Date: Wed, 10 Jan 2001 15:11:20 +0100 From: Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> To: Frank Bartels <knarf@camelot.de> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: NODESCRYPTLINKS=true Message-ID: <20010110151120.A55352@prioris.mini.pw.edu.pl> In-Reply-To: <20010110134920.N34155@camelot.de> References: <20010110122150.A95886@camelot.de> <3A5C4DB9.1C9F0949@quake.com.au> <20010110134920.N34155@camelot.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! I had the same problem on the server. Have a look at the handbook first, chapter 8 - security, section "DES, MD5, and Crypt". I suppose you have something like: ls -l libcrypt.* lrwxr-xr-x 1 root wheel 11 Jan 9 20:00 libcrypt.a -> libscrypt.a lrwxr-xr-x 1 root wheel 12 Jan 9 20:00 libcrypt.so -> libscrypt.so lrwxr-xr-x 1 root wheel 14 Jan 9 20:00 libcrypt.so.2 -> libscrypt.so.2 The solution is to link it like that: ls -l libcrypt.* lrwxr-xr-x 1 root wheel 13 Jan 9 20:05 libcrypt.a -> libdescrypt.a lrwxr-xr-x 1 root wheel 14 Jan 9 20:06 libcrypt.so -> libdescrypt.so lrwxr-xr-x 1 root wheel 16 Jan 9 20:06 libcrypt.so.2 -> libdescrypt.so.2 Considering make.conf I think you should comment out the line NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links but I am not sure about that in 100%. I hope this will help. Best Regards -gregory On Wed, Jan 10, 2001 at 01:49:20PM +0100, Frank Bartels wrote: > Heya Kal, > > On Wed, Jan 10, 2001 at 10:55:37PM +1100, Kal Torak wrote: > > Frank Bartels wrote: > > > > we still use DES passwords on our system. If I do a make world > > > (4.2-STABLE), the libcrypt links in /usr/lib are replaced by ones > > > to libscript. I found NODESCRYPTLINKS=true in /etc/defaults/make.conf > > > and have put it into /etc/make.conf. But the links still get > > > replaced. > > > > > > The bad thing is, I cannot login after a reboot. I _think_ libscrypt > > > was able to detect des/md5 passwords in 3.x and logins were still > > > possible. > > > > > > Is there a complete documentation about libcrypt, libscrypt, > > > libdescrypt, passwd_format=des and the upgrading procedure from > > > 3.x to 4.x? > > > > Hmmm, did you cvsup and install the crypto dists? They used to be > > export restricted until recently so if you have an old sup file > > it probably dosent get them... > > I've installed 4.2-RELEASE (bin+crypto), took the stable-supfile > from /usr/share/examples/cvsup and changed the host and compress > lines, cvsupped (from my own cvsup-mirror) and ran make world. > > As I understand, there is no longer a separated crypto tree. > > My own cvsup-mirror seems to be okay, as running cvsup -h > cvsup.de.freebsd.org does not make changes to my local source tree. > > > If the crypto dist is installed the default password scheme used > > is DES, but the system should be able to understand both DES and > > MD5 passwords... > > I know it should, but it does not. > > > /usr/src/UPDATING is a good place to find out about the procedure... > > The information is not really helpful for my problem (I check > UPDATING often). > > So there are still two questions: > > - why are the links replaced? > - why does my libscrypt not understand DES passwords? > Check handbook first. ;) > My make.conf says: > > NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links > NOPROFILE= true # Avoid compiling profiled libraries > MAKE_IDEA= YES # IDEA (128 bit symmetric encryption) > USA_RESIDENT= NO > > Bye, > Knarf > -- > Frank Bartels | Tel: +49-89-849308-0 | CameloT - Der "sagenhafte" > knarf@camelot.de | http://www.camelot.de/ | Internet-Provider -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010110151120.A55352>