Subject: Re: Building a domestic system...
To: Peter Seebach <>
From: Miles Nordin <carton@Ivy.NET>
List: current-users
Date: 02/14/2000 14:43:13
On Mon, 14 Feb 2000, Peter Seebach wrote:

> So, obviously I don't just set DOMESTIC to /usr/src/domestic, or whatever.
> What am I supposed to be doing?

set CRYPTOBASE.  If you have a crypto-us or crypto-intl directory, will set CRYPTOBASE for you.  You can just rename domestic
to crypto-us and not set anything.

It's weird--everyone is saying ``crypto-us'' now but if you sup you still
get ``domestic''.

Also see crypto-*/README for an explanation of PATENTEDOPENSSLSRC.  If you
want Idea and non-Rsaref RSA in your libssl, you need to point this
variable to some (relatively small) parts of the openssl-tarball's tree,
because these patented algorithms weren't checked into CVS.

Of course, you don't want to do this since it's illegal and therefore
Wrong, but it's, uh, interesting. :)

I've switched over to crypto-intl because the announcement sounded like
Heimdal was more likely to survive than krb5 (residual hatred for the US,
better-maintained, already IPv6-ready), but I may be wrong.  Anyway it's
eomthing to consider if you've got nothing working now and want to get
_something_ up and running.  I'm getting Heimdal with:


You get RCS files.  You can get regular files quickly as follows:

  gzip -dc ../cryptosrc-intl.tar.gz | pax -r
  rm ../cryptosrc-intl.tar.gz
  mv cryptosrc-intl/* .
  rmdir cryptosrc-intl
  mkdir CVSROOT
  ( cd /usr/dist/src && (
    CVSROOT=/usr/dist/cryptosrc-intl cvs co -P crypto-intl
    find crypto-intl -type d -a -name CVS -a -print0 | xargs -0 rm -rf

These regular files can be slapped into crypto-intl, and it works (modulo
a few Makefile bugs).

Miles Nordin / v:+1 720 841-8308 fax:+1 530 579-8680
555 Bryant Street PMB 182 / Palo Alto, CA 94301-1700 / US