View previous topic :: View next topic |
Author |
Message |
scocou Apprentice
Joined: 16 Aug 2002 Posts: 184 Location: Pacific NW, Canada
|
Posted: Sat Mar 15, 2003 4:16 am Post subject: create crypt'd GRUB passwd? |
|
|
http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap3 wrote: | Grub supports 2 different ways of adding password restriction to its configuration file (/boot/grub/menu.1st). One with plain text password and one with md5+salt encryption.
Code listing 3.2: /boot/grub/menu.lst
timeout 5
password changeme
This will add the password changeme and if no password is entered simply use the default boot setting. When adding a md5 password, you need to convert the password into crypt format (man crypt) which is the same format as the shadow file. For example could the encrypted password changeme look like this $1$T7/dgdIJ$dJM.n2wZ8RG.oEiIOwJUs.
Or this:
Code listing 3.3: /boot/grub/menu.lst
timeout 5
password --md5 $1$T7/dgdIJ$dJM.n2wZ8RG.oEiIOwJUs. | oK, I grok all that and have decided to use an encrypted passwd for GRUB. As suggested I man'd crypt and studied the contents, and experienced no obvious confustications . Somehow I still don't understand how to make a md5+salt hash of my passwd as described in the example. Could someone describe (precisely) how to actually produce the sample given above, or generally how to Quote: | convert the password into crypt format (man crypt) which is the same format as the shadow file | I feel this is a crucial bit of knowledge and am eager to get a handle on it, so thanks in advance
PS I know I could probably man grub and comb through it, but meh, what'r ya gonna do? |
|
Back to top |
|
|
alexod n00b
Joined: 15 Mar 2003 Posts: 69
|
Posted: Sat Mar 15, 2003 9:55 am Post subject: grub-md5-crypt |
|
|
try /sbin/grub-md5-crypt |
|
Back to top |
|
|
scocou Apprentice
Joined: 16 Aug 2002 Posts: 184 Location: Pacific NW, Canada
|
Posted: Sat Mar 15, 2003 8:14 pm Post subject: |
|
|
I couldn't have asked for a more concise answer Thanks very much! Maybe this command should be mentioned in the doc I was reading (unless it is and I missed it)... EDIT: I really should have done 'info grub' as suggested in the doc, as I see it explained what to do clearly. Now I feel dumb |
|
Back to top |
|
|
|