On Fri, 2010-06-11 at 00:21 +0530, Pallav Jain wrote: > 1. i edited the grub.conf file, by adding in it the line: > > password --md5 $xxx/ > > just above the first title section and below 'hiddenmenu' line. (where > xxx=Envrypted password) > Yes, that's a suitable place for it to go. > but is this encrypted password of the general user that i login with, > in the fedora system? and not the root ever? This password will only be used within the grub menu. You can, of course, use the same password in more than one place. But the MD5 crypted version of it will be different. e.g. If you wanted your boot menu password to be the word "peter" and the root user password to be "peter" you'd set up each one separately. You can reset the root user password at any time, see "man passwd". The username passwords are stored in a different location, and the passwd command will take care of that for you. NB: Do *not* pick a password as simple as that, though. > 2. when we get the encrypted password while typing the command > 'md5crypt' in the grub shell, where is this saved? i mean if at all > after closing we want to see this encrypted password where to see? and > each time if typing the 'md5crpty' command in the grub shell > overwrites the previous password? That command will just print the encrypted password to the screen, it's not stored anywhere. The command just generates the encrypted version of the password. It's up to you to copy and paste it into the grub file, or simply retype it in by hand. > 3. if we even encypt the password of the root, method is same? if yes, > how to enter the username 'root' so that the sys. understands this is > the encrypted password of 'root' only. I cannot remember if MD5 is used for username passwords, as well. But the encrypted version of it will have a different characters. You can see this by trying to encrypt the same password more than once. e.g. Go through the steps I mentioned before (become the root user, go into the grub shell), and then use the md5crypt command more than once to encrypt the same password. I'll show you, below, what will happen when I try using "hello" as a password. grub> md5crypt md5crypt Password: hello hello Encrypted: $1$bGXSc/$ei4zvY2hnl1PsrQWCSxoT/ grub> md5crypt md5crypt Password: hello hello Encrypted: $1$ANXSc/$Fz9ehGl8NfmldHmJnUw43. I've typed in the same password, and each time it encrypts it, the encrypted version will be different. The method for changing the root user's password is different than how we set a password into the grub.conf file. You use the passwd command. Once again, you'll need to "su -" to become the root user, before you can attempt to do this. Then use the "passwd" command, and follow the instructions it prints out to screen. > 4. as you say: > > "And then.... if you want different passwords for different menu > items, put the password line within the different title sections of > the grub.conf file, instead of having one password line above all of > them.", > > means that each encrypted password is to be obtained from the grub > shell only, by typing that particular password? and it is saved where? As before, it's not saved anywhere when you use the md5crypt command, it's just printed out to screen, and you handle putting that encrypted password into the grub file. When the computer boots, it reads the bootblock on the disc drive. The bootblock has grub code in it that will, amongst other things it does, read the grub.conf file to configure itself. It'll get its passwords from that grub.conf file. No-one other than root user on the computer can read the grub.conf file. And because it only holds encrypted versions of the passwords, no-one can tell what the passwords actually are. * No-one has publicly claimed that they can decrypt MD5 encrypted passwords, so far. And everything suggests that it's nearly impossible to do so. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
