From owner-cvs-all Tue Sep 21 22:50:49 1999 Delivered-To: cvs-all@freebsd.org Received: from arc.hq.cti.ru (arc.hq.cti.ru [195.34.40.3]) by hub.freebsd.org (Postfix) with ESMTP id 3638415466; Tue, 21 Sep 1999 22:50:43 -0700 (PDT) (envelope-from dima@tejblum.pp.ru) Received: (from uucp@localhost) by arc.hq.cti.ru (8.9.3/8.9.3) with UUCP id JAA07389; Wed, 22 Sep 1999 09:49:25 +0400 (MSD) (envelope-from dima@tejblum.pp.ru) Received: from tejblum.pp.ru (localhost [127.0.0.1]) by tejblum.pp.ru (8.9.3/8.9.3) with ESMTP id JAA00506; Wed, 22 Sep 1999 09:52:50 +0400 (MSD) (envelope-from dima@tejblum.pp.ru) Message-Id: <199909220552.JAA00506@tejblum.pp.ru> X-Mailer: exmh version 2.0gamma 1/27/96 To: nate@mt.sri.com (Nate Williams) Cc: Dmitrij Tejblum , Mark Murray , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org From: Dmitrij Tejblum Subject: Re: cvs commit: src/secure/lib/libcrypt Makefile src/lib/libcrypt Makefile In-reply-to: Your message of "Tue, 21 Sep 1999 21:27:42 MDT." <199909220327.VAA11157@mt.sri.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 22 Sep 1999 09:52:50 +0400 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Nate Williams wrote: > No, you'd rather everyone be confused as to *which* version of > libcrypt.so.1 is the correct version? With your solution, there could > be *dozens* of files with the same name that are very different from one > another, and only the 'latest' version is correct. This is normal for every program in the system. You don't have a version number on cat(1) or login(1). This is normal for shared libraries as well. Version number on a shared library is only a something about binary compatibility, it has nothing to do with the feature set or somesuch. > That portion of your commit was wrong, in that it violates POLA. Yes, > it's more work for you, but that's the price *YOU* pay for tracking a > system that is in constant development. Oh. Note: there is only one password database in your machine. An user ask the question: "Can I use SHA1-encrypted passwords in the password database?" My answer (it is also in docs): "Yes you can." This answer is plain and simple, but break POLA. Your answer: "There is a lot of programs that autheticate users against the password database. If an user has an SHA1-encrypted password, some program will mistakely reject passwords of such users. To determine if a program can handle SHA1-encrypted password, you can run ldd on it, like this: ldd /usr/local/sbin/sshd. If ldd show libcrypt.so.3, the program will work with SHA1-encrypted passwords. If it show libcrypt.so.2, the program will not work wuth SHA1-encrypted password." This answer does not break POLA, and will confuse noone, right?. The POLA is not broken even if I changed my password and then noticed that I can login from console but cannot login via ssh. I am the only one confused here, everyone else would just run ldd and know beforehand. Cool. Please remind me, what is POLA? Dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message