From owner-freebsd-stable@FreeBSD.ORG Thu Apr 17 12:32:44 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB50937B401 for ; Thu, 17 Apr 2003 12:32:44 -0700 (PDT) Received: from mail.urchin.com (ns2.quantified.com [63.212.171.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1688A43F3F for ; Thu, 17 Apr 2003 12:32:42 -0700 (PDT) (envelope-from dsilver@urchin.com) Received: from support.urchin.com (support.urchin.com [63.212.171.7]) by mail.urchin.com (8.12.9/8.12.1) with ESMTP id h3HJWxuf075406; Thu, 17 Apr 2003 12:32:37 -0700 (PDT) (envelope-from dsilver@urchin.com) Received: from danzig.sd.quantified.net (web.urchin.com [63.212.171.5]) (authenticated bits=0) by support.urchin.com (8.12.8/8.12.6) with ESMTP id h3HJWesL087555; Thu, 17 Apr 2003 12:32:40 -0700 (PDT) (envelope-from dsilver@urchin.com) From: Doug Silver Organization: Urchin Software Corporation To: Charles Sprickman Date: Thu, 17 Apr 2003 12:33:10 -0700 User-Agent: KMail/1.5.1 References: <200304151126.21202.dsilver@urchin.com> <200304151618.21167.dsilver@urchin.com> <20030415204211.I6307@shell.inch.com> In-Reply-To: <20030415204211.I6307@shell.inch.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200304171232.48652.dsilver@urchin.com> X-Filter-Version: 1.7 (mail.urchin.com) cc: stable@freebsd.org Subject: Re: Problem logging in after upgrade to 4.8-Stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 19:32:45 -0000 On Tuesday 15 April 2003 05:44 pm, Charles Sprickman wrote: > On Tue, 15 Apr 2003, Doug Silver wrote: > > Here's some more information that I realize is probably relevant. I've > > attempted to strip out the openssl/openssh out of the base system, > > including libcrypto and libssl so I can track it through the ports area. > > That would be the problem. You probably lack the crypto libs needed to > check the "old" users. The new users are probably using a different > encryption method in the password file. Look at /etc/master.passwd and > you should see a difference in the crypted password. > > As far as I know, you *can't* pull libcrypto out and replace it from ports > as there is no such port... I'm sure someone will correct me if I'm wrong > about that, but even if I am, it still sounds like a bad idea. > > Charles > libcrypto is part of the openssl port, perhaps you're thinking of libcrypt? I just figured out where I shot myself in the foot ;\ In my attempt to strip out libcrypto/libssl out of the build process I commented in "NOSECURE" and "NOCRYPTO" in /etc/make.conf -- and to ensure it, I removed the source. So, that is clearly the wrong thing to do. Is the preferred method, if I simply want to ensure that libcrypto and libssl are used from the openssl port, to remove & symlink them in /usr/lib? BTW -- I'm not concerned with the few binaries in the base system that are linked against these libs (e.g. pkg_sign, pkg_check). Or, is this a Pandora's box that I just shouldn't open (assuming the ports system recognizes the various "OPENSSL" settings in /etc/make.conf)? -doug