kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

dracut.cmdline.7.asc: add warning about passwords on the kernel cmdline

master
Harald Hoyer 2012-10-10 15:56:21 +02:00
parent 3cff5fb56f
commit 833685ded5
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
dracut.cmdline.7.asc
View File

@ -445,12 +445,22 @@ CIFS
brackets, e.g. [2001:DB8::1]. If a username or password are not specified
as part of the root, then they must be passed on the command line through
cifsuser/cifspass.
+
[WARNING]
====
Passwords specified on the kernel command line are visible for all users via the file _/proc/cmdline_ and via dmesg or can be sniffed on the network, when using DHCP with DHCP root-path.
====

**cifsuser=_<username>_::
Set the cifs username, if not specified as part of the root.

**cifspass=_<password>_::
Set the cifs password, if not specified as part of the root.
+
[WARNING]
====
Passwords specified on the kernel command line are visible for all users via the file _/proc/cmdline_ and via dmesg or can be sniffed on the network, when using DHCP with DHCP root-path.
====

iSCSI
~~~~~
@ -473,6 +483,11 @@ If servername is an IPv6 address, it has to be put in brackets. e.g.:
----
root=iscsi:[2001:DB8::1]::::iqn.2009-06.dracut:target0
----
+
[WARNING]
====
Passwords specified on the kernel command line are visible for all users via the file _/proc/cmdline_ and via dmesg or can be sniffed on the network, when using DHCP with DHCP root-path.
====

**root=**_???_ **netroot=**iscsi:[_<username>_:_<password>_[:_<reverse>_:_<password>_]@][_<servername>_]:[_<protocol>_]:[_<port>_][:[_<iscsi_iface_name>_]:[_<netdev_name>_]]:[_<LUN>_]:_<targetname>_ ...::
multiple netroot options allow setting up multiple iscsi disks. e.g.:
@ -488,9 +503,19 @@ If servername is an IPv6 address, it has to be put in brackets. e.g.:
----
netroot=iscsi:[2001:DB8::1]::::iqn.2009-06.dracut:target0
----
+
[WARNING]
====
Passwords specified on the kernel command line are visible for all users via the file _/proc/cmdline_ and via dmesg or can be sniffed on the network, when using DHCP with DHCP root-path. You may want to use rd.iscsi.firmware.
====

**root=**_???_ **rd.iscsi.initiator=**_<initiator>_ **rd.iscsi.target.name=**_<target name>_ **rd.iscsi.target.ip=**_<target ip>_ **rd.iscsi.target.port=**_<target port>_ **rd.iscsi.target.group=**_<target group>_ **rd.iscsi.username=**_<username>_ **rd.iscsi.password=**_<password>_ **rd.iscsi.in.username=**_<in username>_ **rd.iscsi.in.password=**_<in password>_::
manually specify all iscsistart parameter (see **+iscsistart --help+**)
+
[WARNING]
====
Passwords specified on the kernel command line are visible for all users via the file _/proc/cmdline_ and via dmesg or can be sniffed on the network, when using DHCP with DHCP root-path. You may want to use rd.iscsi.firmware.
====

**root=**_???_ **netroot=**iscsi **rd.iscsi.firmware=1**::
will read the iscsi parameter from the BIOS firmware
@ -501,7 +526,7 @@ netroot=iscsi:[2001:DB8::1]::::iqn.2009-06.dracut:target0
e.g.:
+
----
"netroot=iscsi iscsi_firmware rd.iscsi.param=node.session.timeo.replacement_timeout=30"
"netroot=iscsi rd.iscsi.firmware=1 rd.iscsi.param=node.session.timeo.replacement_timeout=30"
----
+
will result in