From owner-freebsd-stable Mon May 15 19:31:54 2000 Delivered-To: freebsd-stable@freebsd.org Received: from europe.std.com (europe.std.com [199.172.62.20]) by hub.freebsd.org (Postfix) with ESMTP id 094C437B9A0 for ; Mon, 15 May 2000 19:31:49 -0700 (PDT) (envelope-from kwc@world.std.com) Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by europe.std.com (8.9.3/8.9.3) with ESMTP id WAA27422; Mon, 15 May 2000 22:31:46 -0400 (EDT) Received: (from kwc@localhost) by world.std.com (8.9.3/8.9.3) id WAA05836; Mon, 15 May 2000 22:30:33 -0400 (EDT) Date: Mon, 15 May 2000 22:30:33 -0400 (EDT) From: Kenneth W Cochran Message-Id: <200005160230.WAA05836@world.std.com> To: "Chris D. Faulhaber" Subject: Re: Password scheme preservation/setting in 4.0-s Cc: freebsd-stable@freebsd.org, freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >From owner-freebsd-stable@FreeBSD.ORG Mon May 15 22:04:26 2000 >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT) >From: "Chris D. Faulhaber" >Subject: Re: Password scheme preservation/setting in 4.0-s > >On Mon, 15 May 2000, Kenneth W Cochran wrote: >> >> Is there a way to preserve the password "scheme" (MD5 vs DES) >> across buildworld/installworld in 4.0-STABLE? >> >> It appears that perhaps installworld re-set the symlinks on the >> crypto runtime libraries to DES even though I "manually" set >> them to MD5. > >See /etc/default/make.conf, in particular: > >#NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links Cool, thanks; I thought I'd looked there... (Seems like I looked everyplace else... :) What effect does this have on {build,install}world? For example, does this "force" the *crypt links to *scrypt or does it just "leave things as they are," whatever they might be? How does this "#define" relate to previous versions of FreeBSD if we didn't install the DES crypto distribution? With 4.x, I have to install the crypto to get OpenSSH & that sets things up to use DES instead of MD5. I've previously written that it would be nice if we could select crypto using MD5... :) My "guess" is that the default sysinstall sets up the links into libscrypt* & if DES is "selected" then the links get set to the libdescrypt* libraries. Hmmm... Does that mean that make "tests" someplace for existence of the DES libraries & handles this automagically? >----- >Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org >-------------------------------------------------------- >FreeBSD: The Power To Serve - http://www.FreeBSD.org -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message