Date: Fri, 10 Mar 2000 13:01:54 +0200 (SAT) From: John Hay <jhay@mikom.csir.co.za> To: freebsd-current@FreeBSD.ORG (FreeBSD-current) Subject: USA_RESIDENT and sysinstall Message-ID: <200003101101.NAA19693@zibbi.mikom.csir.co.za>
next in thread | raw e-mail | index | archive | help
Hi, I installed a -current snap from internat.freebsd.org that was built with crypto source from internat. I answered yes when sysinstall asked me if I want the crypto stuff, but then found that it marked me as an USA_RESIDENT=YES in /etc/make.conf and it also asked me later if I want to install the rsaref libraries. I think the test for USA_RESIDENT should be a bit more clever or the message should be a bit more clear. At the moment it is: -------- Do you wish to install cryptographic software? If you choose No, FreeBSD will use an MD5 based password scheme which, while perhaps more secure, is not interoperable with the traditional DES-based passwords on other Unix systems. There will also be some differences in the type of RSA code you use. Please do NOT choose Yes at this point if you are outside the United States and Canada and are installing from a U.S. FTP server. Instead, install everything but the crypto bits from the U.S. site and then switch to an international FTP server to install crypto on a second pass with the Custom Installation option. -------- Maybe we can have some kind of flag in the crypto distribution to mark if it is USA or non-USA and use that to decide how to set USA_RESIDENT or maybe someone clever enough can figure out if the dowloaded crypto libraries still need rsaref and use that to set it? Also it would be nice to have an option to install the crypto ditribution (to get openssh) but still have md5 passwords, ie. the libcrypt.* links don't get extracted out of the crypto distribution or something can just link them back to libscrypt.*. John -- John Hay -- John.Hay@mikom.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003101101.NAA19693>