From owner-freebsd-questions@FreeBSD.ORG Sun Jan 22 02:19:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F77B16A41F for ; Sun, 22 Jan 2006 02:19:04 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from mxout4.cac.washington.edu (mxout4.cac.washington.edu [140.142.33.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4F3343D45 for ; Sun, 22 Jan 2006 02:19:03 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout4.cac.washington.edu (8.13.5+UW05.10/8.13.5+UW05.09) with ESMTP id k0M2J3c0025922 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 21 Jan 2006 18:19:03 -0800 X-Auth-Received: from [192.168.0.23] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.5+UW05.10/8.13.5+UW05.09) with ESMTP id k0M2J2Bo008379 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Sat, 21 Jan 2006 18:19:02 -0800 Mime-Version: 1.0 (Apple Message framework v746.2) In-Reply-To: References: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Sat, 21 Jan 2006 18:20:09 -0800 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.746.2) X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Subject: Re: make.conf Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jan 2006 02:19:04 -0000 On Jan 21, 2006, at 4:54 PM, Adam Stroud wrote: > All: > > I have been playing around with make.conf and I see that it is > possible to > to use the "NO_OPENSSH" variable to not build openssh when updating > fbsd > from source. I also noticed in the /etc/defaults/rc.conf file that > there is > a "sshd_program" entry that can be used to adjust where the > installation of > sshd is. I am assuming that this means that I can install openssh > from the > ports exclusively and use the rc.conf file to launch the ports sshd on > startup. Here are my questions about this: > > 1. Is my assumption correct? > 2. Does this also apply to things like kerberos and openssl > 3. Does this impose any notable side effects to the system > (possibly with > stability/security)? > > Thanks > A According to man make.conf, NO_OPENSSH is the variable which defines whether or not to build OpenSSH. This doesn't have anything to do with fetching OpenSSH. NO_OPENSSL=yes implies NO_KERBEROS=yes and NO_OPENSSH=yes, since both things depend upon the existence of Openssl. However, I highly suggest that you keep OpenSSL since it's important for most software on various levels (ie how can you go online to certain websites and login if you don't have SSL support?!). Read man make.conf for more info on some of the variables that you can define for your system via make.conf. -Garrett