Anyone who has access to a computer keyboard can access OpenBoot and modify parameters unless you set up the security variables. These variables are listed in Table 3.11.
Setting the OpenBoot Security Mode It is important to remember your security password and to set it before setting the security mode. If you later forget this password, you cannot use your system; you must call your vendor's customer support service to make your machine bootable again.
If you are able to get to a Unix prompt as root, you can use the eeprom command to either change the security-mode parameter to none or reset the security password.
New password (only first 8 chars are used): <enter password> Retype new password: <enter password>
Earlier in this chapter you learned how to change the OpenBoot parameter security-password from the command line.
After you assign a password, you can set the security variables that best fit your environment.
You use security-mode to restrict the use of OpenBoot commands. When you assign one of the three values shown in Table 3.12, access to commands is protected by a password. The syntax for setting security-mode is as follows:
setenv security-mode <value>
The following example sets the OpenBoot environment so that all commands except boot and go require a password:
setenv security-mode command
With security-mode set to command, a password is not required if you enter the boot command by itself or if you enter the go command. Any other command requires a password, including the boot command with an argument.
The following are examples of when a password might be required when security-mode is set to command:
Note that with Password, the password is not echoed as it is typed.
If you enter an incorrect security password, there is a delay of about 10 seconds before the next startup prompt appears. The number of times that an incorrect security password can be typed is stored in the security-#badlogins variable, but you should not change this variable.