GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CHECK-PASSWORD.4TH(8) FreeBSD System Manager's Manual CHECK-PASSWORD.4TH(8)

check-password.4th
FreeBSD password-checking boot module

The file that goes by the name of check-password.4th is a set of commands designed to do one or more of the following:

o Prevent booting without password
o Prevent modification of boot options without password
o Provide a password to mount geli(8) encrypted root disk(s)

The commands of check-password.4th by themselves are not enough for most uses. Please refer to the examples below for the most common situations, and to loader(8) for additional commands.

Before using any of the commands provided in check-password.4th, it must be included through the command:

include check-password.4th

This line is present in /boot/loader.4th file, so it is not needed (and should not be re-issued) in a normal setup.

The commands provided by it are:

Multi-purpose function that can protect the interactive boot menu, prevent boot without password, or prompt for geli(8) passphrase (depending on loader.conf(5) settings).

First checks bootlock_password and if-set, the user cannot continue until the correct password is entered.

Next, checks geom_eli_passphrase_prompt and if set to YES (case-insensitive) prompts the user to enter their GELI password for later mounting of the root device(s) during boot.

Last, checks password and if-set, tries to autoboot and only prompts for password on failure or user-interrupt. See loader.conf(5) for additional information.

The environment variables that effect its behavior are:

bootlock_password
Sets the bootlock password (up to 255 characters long) that is required by check-password to be entered before the system is allowed to boot.
geom_eli_passphrase_prompt
Selects whether loader(8) will prompt for GELI credentials, handing-off to the kernel for later mounting of geli(8) encrypted root device(s).
password
Sets the password (up to 255 characters long) that is required by check-password before the user is allowed to visit the boot menu.

/boot/loader
The loader(8).
/boot/check-password.4th
check-password.4th itself.
/boot/loader.rc
loader(8) bootstrapping script.

Standard i386 /boot/loader.rc: 

include /boot/loader.4th
check-password

Set a password in loader.conf(5) to prevent modification of boot options:

password="abc123"

Set a password in loader.conf(5) to prevent booting without password:

bootlock_password="boot"

Add the following to loader.conf(5) to generate a prompt at boot to collect GELI credentials for mounting geli(8) encrypted root device(s):

geom_eli_passphrase_prompt="YES"

loader.conf(5), loader(8), loader.4th(8)

The check-password.4th set of commands first appeared in FreeBSD 9.0.

The check-password.4th set of commands was written by Devin Teske ⟨dteske@FreeBSD.org⟩.
June 24, 2018 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.