SUMMARY: eeprom security mode

From: Jim Sisul (bmskc!moe!sisul@uunet.UU.NET)
Date: Wed Mar 11 1992 - 01:26:48 CST


My original question:

> [Our] problem is that when you set [the eeprom parameter]
> security-mode, the system prompts you for a password,
> which you MUST type in by hand from the console.
> You cannot set security-password=password first and then set security mode.
>
> Is there any way to get eeprom to accept this password from
> a "settings file?" We are trying to keep this install process
> automated, with no user input after they start the install script.

The best response, from miker@sbcoc.com (sorry, you didn't give your
full name for proper hero-worship), was a master stroke of genius
in its simplicity. He suggested:

> rsh $host '(/bin/echo '$password'; /bin/echo '$password') | eeprom security-mode=command'

where $host is your own hostname!!! (Just remember to put your
own name in your own .rhosts file.)

Several others suggested using "expect," which emulates a user at
a terminal. This is good idea for more complex tasks.

Others criticized this move as a security nightmare. For their sake,
let me explain that this install script is contained in a "black box."
The factory assemblers hook the black box up to a SPARC, turn on the
SPARC, take a nap, and away the install proceedure goes. When it is done, they
unplug the black box, and, voila! instant OEM workstation. Since the
password is hidden in the box (the insides of which no one ever sees), the
security risk is zero. Several large bowling balls chained to the box make
theft difficult, and routine hypnotizing of factory personnel keep the location
and purpose of the box guarded.

A few others said flatly "It can't be done." They must work for Sun :-).

Thanks for your help.

--Jim



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:38 CDT