[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: 'password' command in GRUB 2?
|
From: |
Vladimir 'phcoder' Serbinenko |
|
Subject: |
Re: Re[2]: 'password' command in GRUB 2? |
|
Date: |
Sun, 26 Jul 2009 23:29:01 +0200 |
On Sun, Jul 26, 2009 at 6:20 PM, Vladimir 'phcoder'
Serbinenko<address@hidden> wrote:
>>> If I remember correctly, I had improved on the first patch to include
>>> most of the remarks. I'll have a look if I can find back the modified
>>> patch, and send it to the list for anyone to have it.
>>>
>>
>> What is with his patch? Shouldn't we just send him an assigment?
>> Adrian (the author of SGD) just mentioned on IRC that everyone tells him
>> grub2 won't be used widely by distros without password support.
> Yes. It's important. Quick look shows that this patch mainly deals
> with passwords and totally neglects authentication framework. While it
> already does password protection if later we want to extend support to
> new primitives or even just. Once we have the framework implementing
> particular authentication will be easy
>>
>> So it seems this is important to people.
>> I try to look into this but I have the feeling that I'm not really the
>> right person for this. Especially when we want something complete and
>> extensible etc.
>>
> I think you underestimate yourself. Especially if we agree on function
> propotypes you are completely able to implement. Discussing on IRC I
> formulated 3 criteria which our system must satisfy:
> (1) you can't access shell without authenticating as "superuser".
> (2) boot some entries without authenticating as one of users (list of
> allowed users may differ per menuentry)
> (3) new autentication schemes (e.g. ssh keys) should be implementable as
> modules
>
> I propose following implementation guidelines:
> Syntax:
> set superusers=root,gnu
> password root "GRUB"
> md5_password operator $MD5$MD5$MD5
> fingeprint gnu /gnu.fp
> menuentry "single mode" --users root,operator {
> ....
> }
>
> Wher user tries to authenticate GRUB2 will ask him login and then call
> a function from module
>
> Prototypes:
> grub_err_t grub_auth_register_authentication (const char *user,
> grub_err_t (*callback) (const char*, void *), void *arg);
> this will ask to call callback if login is USER.
> grub_err_t grub_auth_authenticate (const char *user);
> grub_err_t grub_auth_deauthenticate (const char *user);
> grub_err_t grub_auth_check_authentication (const char *userlist);
>
> grub_auth_check_authentication will output login prompt if no user
> from userlist is already authenticated
As agreed with Felix I implemented the framework. See attached patch
>> --
>> Felix Zielcke
>> Proud Debian Maintainer
>>
>>
>>
>> _______________________________________________
>> Grub-devel mailing list
>> address@hidden
>> http://lists.gnu.org/mailman/listinfo/grub-devel
>>
>
>
>
> --
> Regards
> Vladimir 'phcoder' Serbinenko
>
> Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
>
--
Regards
Vladimir 'phcoder' Serbinenko
Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
auth.diff
Description: Text document