-125-111.dynamic.qsc.de
 [92.195.125.111])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id 03FEF2782C;
 Sat,  3 Oct 2015 00:14:44 +0200 (CEST)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id t92MEiut002221;
 Sat, 3 Oct 2015 00:14:44 +0200 (CEST)
 (envelope-from freebsd@edvax.de)
Date: Sat, 3 Oct 2015 00:14:44 +0200
From: Polytropon <freebsd@edvax.de>
To: "Moreno Carullo" <moreno.carullo@nozominetworks.com>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Console -- insecure settings
Message-Id: <20151003001444.20266a03.freebsd@edvax.de>
In-Reply-To: <op.x5voaws7g7njmm@workstation>
References: <C7226F48-6CAB-4C42-A0F9-33A306B1EF16@nozominetworks.com>
 <20151002112101.GA95004@eris.bzerk.org>
 <op.x5voaws7g7njmm@workstation>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 22:14:47 -0000

On Fri, 02 Oct 2015 14:14:42 +0200, Michael Ross wrote:
> Am .10.2015, 13:21 Uhr, schrieb Ruben de Groot <mail25@bzerk.org>:
> 
> > On Fri, Oct 02, 2015 at 10:32:48AM +0000, Moreno Carullo typed:
> >> Hi all,
> >>
> >> I would like to set the console as insecure as documented here:
> >> https://www.freebsd.org/doc/handbook/boot-introduction.html
> >>
> >> the issue is that the system seems to ignore the setting, as the single  
> >> user mode does NOT prompt for password.
> >
> > I think the documentation is wrong, because /etc/ttys is read by init,  
> > and init doesn't run in single user mode.
> > Single user mode means /bin/sh replaces init.
> 
> I tried this here just now, and having set "console" to "insecure",
> the system prompts for the root password as documented.
> 
> 10.1-RELEASE-p10

In worst case, check out "man 5 loader.conf" on how to require
an earlier-stage password (for the boot loader); see the "password"
and "bootlock_password" options for /boot/loader.conf.




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...