> 2. system boots up into multiuser mode, without root password configured
> 	is it okay to do this?

This should be fixed.

Then again, it's not as big a hole as it seems at first:
 - inbound telnet/ftp are turned off by default, and even if they get
turned back on,
 - tty[pq...]? are not marked "secure", so root can't telnet in.
 - root is listed in /etc/ftpusers as "deny".

so the only way root can get in is on the console, and in the vast
majority of installations, giving someone console access also gives
them the ability to boot the machine in single-user mode, bypassing
the password check.

> 4. if we use DHCP, /etc/ifconfig.IF will have the address we have
>    obtained via DHCP.  this seems incorrect.

IMHO, if you got the address via dhcp, sysinst should set up rc.conf,
etc., to enable dhcp on that interface if the user answers "yes" to
the keep-using-this-network-config question..

					- Bill