Re: Password scheme preservation/setting in 4.0-s

Tue, 16 May 2000 05:47:51 -0700 

On Mon, 15 May 2000, Kenneth W Cochran wrote:

> >From [EMAIL PROTECTED]  Mon May 15 22:04:26 2000
> >Date: Mon, 15 May 2000 22:01:58 -0400 (EDT)
> >From: "Chris D. Faulhaber" <[EMAIL PROTECTED]>
> >Subject: Re: Password scheme preservation/setting in 4.0-s
> >
> >On Mon, 15 May 2000, Kenneth W Cochran wrote:
> >> 
> >> Is there a way to preserve the password "scheme" (MD5 vs DES)
> >> across buildworld/installworld in 4.0-STABLE?
> >> 
> >> It appears that perhaps installworld re-set the symlinks on the
> >> crypto runtime libraries to DES even though I "manually" set
> >> them to MD5.
> >
> >See /etc/default/make.conf, in particular:
> >
> >#NODESCRYPTLINKS=true   # do not replace libcrypt -> libscrypt links
> 
> Cool, thanks; I thought I'd looked there...  (Seems like I
> looked everyplace else...  :)
> 
> What effect does this have on {build,install}world?
> 
> For example, does this "force" the *crypt links to *scrypt or
> does it just "leave things as they are," whatever they might be?
> 

Yes, it forces the links to libscrypt* instead of libdescrypt*

> How does this "#define" relate to previous versions of FreeBSD
> if we didn't install the DES crypto distribution?  With 4.x, I
> have to install the crypto to get OpenSSH & that sets things up
> to use DES instead of MD5.  I've previously written that it
> would be nice if we could select crypto using MD5...  :)
> 
> My "guess" is that the default sysinstall sets up the links into
> libscrypt* & if DES is "selected" then the links get set to the
> libdescrypt* libraries.
> 

I don't quite understand the question.  You are correct in that the DES
dist. is required for the crypto in 4.x, which sets up the libcrypt links
to libdescrypt*.  And yes, it would be nice to have the ability to select
the default crypto mechanism (patches are gladly accepted).

> Hmmm...  Does that mean that make "tests" someplace for
> existence of the DES libraries & handles this automagically?
> 

Yep, from /usr/src/Makefile.inc1:

.if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE)
SUBDIR+= secure
.endif

among other places.


-----
Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED]
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Reply via email to