Added MD5 passwords and extended the password command.

2000-10-17 13:37:27 +00:00 · 2000-10-17 13:37:27 +00:00 · 2315cb466c
commit 2315cb466c
parent 19a2446669
15 changed files with 672 additions and 133 deletions
--- a/docs/tutorial.texi
+++ b/docs/tutorial.texi
@ -979,11 +979,13 @@ run the command @command{password} in your configuration file, like
 this:

@example
-password PASSWORD
+password --md5 PASSWORD
@end example

 If this is specified, GRUB disallows any interactive control, until you
-press the key @key{p} and enter @samp{PASSWORD}.
+press the key @key{p} and enter @samp{PASSWORD}.  The option
+@option{--md5} tells GRUB that @samp{PASSWORD} is in md5 format.  If it
+is omitted grub assumes the @samp{PASSWORD} is in clear text.

 Also, you can specify an optional argument to @command{password}. See
 this example:
@ -1000,9 +1002,8 @@ menu entry. Usually, this wouldn't be problematic, but you might want to
 permit only administrators to run some of your menu entries, such as an
 entry for booting an insecure OS like DOS.

-The solution used by GRUB is the command @command{lock}. This command
-always fails until you enter a valid password, so you can use it, like
-this:
+GRUB provides the command @command{lock}. This command always fails
+until you enter a valid password, so you can use it, like this:

@example
@group
@ -1017,3 +1018,9 @@ chainload +1
 You should insert @command{lock} right after @command{title}, because
 any user can execute commands in an entry, until GRUB encounters
@command{lock}.
+
+You can also use the command @command{password} instead of
+@command{lock}. In this case the boot process will ask for the password
+and stop if it was entered incorrectly.  Since the @command{password}
+takes its own @samp{PASSWORD} argument this is useful if you want
+different passwords for different entries.
--- a/docs/user-ref.texi
+++ b/docs/user-ref.texi
@ -553,15 +553,6 @@ menu to be displayed by pressing @key{ESC} before the timeout
 expires.
@end deffn

-@deffn Command password passwd [new-config-file]
-Disable all interactive editing control (menu entry editor and
-command line) and entries protected by the command @command{lock}. If
-the password @var{passwd} is entered, it loads the @var{new-config-file}
-as a new config file and restarts the GRUB Stage 2, if
-@var{new-config-file} is specified. Otherwise, GRUB will just unlock the
-privileged instructions.
-@end deffn
-
@deffn Command timeout sec
 Set a timeout, in @var{sec} seconds, before automatically booting the
 default entry (normally the first entry defined).
@ -704,6 +695,18 @@ specification in GRUB syntax (@pxref{Naming convention}); @var{type}
 is the new partition type and must be a number in the range 0-0xff.
@end deffn

+@deffn Command password [@option{--md5}] passwd [new-config-file]
+If used in the first section of a menu file, disable all interactive
+editing control (menu entry editor and command line) and entries
+protected by the command @command{lock}. If the password @var{passwd} is
+entered, it loads the @var{new-config-file} as a new config file and
+restarts the GRUB Stage 2, if @var{new-config-file} is
+specified. Otherwise, GRUB will just unlock the privileged instructions.
+You can also use this command in the script section, in which case it
+will ask for the password, before continueing.  The option
+@option{--md5} tells GRUB that @var{passwd} is encrypted with md5crypt.
+@end deffn
+
@deffn Command rarp
 Initialize a network device via the @dfn{RARP} protocol.  This command
 is only available if GRUB is compiled with netboot support.