Tiny Core Base > TCB Q&A Forum
What's the noautologin / secure default password when /etc/shadow fails to save?
baz:
I tried enabling a password by supplying the boot codes "secure" and "noautologin". This prompted me to create a root pass and a user pass. Then I added /etc/shadow to .filetool.lst so that my password could be saved (per another post). I then tried locking my screen using xlock, but it would not accept my password, so I had to hard reboot - which means my /etc/shadow didn't save either. When I got back to the login screen it wouldn't accept my password.
All this to ask, what's the default password to get in?
gerald_clark:
There is none.
Boot with the noautologin and secure options again.
baz:
Ah ok.
As a side-note, "secure" should really be renamed "changepassword" to emphasize the temporary nature of that boot code.
Also, this whole setup is not secure at all if anyone can simply remove the noautologin boot code to gain access to an account. What do people think of that?
danielibarnes:
--- Quote ---Also, this whole setup is not secure at all if anyone can simply remove the noautologin boot code to gain access to an account. What do people think of that?
--- End quote ---
I don't know if you are aware, but any linux system which allows you to modify boot parameters is insecure in the very same way. The 'single' option will boot a system to a root shell with complete access to the system. I use this from time to time when I forget a root password.
Even if you were to prevent the modification of the boot parameters on the normal boot media, it is a simple matter to boot grub from a floppy, cd, usb drive, or PXE where the parameters may be modified. If you were to configure the BIOS to disable all other boot methods and password-protect it, you'd still have to worry about BIOS master passwords or clearing of the CMOS.
In short, if you have physical access to the system, you can get complete control of it. It's just a matter of how difficult it is. It is more accurate to think of the "secure" boot parameter as providing secure remote access.
baz:
Good points. What about an encrypted home? That would be safe from hardware tampering but then you could simply autologin?
Navigation
[0] Message Index
[#] Next page
Go to full version