Date: Tue, 16 May 2000 08:50:22 -0400 (EDT) From: "Chris D. Faulhaber" <jedgar@fxp.org> To: Kenneth W Cochran <kwc@world.std.com> Cc: freebsd-stable@freebsd.org Subject: Re: Password scheme preservation/setting in 4.0-s Message-ID: <Pine.BSF.4.21.0005160844030.2146-100000@earth.fxp> In-Reply-To: <200005160230.WAA05836@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 May 2000, Kenneth W Cochran wrote:
> >From owner-freebsd-stable@FreeBSD.ORG Mon May 15 22:04:26 2000
> >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT)
> >From: "Chris D. Faulhaber" <jedgar@fxp.org>
> >Subject: Re: Password scheme preservation/setting in 4.0-s
> >
> >On Mon, 15 May 2000, Kenneth W Cochran wrote:
> >>
> >> Is there a way to preserve the password "scheme" (MD5 vs DES)
> >> across buildworld/installworld in 4.0-STABLE?
> >>
> >> It appears that perhaps installworld re-set the symlinks on the
> >> crypto runtime libraries to DES even though I "manually" set
> >> them to MD5.
> >
> >See /etc/default/make.conf, in particular:
> >
> >#NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links
>
> Cool, thanks; I thought I'd looked there... (Seems like I
> looked everyplace else... :)
>
> What effect does this have on {build,install}world?
>
> For example, does this "force" the *crypt links to *scrypt or
> does it just "leave things as they are," whatever they might be?
>
Yes, it forces the links to libscrypt* instead of libdescrypt*
> How does this "#define" relate to previous versions of FreeBSD
> if we didn't install the DES crypto distribution? With 4.x, I
> have to install the crypto to get OpenSSH & that sets things up
> to use DES instead of MD5. I've previously written that it
> would be nice if we could select crypto using MD5... :)
>
> My "guess" is that the default sysinstall sets up the links into
> libscrypt* & if DES is "selected" then the links get set to the
> libdescrypt* libraries.
>
I don't quite understand the question. You are correct in that the DES
dist. is required for the crypto in 4.x, which sets up the libcrypt links
to libdescrypt*. And yes, it would be nice to have the ability to select
the default crypto mechanism (patches are gladly accepted).
> Hmmm... Does that mean that make "tests" someplace for
> existence of the DES libraries & handles this automagically?
>
Yep, from /usr/src/Makefile.inc1:
.if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE)
SUBDIR+= secure
.endif
among other places.
-----
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve - http://www.FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005160844030.2146-100000>