# loader and password



## donxc (May 5, 2009)

I have tried to add password to boot sequence: 
in loader.conf  password="mysecret"

According to man page for loader.conf:

All settings have the following format:
           variable="value"

and

password      Provides a password to be required by check-password before
                   execution is allowed to continue.

When I do this and reboot, it bypasses menu screen altogether and boots automatically. I have beastie enabled.
This occurs on 6.4 and 7.1 systems both upgraded this week.

Am I missing something?


----------



## LateNiteTV (May 5, 2009)

i dont have the answer to your question bc i genuinely dont know, but what about setting a bios passwd?
or maybe using geli to encrypt your system.


----------



## donxc (May 7, 2009)

Really just want to know if I have messed this up or if there is a problem with the function.


----------



## ale (May 7, 2009)

donxc said:
			
		

> Really just want to know if I have messed this up or if there is a problem with the function.


I've tested it time ago on qemu. I can't remeber the version, probably the last 8.0 snapshot, and I saw the same.


----------



## fronclynne (May 8, 2009)

How curious.  I just tested it, and indeed, it skips the loader menu but never asks for a password.

Time to file a PR?


----------



## DutchDaemon (May 8, 2009)

Ah, I missed that bit in the original post. Really? It doesn't ask for that password at all _and_ continues straight on to multiuser boot? How curious.


----------



## donxc (May 8, 2009)

DutchDaemon said:
			
		

> Ah, I missed that bit in the original post. Really? It doesn't ask for that password at all _and_ continues straight on to multiuser boot?


That is correct. 

I haven't used this since 4.(X) but it did work then.


----------



## Carpetsmoker (May 8, 2009)

It works fine for me on two FreeBSD 7 systems and a FreeBSD 6 system.

IIRC this feature does not work with the Beastie menu enabled, try disabling the beastie menu by adding:

```
beastie_disable="YES"
```
To /boot/loader.conf

Note that the password is only asked when you want to enter the loader command prompt, not when booting the system without interruption.


----------



## donxc (May 8, 2009)

Carpetsmoker said:
			
		

> ---
> 
> Note that the password is only asked when you want to enter the loader command prompt, not when booting the system without interruption.



OK, I was misinterpreting the intention of password here.
Have some playing to do.

Thanks for the insight.


----------



## Nokobon (May 11, 2009)

So is there any way to set a password for booting the system by default?


----------



## Carpetsmoker (May 11, 2009)

You can use the BIOS password.
You can also set `console' to `insecure' in /etc/ttys, root password will be asked when entering single user mode.
Also, you may have noticed FreeBSD asks for the password after startup


----------



## Nokobon (May 11, 2009)

Carpetsmoker said:
			
		

> You can use the BIOS password.
> You can also set `console' to `insecure' in /etc/ttys, root password will be asked when entering single user mode.
> Also, you may have noticed FreeBSD asks for the password after startup


Hehe, you're right. So such a password to protect just the default startup would be senseless 

I thought of a password for every bootoption...a password to enter the FreeBSD boot screen.
But I see, in this case the BIOS-password would have the same effect...


----------



## swills@ (May 11, 2009)

Note that none of these options prevent someone from taking the hard drive out and reading your data off. You might consider using geli to prevent that.


----------

