Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. syslinux>
  3. users
Password protection
alsbergt at cs
May 2, 2002, 8:20 AM
Post #1 of 5 (1964 views)
Permalink
Hi there.
Would/will there be a way to password protect providing kernel
parameters and choosing some boot labels in SYSLINUX? So that not
everybody can boot the machine single-user, with different root
devices, etc. (And also so that you would need a password to boot from
the local disk, in PXELINUX)?

We want to start using SYSLINUX, actually PXELINUX, here at the CS
department of the Hebrew University to boot many machines
diskless. Until now (and still, right now) we used GRUB, but GRUB has
several problems, mainly that it doesn't really do PXE - it can be
loaded from PXE, but it cannot use the network interface given to it
by PXE, so a driver is needed for every network adapter, but also some
other minor technicalities.
I started testing SYSLINUX/PXELINUX and it seems fine for us (wrote
configuration files, etc., and configured a few test hosts for it in
DHCP already), so we would probably be ready to deploy it if we could
just password protect some stuff. Most of the use will be for
workstations for students, so it's really necessary for us to be able
to do that.

Thank you, any help appreciated,
-- Tom

--
Tom Alsberg
Hebrew University of Jerusalem,
institute of Computer Science and Engineering -
System Group / Vision Lab
Password protection [ In reply to ]
mterlouw at gmx
May 2, 2002, 8:47 AM
Post #2 of 5 (1928 views)
Permalink
I realize that this is an honest request, but I find it interesting (and
slightly humorous) that a Computer Science dept. can't implement this
themselves in an _open source_ program like PXElinux.

Mike
Password protection [ In reply to ]
alsbergt at cs
May 2, 2002, 9:08 AM
Post #3 of 5 (1922 views)
Permalink
Hi there.

On Thu, May 02, 2002 at 11:47:50AM -0500, Michael K Ter Louw wrote:
> I realize that this is an honest request, but I find it interesting (and
> slightly humorous) that a Computer Science dept. can't implement this
> themselves in an _open source_ program like PXElinux.

We can implement that ourselves, would probably not take a long time
either, and that was what I was thinking of doing. But as with other
projects (most recent example - Samba), we check if there is something
like that under work (although as I see from the SYSLINUX code, that
will not be too much work) at the moment, or whether it is planned. We
don't want to change something that will be done by the developers in
some way at close time. And we do, usually, if the change is not too
specific to our environment, send patches of things we changed to the
developers for inclusion in further releases (both for the good of
users all over, and to save us from re-changing it in further
releases).

So if there is no such work in progress, or plans, I'll probably do it
myself... But I don't want two pieces of code that do the same job, so
I first want to know.

If we'll implement it locally, then we'd love if the SYSLINUX team
will accept a patch from us.

> Mike

Best regards,
-- Tom

--
Tom Alsberg
Hebrew University of Jerusalem,
institute of Computer Science and Engineering -
System Group / Vision Lab
Password protection [ In reply to ]
hpa at zytor
May 2, 2002, 9:13 AM
Post #4 of 5 (1914 views)
Permalink
Tom Alsberg wrote:
> Hi there.
> Would/will there be a way to password protect providing kernel
> parameters and choosing some boot labels in SYSLINUX? So that not
> everybody can boot the machine single-user, with different root
> devices, etc. (And also so that you would need a password to boot from
> the local disk, in PXELINUX)?
>
> We want to start using SYSLINUX, actually PXELINUX, here at the CS
> department of the Hebrew University to boot many machines
> diskless. Until now (and still, right now) we used GRUB, but GRUB has
> several problems, mainly that it doesn't really do PXE - it can be
> loaded from PXE, but it cannot use the network interface given to it
> by PXE, so a driver is needed for every network adapter, but also some
> other minor technicalities.
> I started testing SYSLINUX/PXELINUX and it seems fine for us (wrote
> configuration files, etc., and configured a few test hosts for it in
> DHCP already), so we would probably be ready to deploy it if we could
> just password protect some stuff. Most of the use will be for
> workstations for students, so it's really necessary for us to be able
> to do that.
>

Not there at this time, but some people have already requested it, so
I'm thinking about how to add it. I'm a bit concerned since this would
be fairly easy to bypass (if you have physical access to the machine,
you can generally do anything), but that might be OK (most of these
things seem to be about keeping students from hacking in a lab.)

It's on my list of things to do, but it's more of a "B" priority for me.
However, obviously the more I hear it's a key feature for some
people, the more it moves up...

-hpa
Password protection [ In reply to ]
hpa at zytor
May 2, 2002, 12:24 PM
Post #5 of 5 (1925 views)
Permalink
Tom Alsberg wrote:
> Hi there.
>
> On Thu, May 02, 2002 at 11:47:50AM -0500, Michael K Ter Louw wrote:
>
>>I realize that this is an honest request, but I find it interesting (and
>>slightly humorous) that a Computer Science dept. can't implement this
>>themselves in an _open source_ program like PXElinux.
>
>
> We can implement that ourselves, would probably not take a long time
> either, and that was what I was thinking of doing. But as with other
> projects (most recent example - Samba), we check if there is something
> like that under work (although as I see from the SYSLINUX code, that
> will not be too much work) at the moment, or whether it is planned. We
> don't want to change something that will be done by the developers in
> some way at close time. And we do, usually, if the change is not too
> specific to our environment, send patches of things we changed to the
> developers for inclusion in further releases (both for the good of
> users all over, and to save us from re-changing it in further
> releases).
>
> So if there is no such work in progress, or plans, I'll probably do it
> myself... But I don't want two pieces of code that do the same job, so
> I first want to know.
>
> If we'll implement it locally, then we'd love if the SYSLINUX team
> will accept a patch from us.
>

The "SYSLINUX team", i.e. me, myself & I, do appreciate asking first. I
reject a fairly large number of patches, because I'm still quite
concerned about SYSLINUX proper being useful for boot floppies. I have
seriously been toying with expanding the role of COMBOOT images,
combined with some API, for a long time. It has to be done with some
care, however; it's way too easy to freeze APIs that then are going to
hurt, and hurt, and hurt as they have to be maintained ad infinitum. On
the other hand, modularity is good for a whole bunch of reasons. I've
even considered moving the splash screen functionality into a separate
binary. All in all I'm really more inclined as turning SYSLINUX into a
mini-DOS than into GRUB.

-hpa

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal