On Sun, Oct 09, 2005 at 07:22:43PM -0400, Tom Diehl wrote: > Because requiring a passwd on a box that you can sit in front of and take > apart is STUPID!! Invalid assumption; one can have access to the console without having direct physical access. Think IP-based KVMs, where you can go so far as being able to power cycle a system without being able to put hands on the machine. Serial consoles are a similar situation. Requiring a password for single-user login allows for a breach of KVM or serial console server security without opening the attached systems to attack. Grub passwords only solve half the problem (modification or misuse of the bootloader); single-user passwords prevent the attacker from taking advantage of a hardware fault (perhaps one that they triggered). Both are necessary to properly secure the boot process when the console can be reached over a network or from a shared/less-secured console area. Granted, this is only an issue for data-center environments generally. I just wanted to point it out as a use case that I'm familiar with. -- Edward S. Marshall <esm@xxxxxxxxx> http://esm.logic.net/ Felix qui potuit rerum cognoscere causas. -- fedora-docs-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-docs-list
