loader and password

[donxc]

I have tried to add password to boot sequence:
in loader.conf password="mysecret"

According to man page for loader.conf:

All settings have the following format:
variable="value"

and

password Provides a password to be required by check-password before
execution is allowed to continue.

When I do this and reboot, it bypasses menu screen altogether and boots automatically. I have beastie enabled.
This occurs on 6.4 and 7.1 systems both upgraded this week.

Am I missing something?

 

[LateNiteTV]

i dont have the answer to your question bc i genuinely dont know, but what about setting a bios passwd?
or maybe using geli to encrypt your system.

 

[donxc]

Really just want to know if I have messed this up or if there is a problem with the function.

 

[ale]

Really just want to know if I have messed this up or if there is a problem with the function.

I've tested it time ago on qemu. I can't remeber the version, probably the last 8.0 snapshot, and I saw the same.

 

[fronclynne]

How curious. I just tested it, and indeed, it skips the loader menu but never asks for a password.

Time to file a PR?

 

[DutchDaemon]

Ah, I missed that bit in the original post. Really? It doesn't ask for that password at all and continues straight on to multiuser boot? How curious.

 

[donxc]

Ah, I missed that bit in the original post. Really? It doesn't ask for that password at all and continues straight on to multiuser boot?

That is correct.

I haven't used this since 4.(X) but it did work then.

 

[arp242]

It works fine for me on two FreeBSD 7 systems and a FreeBSD 6 system.

IIRC this feature does not work with the Beastie menu enabled, try disabling the beastie menu by adding:

beastie_disable="YES"

To /boot/loader.conf

Note that the password is only asked when you want to enter the loader command prompt, not when booting the system without interruption.

 

[donxc]

---

Note that the password is only asked when you want to enter the loader command prompt, not when booting the system without interruption.

OK, I was misinterpreting the intention of password here.
Have some playing to do.

Thanks for the insight.

 

[Nokobon]

So is there any way to set a password for booting the system by default?

 

[arp242]

You can use the BIOS password.
You can also set `console' to `insecure' in /etc/ttys, root password will be asked when entering single user mode.
Also, you may have noticed FreeBSD asks for the password after startup

 

[Nokobon]

You can use the BIOS password.
You can also set `console' to `insecure' in /etc/ttys, root password will be asked when entering single user mode.
Also, you may have noticed FreeBSD asks for the password after startup

Hehe, you're right. So such a password to protect just the default startup would be senseless

I thought of a password for every bootoption...a password to enter the FreeBSD boot screen.
But I see, in this case the BIOS-password would have the same effect...

 

[swills@]

Note that none of these options prevent someone from taking the hard drive out and reading your data off. You might consider using geli to prevent that.