Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 May 2000 15:05:33 -0400 (EDT)
From:      Kenneth W Cochran <kwc@world.std.com>
To:        "Chris D. Faulhaber" <jedgar@fxp.org>
Cc:        freebsd-stable@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: Password scheme preservation/setting in 4.0-s
Message-ID:  <200005161905.PAA24096@world.std.com>

next in thread | raw e-mail | index | archive | help
>From jedgar@fxp.org  Tue May 16 08:51:37 2000
>Date: Tue, 16 May 2000 08:50:22 -0400 (EDT)
>Subject: Re: Password scheme preservation/setting in 4.0-s
>
>On Mon, 15 May 2000, Kenneth W Cochran wrote:
>> >From owner-freebsd-stable@FreeBSD.ORG  Mon May 15 22:04:26 2000
>> >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT)
>> >From: "Chris D. Faulhaber" <jedgar@fxp.org>
>> >Subject: Re: Password scheme preservation/setting in 4.0-s
>> >
>> >On Mon, 15 May 2000, Kenneth W Cochran wrote:
>> >>
>> >> Is there a way to preserve the password "scheme" (MD5 vs DES)
>> >> across buildworld/installworld in 4.0-STABLE?
>> >>
>> >> It appears that perhaps installworld re-set the symlinks on the
>> >> crypto runtime libraries to DES even though I "manually" set
>> >> them to MD5.
>> >
>> >See /etc/default/make.conf, in particular:
>> >
>> >#NODESCRYPTLINKS=true   # do not replace libcrypt -> libscrypt links

So, it appears that I must un-comment this line, but what if
un-comment it & change its "value" to "false" (or something
else, perhaps something silly)?  I have a "hunch" it doesn't
care, as long as the "value" is non-null; looks like I need to
do some more "research..."  :)

>> Cool, thanks; I thought I'd looked there...  (Seems like I
>> looked everyplace else...  :)
>>
>> What effect does this have on {build,install}world?
>>
>> For example, does this "force" the *crypt links to *scrypt or
>> does it just "leave things as they are," whatever they might be?
>
>Yes, it forces the links to libscrypt* instead of libdescrypt*
>
>> How does this "#define" relate to previous versions of FreeBSD
>> if we didn't install the DES crypto distribution?  With 4.x, I
>> have to install the crypto to get OpenSSH & that sets things up
>> to use DES instead of MD5.  I've previously written that it
>> would be nice if we could select crypto using MD5...  :)
>>
>> My "guess" is that the default sysinstall sets up the links into
>> libscrypt* & if DES is "selected" then the links get set to the
>> libdescrypt* libraries.
>
>I don't quite understand the question.  You are correct in that
>the DES dist. is required for the crypto in 4.x, which sets up
>the libcrypt links to libdescrypt*.  And yes, it would be nice
>to have the ability to select the default crypto mechanism
>(patches are gladly accepted).

I'd be delighted to, but I don't know how.  Yet.  I'd welcome
pointers on how to do this (ie. a place to RTFM...  :).

There are a few other places I'd like to do this, too...

>> Hmmm...  Does that mean that make "tests" someplace for
>> existence of the DES libraries & handles this automagically?
>
>Yep, from /usr/src/Makefile.inc1:
>
>.if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE)
>SUBDIR+= secure
>.endif
>
>among other places.

Hey, thanks!  This is an example of something I'd like to see
better documented, but I bet it changes frequently.  I might be
willing to write some doc myself, but as yet I don't know enough
about the insides of this to do so...  <sigh...>

>-----
>Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
>--------------------------------------------------------
>FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

-kc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005161905.PAA24096>