Re: Re[2]: 'password' command in GRUB 2?

[Vladimir 'phcoder' Serbinenko]

On Wed, Aug 19, 2009 at 5:08 PM, Robert Millan<address@hidden> wrote:
>
> I agree with this proposal in general.  Except with the concept of "users",
> which I think might be overkill.  GRUB is not a Un*x with its /home and
> per-user settings.  These passwords just protect resources, so I'm not sure
> if there's a point in managing users as an intermediate layer between
> passwords and the restricted resource.
The concept of users allows to use other authentication methods then
password. Consider a possibility of fingerprint authentications. 2
users needing superuser privilegies can share the same password but
have trouble sharing fingerprints. Another possibility is LUKS
authentication - user is considered ok if his password unlocks the
slot number N. If we ask users to share the same keyslot on luks we
get in the way of luks keyphrase revocation.
Additionally this simplifies the configuration as you don't need to
write password at every menuentry directive.
While the concept of users isn't strictly necessary it allows easy
management of multiple authentication methods and is really helpful
even  for just managing multiple passwords
>
> What does everyone else think?
>
> --
> Robert Millan
>
>  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
>  how) you may access your data; but nobody's threatening your freedom: we
>  still allow you to remove your data and not access it at all."
>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel
>



-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git