Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
This chapter is from the book

OpenBoot Security

Anyone who has access to a computer keyboard can access OpenBoot and modify parameters unless you set up the security variables. These variables are listed in Table 3.11.

Table 3.11 OpenBoot Security Variables

Variable

Description

security-mode

Restricts the set of operations that users are allowed to perform at the OpenBoot prompt.

security-password

Specifies the firmware security password. (It is never displayed.) You should not set this variable directly; you set it by using password.

security-#badlogins

Specifies the number of incorrect security password attempts.

To set the security password, you type the password at the ok prompt, as shown in the following:

New password (only first 8 chars are used): <enter password>
Retype new password: <enter password>

Earlier in this chapter you learned how to change the OpenBoot parameter security-password from the command line.

After you assign a password, you can set the security variables that best fit your environment.

You use security-mode to restrict the use of OpenBoot commands. When you assign one of the three values shown in Table 3.12, access to commands is protected by a password. The syntax for setting security-mode is as follows:

setenv security-mode <value>

Table 3.12 OpenBoot Security Values

Value

Description

full

Specifies that all OpenBoot commands except go require a password. This security mode is the most restrictive.

command

Specifies that all OpenBoot commands except boot and go require a password.

none

Specifies that no password is required. This is the default.

The following example sets the OpenBoot environment so that all commands except boot and go require a password:

setenv security-mode command

With security-mode set to command, a password is not required if you enter the boot command by itself or if you enter the go command. Any other command requires a password, including the boot command with an argument.

The following are examples of when a password might be required when security-mode is set to command:

Example

Description

ok boot

No password is required.

ok go

No password is required.

ok reset-all

You are prompted to enter a password.

Note that with Password, the password is not echoed as it is typed.

If you enter an incorrect security password, there is a delay of about 10 seconds before the next startup prompt appears. The number of times that an incorrect security password can be typed is stored in the security-#badlogins variable, but you should not change this variable.

  • + Share This
  • 🔖 Save To Your Account