Document ID | Synopsis | Date | ||
14214 | how to set OBP security mode | 9 Jan 1998 |
Description |
How does a user set/change the security mode of a SparcStation so that system access can be controlled at the OBP level? The NVRAM "security-mode" and password can be set either while in Solaris or SunOS or while at the "ok" prompt. CAUTION: Do not forget the password that you set for the OBP. If the password is forgotten, the system will not be usable and the only fix is a hardware swap of the NVRAM chip. CAUTION: Do not use special (control) characters that are not recognized by the OBP in your password, such as control characters like ^L. If these characters are used the password will not be recognized and depending on the level of security may require the replacement of the NVRAM chip. To set the security level and password while booted into the OS, do the following (Solaris and SunOS are the same): test# eeprom security-mode="level" Changing PROM password: New password: {password not echoed} Retype new password: {password not echoed} test# To set the security level at the "ok" prompt, do the following: ok password New password (8 characters max) {password not echoed} Retype new password: {password not echoed} ok setenv security-mode "level" security-mode = level ok Replace "level" with the security level that you wish to apply. The valid levels are: none, command, and full. NOTE: Setting the level to none will not ask for a password to be set. The effects of the three security levels are: none - Any command can be typed and no password is required. command - The user can use the 'c' or 'b' (continue, boot) commands at the restricted monitor without a password. A password is required if the user wishes to use the 'n' command to get to the forth command mode or if a parameter is used with the 'b' command (e.g. to boot single user mode). full - This is the most restrictive mode and the only command that can be executed without a password is the 'c' command. All others (b,n) require a password. CAUTION: The use of control characters such as ^L will cause the OBP to not recognize the password you have entered. It is recommended that the password be tested using the 'command' security level prior to selecting 'full'. If the password is not recognized, boot the system with no arguments and modify using the eeprom command. If an incorrect password is entered, the system delays for approx. 10 seconds before displaying the boot prompt again. The number of times that an incorrect password is entered is stored in the security-#badlogins variable of the NVRAM. NOTE: The recommended procedure is the one using the eeprom command, although both have the same result. DO NOT set the security-password variable of the NVRAM directly. Let the system prompt you for the password as shown in the two examples.
SOLUTION SUMMARY:
Applies To | (none) |
Attachments | (none) |
Document Content | INFODOC ID: 14214 |