| check-password.4th.8 (238431) | check-password.4th.8 (244158) |
|---|---|
| 1.\" Copyright (c) 2011 Devin Teske | 1.\" Copyright (c) 2011-2012 Devin Teske |
| 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright --- 7 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright --- 7 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" |
| 25.\" $FreeBSD: head/sys/boot/forth/check-password.4th.8 238431 2012-07-14 01:45:35Z dteske $ | 25.\" $FreeBSD: head/sys/boot/forth/check-password.4th.8 244158 2012-12-12 17:49:01Z dteske $ |
| 26.\" | 26.\" |
| 27.Dd May 18, 2011 | 27.Dd December 10, 2012 |
| 28.Dt CHECK-PASSWORD.4TH 8 29.Os 30.Sh NAME 31.Nm check-password.4th 32.Nd FreeBSD password-checking boot module 33.Sh DESCRIPTION 34The file that goes by the name of 35.Nm | 28.Dt CHECK-PASSWORD.4TH 8 29.Os 30.Sh NAME 31.Nm check-password.4th 32.Nd FreeBSD password-checking boot module 33.Sh DESCRIPTION 34The file that goes by the name of 35.Nm |
| 36is a set of commands designed to prevent booting without the proper password. | 36is a set of commands designed to either prevent booting or prevent modification 37of boot options without an appropriately configured password. |
| 37The commands of 38.Nm 39by themselves are not enough for most uses. 40Please refer to the 41examples below for the most common situations, and to 42.Xr loader 8 43for additional commands. 44.Pp --- 7 unchanged lines hidden (view full) --- 52This line is present in 53.Pa /boot/loader.4th 54file, so it is not needed (and should not be re-issued) in a normal setup. 55.Pp 56The commands provided by it are: 57.Pp 58.Bl -tag -width disable-module_module -compact -offset indent 59.It Ic check-password | 38The commands of 39.Nm 40by themselves are not enough for most uses. 41Please refer to the 42examples below for the most common situations, and to 43.Xr loader 8 44for additional commands. 45.Pp --- 7 unchanged lines hidden (view full) --- 53This line is present in 54.Pa /boot/loader.4th 55file, so it is not needed (and should not be re-issued) in a normal setup. 56.Pp 57The commands provided by it are: 58.Pp 59.Bl -tag -width disable-module_module -compact -offset indent 60.It Ic check-password |
| 60Once called, the user cannot continue until the correct password is entered. 61If the user enters the correct password the function returns. | 61Dual-purpose function that can either protect the interactive boot menu or 62prevent boot without password (separately). |
| 62.Pp | 63.Pp |
| 63The password that is required is configured by setting the 64.Ic password 65variable in 66.Xr loader.conf 5 . | 64First checks 65.Va bootlock_password 66and if-set, the user cannot continue until the correct password is entered. |
| 67.Pp | 67.Pp |
| 68Subsequent calls after a successful password 69has been entered will not cause reprompting 70\(em the function will silently return. | 68Next checks 69.Va password 70and if-set, tries to 71.Ic autoboot 72and only prompts for password on failure or user-interrupt. 73See 74.Xr loader.conf 5 75for additional information. |
| 71.El 72.Pp 73The environment variables that effect its behavior are: | 76.El 77.Pp 78The environment variables that effect its behavior are: |
| 74.Bl -tag -width bootfile -offset indent | 79.Bl -tag -width bootlock_password -offset indent 80.It Va bootlock_password 81Sets the bootlock password (up to 16 characters long) that is required by 82.Ic check-password 83to be entered before the system is allowed to boot. |
| 75.It Va password 76Sets the password (up to 16 characters long) that is required by 77.Ic check-password | 84.It Va password 85Sets the password (up to 16 characters long) that is required by 86.Ic check-password |
| 78to be entered before the system is allowed to boot. If unset (default) or NULL, 79.Ic check-password 80will silently abort. | 87before the user is allowed to visit the boot menu. |
| 81.El 82.Sh FILES | 88.El 89.Sh FILES |
| 83.Bl -tag -width /boot/loader.4th -compact | 90.Bl -tag -width /boot/check-password.4th -compact |
| 84.It Pa /boot/loader 85The 86.Xr loader 8 . 87.It Pa /boot/check-password.4th 88.Nm 89itself. 90.It Pa /boot/loader.rc 91.Xr loader 8 --- 4 unchanged lines hidden (view full) --- 96.Pa /boot/loader.rc : 97.Pp 98.Bd -literal -offset indent -compact 99include /boot/loader.4th 100check-password 101.Ed 102.Pp 103Set a password in | 91.It Pa /boot/loader 92The 93.Xr loader 8 . 94.It Pa /boot/check-password.4th 95.Nm 96itself. 97.It Pa /boot/loader.rc 98.Xr loader 8 --- 4 unchanged lines hidden (view full) --- 103.Pa /boot/loader.rc : 104.Pp 105.Bd -literal -offset indent -compact 106include /boot/loader.4th 107check-password 108.Ed 109.Pp 110Set a password in |
| 104.Xr loader.conf 5 : | 111.Xr loader.conf 5 112to prevent modification of boot options: |
| 105.Pp 106.Bd -literal -offset indent -compact 107password="abc123" 108.Ed | 113.Pp 114.Bd -literal -offset indent -compact 115password="abc123" 116.Ed |
| 117.Pp 118Set a password in 119.Xr loader.conf 5 120to prevent booting without password: 121.Pp 122.Bd -literal -offset indent -compact 123bootlock_password="boot" 124.Ed |
|
| 109.Sh SEE ALSO 110.Xr loader.conf 5 , 111.Xr loader 8 , 112.Xr loader.4th 8 113.Sh HISTORY 114The 115.Nm 116set of commands first appeared in 117.Fx 9.0 . 118.Sh AUTHORS 119The 120.Nm 121set of commands was written by 122.An -nosplit 123.An Devin Teske Aq dteske@FreeBSD.org . | 125.Sh SEE ALSO 126.Xr loader.conf 5 , 127.Xr loader 8 , 128.Xr loader.4th 8 129.Sh HISTORY 130The 131.Nm 132set of commands first appeared in 133.Fx 9.0 . 134.Sh AUTHORS 135The 136.Nm 137set of commands was written by 138.An -nosplit 139.An Devin Teske Aq dteske@FreeBSD.org . |