Re: libcrypto (DES - MD5)
On Thu, Feb 03, 2000 at 10:09:22AM -0800, Kris Kennaway wrote: AFAIK this has always been the way it works: if you install libdescrypt, the system makes the (mistaken) assumption you want DES passwords all the time. This is true for the initial installation. However, `make world' used to respect the an existing symlink. src/secure/lib/libcrypt/Makefile shows this intention. -- -- David([EMAIL PROTECTED]) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
On Thu, Feb 03, 2000 at 10:09:22AM -0800, Kris Kennaway wrote: a proper fix might be to add a login class which determines which of MD5 and DES you should use for new passwords I believe PAM is the more "approved" way to implement this functionality. Before PAM it would be /etc/auth.conf. I wanted to add this functionality over a year ago, but Markm asked me to wait for PAM and that he was working on an implementation using that. -- -- David([EMAIL PROTECTED]) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
AFAIK this has always been the way it works: if you install libdescrypt, the system makes the (mistaken) assumption you want DES passwords all the time. This is true for the initial installation. However, `make world' used to respect the an existing symlink. src/secure/lib/libcrypt/Makefile shows this intention. Except at some stage a nasty afterinstall target crept in there. :-/ John -- John Hay -- [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
On Thu, Feb 03, 2000 at 10:09:22AM -0800, Kris Kennaway wrote: a proper fix might be to add a login class which determines which of MD5 and DES you should use for new passwords I believe PAM is the more "approved" way to implement this functionality. Before PAM it would be /etc/auth.conf. I wanted to add this functionality over a year ago, but Markm asked me to wait for PAM and that he was working on an implementation using that. You want to work on PAM's, go ahead! M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
libcrypto (DES - MD5)
Long time ago I used the crypto code on cvsup.internat.freebsd.org and all was nice. Now I need to use crypto from internat to be able to use OpenSSH. I have to have openssl in my base system otherwise I cannot use the port. So, on my -current box I cvsup both todays -current source and the crypto source from cvsup.internat.freebsd.org and continues with a 'make world'. make world finishes just fine and I recompile a new kernel. reboots and installs openssh port. Everything seems just fine and dandy. I add a new user, and with 'vipw' I notices that this user now gets a DES based passwd. (we only use MD5 passwords around). Then I looked in /usr/lib and noticed that libcrypt now is symlinked to libdescrypt: lrwxr-xr-x 1 root wheel 13 Feb 3 08:20 libcrypt.a@ - libdescrypt.a lrwxr-xr-x 1 root wheel 14 Feb 3 08:20 libcrypt.so@ - libdescrypt.so lrwxr-xr-x 1 root wheel 16 Feb 3 08:20 libcrypt.so.2@ - libdescrypt.so.2 This is not what I had expected, earlier FreeBSD version did not change my symlinks in /usr/lib with a make world or installworld, whatever... Of course I can change the symlinks and re-hash the passwd and be happy, but I think that this is _wrong_. The 'installworld' target should not IMHO change the libcrypto symlinks. I want to use MD5 passwords, but I also need to have the crypto source collection installed to use OpenSSH and such. Could this behaviour be turned back to what its used to be? It used to be myself that had to change the symlinks if I wanted to switch to DES passwd. -- Anders Andersson[EMAIL PROTECTED] Sanyusan International AB http://www.sanyusan.se/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
On Thu, 3 Feb 2000, Anders Andersson wrote: I add a new user, and with 'vipw' I notices that this user now gets a DES based passwd. (we only use MD5 passwords around). Then I looked in /usr/lib and noticed that libcrypt now is symlinked to libdescrypt: AFAIK this has always been the way it works: if you install libdescrypt, the system makes the (mistaken) assumption you want DES passwords all the time. For now, just repoint the symlinks and edit out the build of secure/lib/libcrypt - a proper fix might be to add a login class which determines which of MD5 and DES you should use for new passwords, but I won't be able to get that committed until after 4.0. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: libcrypto (DES - MD5)
In article [EMAIL PROTECTED], Kris Kennaway [EMAIL PROTECTED] wrote: On Thu, 3 Feb 2000, Anders Andersson wrote: I add a new user, and with 'vipw' I notices that this user now gets a DES based passwd. (we only use MD5 passwords around). Then I looked in /usr/lib and noticed that libcrypt now is symlinked to libdescrypt: AFAIK this has always been the way it works: if you install libdescrypt, the system makes the (mistaken) assumption you want DES passwords all the time. I agree. It has been that way as long as I can remember (since around 2.0.5-RELEASE). John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message