GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  CHECK-PASSWORD.4TH (8)

NAME

check-password.4th - FreeBSD password-checking boot module

CONTENTS

Description
Files
Examples
See Also
History
Authors

DESCRIPTION

The file that goes by the name of check-password.4th is a set of commands designed to do one or more of the following:

    o Prevent booting without password

    o Prevent modification of boot options without password

    o Provide a password to mount geli(8) encrypted root disk(s)

The commands of check-password.4th by themselves are not enough for most uses. Please refer to the examples below for the most common situations, and to loader(8) for additional commands.

Before using any of the commands provided in check-password.4th, it must be included through the command:

    include check-password.4th

This line is present in /boot/loader.4th file, so it is not needed (and should not be re-issued) in a normal setup.

The commands provided by it are:

check-password Multi-purpose function that can protect the interactive boot menu, prevent boot without password, or prompt for geli(8) passphrase (depending on loader.conf 5 settings).

First checks bootlock_password and if-set, the user cannot continue until the correct password is entered.

Next, checks geom_eli_passphrase_prompt and if set to YES (case-insensitive) prompts the user to enter their GELI password for later mounting of the root device(s) during boot.

Last, checks password and if-set, tries to autoboot and only prompts for password on failure or user-interrupt. See loader.conf(5) for additional information.

The environment variables that effect its behavior are:
bootlock_password
  Sets the bootlock password (up to 16 characters long) that is required by check-password to be entered before the system is allowed to boot.
geom_eli_passphrase_prompt
  Selects whether loader(8) will prompt for GELI credentials, handing-off to the kernel for later mounting of geli(8) encrypted root device(s).
password Sets the password (up to 16 characters long) that is required by check-password before the user is allowed to visit the boot menu.

FILES

/boot/loader The loader(8).
/boot/check-password.4th
  check-password.4th itself.
/boot/loader.rc loader(8) bootstrapping script.

EXAMPLES

Standard i386 /boot/loader.rc:

include /boot/loader.4th
check-password

Set a password in loader.conf(5) to prevent modification of boot options:

password="abc123"

Set a password in loader.conf(5) to prevent booting without password:

bootlock_password="boot"

Add the following to loader.conf(5) to generate a prompt at boot to collect GELI credentials for mounting geli(8) encrypted root device(s):

geom_eli_passphrase_prompt="YES"

SEE ALSO

loader.conf(5), loader(8), loader.4th(8)

HISTORY

The check-password.4th set of commands first appeared in
.Fx 9.0 .

AUTHORS

The check-password.4th set of commands was written by
.An -nosplit
.An Devin Teske Aq dteske@FreeBSD.org .
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.