• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: check-password.4th.8.pdf

CHECK-PASSWORD.4TH(8) FreeBSD System Manager's Manual CHECK-PASSWORD.4TH(8)
NAME check-password.4th - FreeBSD password-checking boot module
DESCRIPTION The file that goes by the name of check-password.4th is a set of commands designed to do one or more of the following:
o Prevent booting without password o Prevent modification of boot options without password o Provide a password to mount geli(8) encrypted root disk(s)
The commands of check-password.4th by themselves are not enough for most uses. Please refer to the examples below for the most common situations, and to loader(8) for additional commands.
Before using any of the commands provided in check-password.4th, it must be included through the command:
include check-password.4th
This line is present in /boot/loader.4th file, so it is not needed (and should not be re-issued) in a normal setup.
The commands provided by it are:
check-password Multi-purpose function that can protect the interactive boot menu, prevent boot without password, or prompt for geli(8) passphrase (depending on loader.conf(5) settings).
First checks bootlock_password and if-set, the user cannot continue until the correct password is entered.
Next, checks geom_eli_passphrase_prompt and if set to YES (case-insensitive) prompts the user to enter their GELI password for later mounting of the root device(s) during boot.
Last, checks password and if-set, tries to autoboot and only prompts for password on failure or user-interrupt. See loader.conf(5) for additional information.
The environment variables that effect its behavior are:
bootlock_password Sets the bootlock password (up to 255 characters long) that is required by check-password to be entered before the system is allowed to boot.
geom_eli_passphrase_prompt Selects whether loader(8) will prompt for GELI credentials, handing-off to the kernel for later mounting of geli(8) encrypted root device(s).
password Sets the password (up to 255 characters long) that is required by check-password before the
EXAMPLES Standard i386 /boot/loader.rc:
include /boot/loader.4th check-password
Set a password in loader.conf(5) to prevent modification of boot options:
password="abc123"
Set a password in loader.conf(5) to prevent booting without password:
bootlock_password="boot"
Add the following to loader.conf(5) to generate a prompt at boot to collect GELI credentials for mounting geli(8) encrypted root device(s):
geom_eli_passphrase_prompt="YES"
SEE ALSO loader.conf(5), loader(8), loader.4th(8)
HISTORY The check-password.4th set of commands first appeared in FreeBSD 9.0.
AUTHORS The check-password.4th set of commands was written by Devin Teske <dteske@FreeBSD.org>.
FreeBSD 14.0-RELEASE-p11 June 24, 2018 FreeBSD 14.0-RELEASE-p11