From owner-freebsd-stable Tue May 16 12: 7:36 2000 Delivered-To: freebsd-stable@freebsd.org Received: from europe.std.com (europe.std.com [199.172.62.20]) by hub.freebsd.org (Postfix) with ESMTP id 7089237BAE5 for ; Tue, 16 May 2000 12:07:32 -0700 (PDT) (envelope-from kwc@world.std.com) Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by europe.std.com (8.9.3/8.9.3) with ESMTP id PAA13711; Tue, 16 May 2000 15:07:28 -0400 (EDT) Received: (from kwc@localhost) by world.std.com (8.9.3/8.9.3) id PAA24096; Tue, 16 May 2000 15:05:33 -0400 (EDT) Date: Tue, 16 May 2000 15:05:33 -0400 (EDT) From: Kenneth W Cochran Message-Id: <200005161905.PAA24096@world.std.com> To: "Chris D. Faulhaber" Subject: Re: Password scheme preservation/setting in 4.0-s Cc: freebsd-stable@freebsd.org, freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >From jedgar@fxp.org Tue May 16 08:51:37 2000 >Date: Tue, 16 May 2000 08:50:22 -0400 (EDT) >Subject: Re: Password scheme preservation/setting in 4.0-s > >On Mon, 15 May 2000, Kenneth W Cochran wrote: >> >From owner-freebsd-stable@FreeBSD.ORG Mon May 15 22:04:26 2000 >> >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT) >> >From: "Chris D. Faulhaber" >> >Subject: Re: Password scheme preservation/setting in 4.0-s >> > >> >On Mon, 15 May 2000, Kenneth W Cochran wrote: >> >> >> >> Is there a way to preserve the password "scheme" (MD5 vs DES) >> >> across buildworld/installworld in 4.0-STABLE? >> >> >> >> It appears that perhaps installworld re-set the symlinks on the >> >> crypto runtime libraries to DES even though I "manually" set >> >> them to MD5. >> > >> >See /etc/default/make.conf, in particular: >> > >> >#NODESCRYPTLINKS=true # do not replace libcrypt -> libscrypt links So, it appears that I must un-comment this line, but what if un-comment it & change its "value" to "false" (or something else, perhaps something silly)? I have a "hunch" it doesn't care, as long as the "value" is non-null; looks like I need to do some more "research..." :) >> Cool, thanks; I thought I'd looked there... (Seems like I >> looked everyplace else... :) >> >> What effect does this have on {build,install}world? >> >> For example, does this "force" the *crypt links to *scrypt or >> does it just "leave things as they are," whatever they might be? > >Yes, it forces the links to libscrypt* instead of libdescrypt* > >> How does this "#define" relate to previous versions of FreeBSD >> if we didn't install the DES crypto distribution? With 4.x, I >> have to install the crypto to get OpenSSH & that sets things up >> to use DES instead of MD5. I've previously written that it >> would be nice if we could select crypto using MD5... :) >> >> My "guess" is that the default sysinstall sets up the links into >> libscrypt* & if DES is "selected" then the links get set to the >> libdescrypt* libraries. > >I don't quite understand the question. You are correct in that >the DES dist. is required for the crypto in 4.x, which sets up >the libcrypt links to libdescrypt*. And yes, it would be nice >to have the ability to select the default crypto mechanism >(patches are gladly accepted). I'd be delighted to, but I don't know how. Yet. I'd welcome pointers on how to do this (ie. a place to RTFM... :). There are a few other places I'd like to do this, too... >> Hmmm... Does that mean that make "tests" someplace for >> existence of the DES libraries & handles this automagically? > >Yep, from /usr/src/Makefile.inc1: > >.if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE) >SUBDIR+= secure >.endif > >among other places. Hey, thanks! This is an example of something I'd like to see better documented, but I bet it changes frequently. I might be willing to write some doc myself, but as yet I don't know enough about the insides of this to do so... >----- >Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org >-------------------------------------------------------- >FreeBSD: The Power To Serve - http://www.FreeBSD.org -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message