xref: /illumos-gate/usr/src/man/man7/check-password.4th.7 (revision bbf215553c7233fbab8a0afdf1fac74c44781867)

.\" Copyright (c) 2011-2015 Devin Teske
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd July 20, 2018
.Dt CHECK-PASSWORD.4TH 7
.Os
.Sh NAME
.Nm check-password.4th
.Nd loader password-checking boot module
.Sh DESCRIPTION
The file that goes by the name of
.Nm
is a set of commands designed to do one or more of the following:
.Pp
.Dl o Prevent booting without password
.Dl o Prevent modification of boot options without password
.Pp
The commands of
.Nm
by themselves are not enough for most uses.
Please refer to the
examples below for the most common situations, and to
.Xr loader 7
for additional commands.
.Pp
Before using any of the commands provided in
.Nm ,
it must be included
through the command:
.Pp
.Dl include check-password.4th
.Pp
This line is present in
.Pa /boot/forth/loader.4th
file, so it is not needed (and should not be re-issued) in a normal setup.
.Pp
The commands provided by it are:
.Pp
.Bl -tag -width disable-module_module -compact -offset indent
.It Ic check-password
Multi-purpose function that can protect the interactive boot menu,
prevent boot without password
.Pq depending on Xr loader.conf 5 settings .
.Pp
First checks
.Va bootlock_password
and if-set, the user cannot continue until the correct password is entered.
.Pp
Last, checks
.Va password
and if-set, tries to
.Ic autoboot
and only prompts for password on failure or user-interrupt.
See
.Xr loader.conf 5
for additional information.
.El
.Pp
The environment variables that effect its behavior are:
.Bl -tag -width bootlock_password -offset indent
.It Va bootlock_password
Sets the bootlock password (up to 16 characters long) that is required by
.Ic check-password
to be entered before the system is allowed to boot.
.It Va password
Sets the password (up to 16 characters long) that is required by
.Ic check-password
before the user is allowed to visit the boot menu.
.El
.Sh FILES
.Bl -tag -width /boot/forth/check-password.4th -compact
.It Pa /boot/loader
The
.Xr loader 7 .
.It Pa /boot/forth/check-password.4th
.Nm
itself.
.It Pa /boot/loader.rc
.Xr loader 7
bootstrapping script.
.El
.Sh EXAMPLES
Standard i386
.Pa /boot/loader.rc :
.Pp
.Bd -literal -offset indent -compact
include /boot/forth/loader.4th
check-password
.Ed
.Pp
Set a password in
.Xr loader.conf 5
to prevent modification of boot options:
.Pp
.Bd -literal -offset indent -compact
password="abc123"
.Ed
.Pp
Set a password in
.Xr loader.conf 5
to prevent booting without password:
.Pp
.Bd -literal -offset indent -compact
bootlock_password="boot"
.Ed
.Sh SEE ALSO
.Xr loader.conf 5 ,
.Xr loader 7 ,
.Xr loader.4th 7