|
|
Re: Re[2]: 'password' command in GRUB 2?: msg#00518grub-devel-gnu
On Sun, Jul 26, 2009 at 6:20 PM, Vladimir 'phcoder' Serbinenko<phcoder@xxxxxxxxx> wrote: >>> If I remember correctly, I had improved on the first patch to include >>> most of the remarks. I'll have a look if I can find back the modified >>> patch, and send it to the list for anyone to have it. >>> >> >> What is with his patch? Shouldn't we just send him an assigment? >> Adrian (the author of SGD) just mentioned on IRC that everyone tells him >> grub2 won't be used widely by distros without password support. > Yes. It's important. Quick look shows that this patch mainly deals > with passwords and totally neglects authentication framework. While it > already does password protection if later we want to extend support to > new primitives or even just. Once we have the framework implementing > particular authentication will be easy >> >> So it seems this is important to people. >> I try to look into this but I have the feeling that I'm not really the >> right person for this. Especially when we want something complete and >> extensible etc. >> > I think you underestimate yourself. Especially if we agree on function > propotypes you are completely able to implement. Discussing on IRC I > formulated 3 criteria which our system must satisfy: > (1) you can't access shell without authenticating as "superuser". > (2) boot some entries without authenticating as one of users (list of > allowed users may differ per menuentry) > (3) new autentication schemes (e.g. ssh keys) should be implementable as > modules > > I propose following implementation guidelines: > Syntax: > set superusers=root,gnu > password root "GRUB" > md5_password operator $MD5$MD5$MD5 > fingeprint gnu /gnu.fp > menuentry "single mode" --users root,operator { > .... > } > > Wher user tries to authenticate GRUB2 will ask him login and then call > a function from module > > Prototypes: > grub_err_t grub_auth_register_authentication (const char *user, > grub_err_t (*callback) (const char*, void *), void *arg); > this will ask to call callback if login is USER. > grub_err_t grub_auth_authenticate (const char *user); > grub_err_t grub_auth_deauthenticate (const char *user); > grub_err_t grub_auth_check_authentication (const char *userlist); > > grub_auth_check_authentication will output login prompt if no user > from userlist is already authenticated As agreed with Felix I implemented the framework. See attached patch >> -- >> Felix Zielcke >> Proud Debian Maintainer >> >> >> >> _______________________________________________ >> Grub-devel mailing list >> Grub-devel@xxxxxxx >> http://lists.gnu.org/mailman/listinfo/grub-devel >> > > > > -- > Regards > Vladimir 'phcoder' Serbinenko > > Personal git repository: http://repo.or.cz/w/grub2/phcoder.git > -- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
Grub-devel mailing list Grub-devel@xxxxxxx http://lists.gnu.org/mailman/listinfo/grub-devel
|
|
||||||||||||||||||||||||||
| News | Mail Home | sitemap | FAQ | advertise |
