[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: 'password' command in GRUB 2?
|
From: |
Vladimir 'phcoder' Serbinenko |
|
Subject: |
Re: Re[2]: 'password' command in GRUB 2? |
|
Date: |
Sun, 26 Jul 2009 18:20:03 +0200 |
>> If I remember correctly, I had improved on the first patch to include
>> most of the remarks. I'll have a look if I can find back the modified
>> patch, and send it to the list for anyone to have it.
>>
>
> What is with his patch? Shouldn't we just send him an assigment?
> Adrian (the author of SGD) just mentioned on IRC that everyone tells him
> grub2 won't be used widely by distros without password support.
Yes. It's important. Quick look shows that this patch mainly deals
with passwords and totally neglects authentication framework. While it
already does password protection if later we want to extend support to
new primitives or even just. Once we have the framework implementing
particular authentication will be easy
>
> So it seems this is important to people.
> I try to look into this but I have the feeling that I'm not really the
> right person for this. Especially when we want something complete and
> extensible etc.
>
I think you underestimate yourself. Especially if we agree on function
propotypes you are completely able to implement. Discussing on IRC I
formulated 3 criteria which our system must satisfy:
(1) you can't access shell without authenticating as "superuser".
(2) boot some entries without authenticating as one of users (list of
allowed users may differ per menuentry)
(3) new autentication schemes (e.g. ssh keys) should be implementable as modules
I propose following implementation guidelines:
Syntax:
set superusers=root,gnu
password root "GRUB"
md5_password operator $MD5$MD5$MD5
fingeprint gnu /gnu.fp
menuentry "single mode" --users root,operator {
....
}
Wher user tries to authenticate GRUB2 will ask him login and then call
a function from module
Prototypes:
grub_err_t grub_auth_register_authentication (const char *user,
grub_err_t (*callback) (const char*, void *), void *arg);
this will ask to call callback if login is USER.
grub_err_t grub_auth_authenticate (const char *user);
grub_err_t grub_auth_deauthenticate (const char *user);
grub_err_t grub_auth_check_authentication (const char *userlist);
grub_auth_check_authentication will output login prompt if no user
from userlist is already authenticated
> --
> Felix Zielcke
> Proud Debian Maintainer
>
>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
--
Regards
Vladimir 'phcoder' Serbinenko
Personal git repository: http://repo.or.cz/w/grub2/phcoder.git