Comment 3 for bug 718670

I provided a password-file containing:

### BEGIN 01_user_list ###
set superusers='xxuser_namexx'
password_pbkdf2 xxuser_namexx grub.pbkdf2.sha512.3.DC0E03A0DB4....
### END 01_user_list ###

These file "01_user_list" will be added into the grub.cfg during "sudo update-grub".

The file /boot/grub/grub.cfg contains two linux-kernel (see attachement)

-> the up_to_date 2.6.38-3 kernel

-> the backup-kernel 2.6.37-12

The later one ist put into the brackets and will be selected inside the grub-menu via the sub-menu option!

Selecting the 2.6.38-3-kernel first, all will be working fine - asking for user_name and passwort, if you try to use the keys "C" or "E"!!

Selecting the sub-menu first and after the previous kernel is shown, you can select inside these sub-menu the keys "C" or "E" without any authorization is nessassary, to use these two options - YOU CAN MANIPULATE ALL!!!