Hi,
I installed a -current snap from internat.freebsd.org that was built
with crypto source from internat. I answered yes when sysinstall asked
me if I want the crypto stuff, but then found that it marked me as an
USA_RESIDENT=YES in /etc/make.conf and it also asked me later if I
want to install the rsaref libraries.
I think the test for USA_RESIDENT should be a bit more clever or the
message should be a bit more clear. At the moment it is:
Do you wish to install cryptographic software?
If you choose No, FreeBSD will use an MD5 based password scheme which,
while perhaps more secure, is not interoperable with the traditional
DES-based passwords on other Unix systems. There will also be some
differences in the type of RSA code you use.
Please do NOT choose Yes at this point if you are outside the
United States and Canada and are installing from a U.S. FTP server.
Instead, install everything but the crypto bits from the U.S. site
and then switch to an international FTP server to install crypto on
a second pass with the Custom Installation option.
Maybe we can have some kind of flag in the crypto distribution to mark
if it is USA or non-USA and use that to decide how to set USA_RESIDENT
or maybe someone clever enough can figure out if the dowloaded crypto
libraries still need rsaref and use that to set it?
Also it would be nice to have an option to install the crypto ditribution
(to get openssh) but still have md5 passwords, ie. the libcrypt.* links
don't get extracted out of the crypto distribution or something can just
link them back to libscrypt.*.
John
--
John Hay -- [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
