[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: 'password' command in GRUB 2?
From: |
Robert Millan |
Subject: |
Re: Re[2]: 'password' command in GRUB 2? |
Date: |
Wed, 19 Aug 2009 17:08:48 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Sun, Jul 26, 2009 at 06:20:03PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> I think you underestimate yourself. Especially if we agree on function
> propotypes you are completely able to implement. Discussing on IRC I
> formulated 3 criteria which our system must satisfy:
> (1) you can't access shell without authenticating as "superuser".
> (2) boot some entries without authenticating as one of users (list of
> allowed users may differ per menuentry)
> (3) new autentication schemes (e.g. ssh keys) should be implementable as
> modules
>
> I propose following implementation guidelines:
> Syntax:
> set superusers=root,gnu
> password root "GRUB"
> md5_password operator $MD5$MD5$MD5
> fingeprint gnu /gnu.fp
> menuentry "single mode" --users root,operator {
> ....
> }
>
> Wher user tries to authenticate GRUB2 will ask him login and then call
> a function from module
>
> Prototypes:
> grub_err_t grub_auth_register_authentication (const char *user,
> grub_err_t (*callback) (const char*, void *), void *arg);
> this will ask to call callback if login is USER.
> grub_err_t grub_auth_authenticate (const char *user);
> grub_err_t grub_auth_deauthenticate (const char *user);
> grub_err_t grub_auth_check_authentication (const char *userlist);
>
> grub_auth_check_authentication will output login prompt if no user
> from userlist is already authenticated
I agree with this proposal in general. Except with the concept of "users",
which I think might be overkill. GRUB is not a Un*x with its /home and
per-user settings. These passwords just protect resources, so I'm not sure
if there's a point in managing users as an intermediate layer between
passwords and the restricted resource.
What does everyone else think?
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
- Re: Re[2]: 'password' command in GRUB 2?,
Robert Millan <=
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/20
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/21
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/22
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/23
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Felix Zielcke, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/25