From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MeAYr-00072v-CR for mharc-grub-devel@gnu.org; Thu, 20 Aug 2009 12:32:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MeAYp-0006wF-Fs for grub-devel@gnu.org; Thu, 20 Aug 2009 12:32:23 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MeAYk-0006hK-BA for grub-devel@gnu.org; Thu, 20 Aug 2009 12:32:22 -0400 Received: from [199.232.76.173] (port=47814 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MeAYk-0006gh-26 for grub-devel@gnu.org; Thu, 20 Aug 2009 12:32:18 -0400 Received: from xvm-190-8.ghst.net ([217.70.190.8]:54593 helo=aybabtu.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MeAYj-0003j5-L2 for grub-devel@gnu.org; Thu, 20 Aug 2009 12:32:17 -0400 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1MeAYh-0002oN-44 for grub-devel@gnu.org; Thu, 20 Aug 2009 18:32:15 +0200 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1MeAYg-0000nr-IC for grub-devel@gnu.org; Thu, 20 Aug 2009 18:32:14 +0200 Date: Thu, 20 Aug 2009 18:32:14 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090820163214.GA2856@thorin> References: <20090605173640.GW7367@riva.ucam.org> <153689213.20090605201753@gmail.com> <1248619241.25072.19.camel@fz.local> <20090819150848.GA7859@thorin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: Re[2]: 'password' command in GRUB 2? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 16:32:24 -0000 On Wed, Aug 19, 2009 at 05:17:13PM +0200, Vladimir 'phcoder' Serbinenko wrote: > On Wed, Aug 19, 2009 at 5:08 PM, Robert Millan wrote: > > > > I agree with this proposal in general.  Except with the concept of "users", > > which I think might be overkill.  GRUB is not a Un*x with its /home and > > per-user settings.  These passwords just protect resources, so I'm not sure > > if there's a point in managing users as an intermediate layer between > > passwords and the restricted resource. > The concept of users allows to use other authentication methods then > password. Consider a possibility of fingerprint authentications. 2 > users needing superuser privilegies can share the same password but > have trouble sharing fingerprints. Another possibility is LUKS > authentication - user is considered ok if his password unlocks the > slot number N. If we ask users to share the same keyslot on luks we > get in the way of luks keyphrase revocation. > Additionally this simplifies the configuration as you don't need to > write password at every menuentry directive. > While the concept of users isn't strictly necessary it allows easy > management of multiple authentication methods and is really helpful > even for just managing multiple passwords Ok. Then it might be a good thing to have those in our current model, even if we don't support fingerprints yet. I'm fine with the proposed design. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."