|
||||||||
On Tue, 23 Nov 2004, Jean Everson Martina wrote: > > > A dot L dot M dot Buxey at lboro dot ac dot uk wrote: > >>>Password protection may not be a bad thing... but part of the point of > >>>the console is to recover from a lost password. > >> > >>What if you lost your password to console ;) > > > > > > well, if you've got physical access to the system it isnt a problem. just whip the disk > > out, stick it into a FreeBSD box (or a Linux box with UFS fs/BSD partition support enabled > > in kernel) mount the disk and clear/change the password. > > This topic was discussed already in the list. I myself started to list > the things needed by m0m0 to be ICSA certifiable. This is one issue. > The way that many devices/OS's/etc deal with the lost console password is to give you an opportunity to "break in" sometime during the boot process. It's assumed that the act of powercycling the box would be indication that something has been tampered with, and that if you have physical access to the box there's a way to break in anyway so why make it too painful. |