Help required

Tim ignored_mailbox at yahoo.com.au
Fri Jun 11 08:55:25 UTC 2010


On Fri, 2010-06-11 at 00:21 +0530, Pallav Jain wrote:
> 1. i edited the grub.conf file, by adding in it the line:
>  
> password --md5 $xxx/
>  
> just above the first title section and below 'hiddenmenu' line. (where
> xxx=Envrypted password)
> 
Yes, that's a suitable place for it to go.

> but is this encrypted password of the general user that i login with,
> in the fedora system? and not the root ever?

This password will only be used within the grub menu.  You can, of
course, use the same password in more than one place.  But the MD5
crypted version of it will be different.

e.g. If you wanted your boot menu password to be the word "peter" and
the root user password to be "peter" you'd set up each one separately.

You can reset the root user password at any time, see "man passwd".  The
username passwords are stored in a different location, and the passwd
command will take care of that for you.

NB:  Do *not* pick a password as simple as that, though.

> 2. when we get the encrypted password while typing the command
> 'md5crypt' in the grub shell, where is this saved? i mean if at all
> after closing we want to see this encrypted password where to see? and
> each time if typing the 'md5crpty' command in the grub shell
> overwrites the previous password?

That command will just print the encrypted password to the screen, it's
not stored anywhere.  The command just generates the encrypted version
of the password.  It's up to you to copy and paste it into the grub
file, or simply retype it in by hand.

> 3. if we even encypt the password of the root, method is same? if yes,
> how to enter the username 'root' so that the sys. understands this is
> the encrypted password of 'root' only.

I cannot remember if MD5 is used for username passwords, as well.  But
the encrypted version of it will have a different characters.  You can
see this by trying to encrypt the same password more than once.

e.g. Go through the steps I mentioned before (become the root user, go
into the grub shell), and then use the md5crypt command more than once
to encrypt the same password.  I'll show you, below, what will happen
when I try using "hello" as a password.

grub> md5crypt
md5crypt
Password: hello
hello
Encrypted: $1$bGXSc/$ei4zvY2hnl1PsrQWCSxoT/

grub> md5crypt 
md5crypt
Password: hello
hello
Encrypted: $1$ANXSc/$Fz9ehGl8NfmldHmJnUw43.

I've typed in the same password, and each time it encrypts it, the
encrypted version will be different.

The method for changing the root user's password is different than how
we set a password into the grub.conf file.  You use the passwd command.
Once again, you'll need to "su -" to become the root user, before you
can attempt to do this.  Then use the "passwd" command, and follow the
instructions it prints out to screen.

> 4. as you say:
>  
> "And then.... if you want different passwords for different menu
> items, put the password line within the different title sections of
> the grub.conf file, instead of having one password line above all of
> them.",
>  
> means that each encrypted password is to be obtained from the grub
> shell only, by typing that particular password? and it is saved where?

As before, it's not saved anywhere when you use the md5crypt command,
it's just printed out to screen, and you handle putting that encrypted
password into the grub file.

When the computer boots, it reads the bootblock on the disc drive.  The
bootblock has grub code in it that will, amongst other things it does,
read the grub.conf file to configure itself.  It'll get its passwords
from that grub.conf file.

No-one other than root user on the computer can read the grub.conf file.
And because it only holds encrypted versions of the passwords, no-one
can tell what the passwords actually are.

* No-one has publicly claimed that they can decrypt MD5 encrypted
passwords, so far.  And everything suggests that it's nearly impossible
to do so.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.





More information about the users mailing list