diff options
Diffstat (limited to 'usr/src/man/man5/check-password.4th.5')
| -rw-r--r-- | usr/src/man/man5/check-password.4th.5 | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/usr/src/man/man5/check-password.4th.5 b/usr/src/man/man5/check-password.4th.5 new file mode 100644 index 0000000000..3446df9799 --- /dev/null +++ b/usr/src/man/man5/check-password.4th.5 @@ -0,0 +1,130 @@ +.\" Copyright (c) 2011-2015 Devin Teske +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd Apr 22, 2017 +.Dt CHECK-PASSWORD.4TH 5 +.Os +.Sh NAME +.Nm check-password.4th +.Nd loader password-checking boot module +.Sh DESCRIPTION +The file that goes by the name of +.Nm +is a set of commands designed to do one or more of the following: +.Pp +.Dl o Prevent booting without password +.Dl o Prevent modification of boot options without password +.Pp +The commands of +.Nm +by themselves are not enough for most uses. +Please refer to the +examples below for the most common situations, and to +.Xr loader 5 +for additional commands. +.Pp +Before using any of the commands provided in +.Nm , +it must be included +through the command: +.Pp +.Dl include check-password.4th +.Pp +This line is present in +.Pa /boot/forth/loader.4th +file, so it is not needed (and should not be re-issued) in a normal setup. +.Pp +The commands provided by it are: +.Pp +.Bl -tag -width disable-module_module -compact -offset indent +.It Ic check-password +Multi-purpose function that can protect the interactive boot menu, +prevent boot without password +.Pq depending on Xr loader.conf 4 settings . +.Pp +First checks +.Va bootlock_password +and if-set, the user cannot continue until the correct password is entered. +.Pp +Last, checks +.Va password +and if-set, tries to +.Ic autoboot +and only prompts for password on failure or user-interrupt. +See +.Xr loader.conf 4 +for additional information. +.El +.Pp +The environment variables that effect its behavior are: +.Bl -tag -width bootlock_password -offset indent +.It Va bootlock_password +Sets the bootlock password (up to 16 characters long) that is required by +.Ic check-password +to be entered before the system is allowed to boot. +.It Va password +Sets the password (up to 16 characters long) that is required by +.Ic check-password +before the user is allowed to visit the boot menu. +.El +.Sh FILES +.Bl -tag -width /boot/forth/check-password.4th -compact +.It Pa /boot/zfsloader +The +.Xr zfsloader 5 . +.It Pa /boot/forth/check-password.4th +.Nm +itself. +.It Pa /boot/loader.rc +.Xr loader 5 +bootstrapping script. +.El +.Sh EXAMPLES +Standard i386 +.Pa /boot/loader.rc : +.Pp +.Bd -literal -offset indent -compact +include /boot/forth/loader.4th +check-password +.Ed +.Pp +Set a password in +.Xr loader.conf 4 +to prevent modification of boot options: +.Pp +.Bd -literal -offset indent -compact +password="abc123" +.Ed +.Pp +Set a password in +.Xr loader.conf 4 +to prevent booting without password: +.Pp +.Bd -literal -offset indent -compact +bootlock_password="boot" +.Ed +.Sh SEE ALSO +.Xr loader.conf 4 , +.Xr loader 5 , +.Xr loader.4th 5 |