From owner-freebsd-stable Tue May 16 5:50:28 2000 Delivered-To: freebsd-stable@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id ABABD37B784 for ; Tue, 16 May 2000 05:50:25 -0700 (PDT) (envelope-from jedgar@fxp.org) Received: from earth.fxp (oca-u1-4.hitter.net [207.192.78.4]) by pawn.primelocation.net (Postfix) with ESMTP id EA8B39B1D; Tue, 16 May 2000 08:50:22 -0400 (EDT) Date: Tue, 16 May 2000 08:50:22 -0400 (EDT) From: "Chris D. Faulhaber" X-Sender: jedgar@earth.fxp To: Kenneth W Cochran Cc: freebsd-stable@freebsd.org Subject: Re: Password scheme preservation/setting in 4.0-s In-Reply-To: <200005160230.WAA05836@world.std.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 15 May 2000, Kenneth W Cochran wrote: > >From owner-freebsd-stable@FreeBSD.ORG Mon May 15 22:04:26 2000 > >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT) > >From: "Chris D. Faulhaber" > >Subject: Re: Password scheme preservation/setting in 4.0-s > > > >On Mon, 15 May 2000, Kenneth W Cochran wrote: > >> > >> Is there a way to preserve the password "scheme" (MD5 vs DES) > >> across buildworld/installworld in 4.0-STABLE? > >> > >> It appears that perhaps installworld re-set the symlinks on the > >> crypto runtime libraries to DES even though I "manually" set > >> them to MD5. > > > >See /etc/default/make.conf, in particular: > > > >#NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links > > Cool, thanks; I thought I'd looked there... (Seems like I > looked everyplace else... :) > > What effect does this have on {build,install}world? > > For example, does this "force" the *crypt links to *scrypt or > does it just "leave things as they are," whatever they might be? > Yes, it forces the links to libscrypt* instead of libdescrypt* > How does this "#define" relate to previous versions of FreeBSD > if we didn't install the DES crypto distribution? With 4.x, I > have to install the crypto to get OpenSSH & that sets things up > to use DES instead of MD5. I've previously written that it > would be nice if we could select crypto using MD5... :) > > My "guess" is that the default sysinstall sets up the links into > libscrypt* & if DES is "selected" then the links get set to the > libdescrypt* libraries. > I don't quite understand the question. You are correct in that the DES dist. is required for the crypto in 4.x, which sets up the libcrypt links to libdescrypt*. And yes, it would be nice to have the ability to select the default crypto mechanism (patches are gladly accepted). > Hmmm... Does that mean that make "tests" someplace for > existence of the DES libraries & handles this automagically? > Yep, from /usr/src/Makefile.inc1: .if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE) SUBDIR+= secure .endif among other places. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message