From: "Phil Regnauld" <[EMAIL PROTECTED]>
> Terry Lambert writes:
> > For what it's worth, the FP security issues are very well documented
> > by ReadyToRun Software's site (these are the folks who do the UNIX
> > ports for Microsoft).
> > They also keep both BSDI 2.1 and 3.0 binaries available, and they
> > know about FreeBSD (it's mentioned in the FAQ as an unsupported
> > platform; apparently someone was having problems with the MD5
> > password hashing. Someone who cares should send them mail on how
> > to update their FAQ to be more correct, and to raise FreeBSD's
> > visibility as a platform -- e.g. what versions to us4e for
> > what, install instructions for FreeBSD, etc.).
> FWIW, they now have a native FreeBSD version (FP extensions
> SR1, the port needs to be updated BTW) -- works like a charm with minor
> changes to one of the port patches.
Yes, there is only a minor change that is needed to the port to get it
working with FP 2K SR1.
See PR 18581, PR 18788
I did find a problem with fpsrvadm.exe. If you have libcrypt linked to
libscrypt, then fpsrvadm.exe creates an invalid MD5 password (I believe the
buffer RTR used to hold the password returned from the crypt function is too
small for the MD5 passwords). I have informed RTR and they said a fix would
be available in the next release.
For the time being the port (apache13-fp, or upcomming mod_frontpage) will
still need to use the BSDI extentions, and statically compile the apache
server with libdescrypt.a on systems where libcrypt is linked to libscrypt.
> Caveat: if you misconfigure your VirtualHost in some way, any call
> to the FP-patched Apache to that subweb's /_vti_bin/ will make it
> (apache) segfault.
> Will debug this if I find time.
I haven't come across this problem. But I do know that it will segfault if
you are not using a patched suexec, as the unpatched suexec will not allow
fpexe to run.
PS. This is off topic for current, so please remove current when replying.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message