gratuitous difference between us and our sister project.
This was given to me _ages_ ago. May apologies to Paul for the length
of time its taken me to commit.
Obtained from: Niels Provos <provos@physnet.uni-hamburg.de>/OpenBSD
Submitted by: Paul Herman <pherman@frenchfries.net>
one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).
The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
Revert the major number back to 2.
libcrypt only export one function, before the recent changes and now:
char *crypt(const char *key, const char *salt);
The prototype didn't changed. Internal representation of `char' and `char *'
didn't changed. Therefore, there is no reason to change the version number.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc. (These changes need to be
made to the non-US version of libdescrypt too!)
Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.
Submitted by: pst