one-way hash functions for authentication purposes. There is no more
"set the libcrypt->libXXXcrypt" nightmare.
- Undo the libmd.so hack, use -D to hide the md5c.c internals.
- Remove the symlink hacks in release/Makefile
- the algorthm is set by set_crypt_format() as before. If this is
not called, it tries to heuristically figure out the hash format, and
if all else fails, it uses the optional auth.conf entry to chose the
overall default hash.
- Since source has non-hidden crypto in it there may be some issues with
having the source it in some countries, so preserve the "secure/*"
division. You can still build a des-free libcrypt library if you want
to badly enough. This should not be a problem in the US or exporting
from the US as freebsd.org had notified BXA some time ago. That makes
this stuff re-exportable by anyone.
- For consistancy, the default in absence of any other clues is md5. This
is to try and minimize POLA across buildworld where folk may suddenly
be activating des-crypt()-hash support. Since the des hash may not
always be present, it seemed sensible to make the stronger md5 algorithm
the default.
All things being equal, no functionality is lost.
Reviewed-by: jkh
(flame-proof suit on)
- IP addresses are verified as being correct dotted quad format.
- Netmasks are verified as being in correct dotted quad or 0x* format,
and being consecutive 1 bits followed by consecutive 0 bits.
- The gateway is verified as being correct dotted quad format and
being reachable through the configured IP address and netmask.
no as a default. Sysinstall should be both less dangerous and less
annoying as a result of this change, though that's just my opinion
(since they're the defaults which annoy ME the least :).
OpenSSH->2.3.0 and PAM support, tcsh->6.10.0, elimination of emulation-
loading scripts, top(1) screen width fix, groff->1.16.1, growfs(8) and
ffsinfo(8), new indent(1) options.
Also fix a typo describing the Accton "Cheetah".
rc.conf: make the system recognise the MAC address and assign an IP
automatically from /etc/hosts (or ask the user)
sshd_config: don't do x11 forwarding.
Dike out support for DEC3000/300* Pelic* and the DEC3000/[4-9]00
Flamingo/Sandpiper families, SLIP, lance Ethernet (especially since `le'
based Alphas are diked out now too), POSIX P1003_1B real-time extentions,
and last but not least "NOBLOCKRANDOM" since the random device is removed.
This lets us fit [barely!]:
Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted
/dev/vnn0c 1407 1386 21 99% 6 24 20% /mnt
*** Filesystem is 1440 K, 21 left
*** 80000 bytes/inode, 24 left
Created /R/stage/floppies/kern.flp