1 files changed, 37 insertions, 22 deletions
diff --git a/INSTALL b/INSTALL
index af02c0b49..001ebb666 100644
--- a/INSTALL
+++ b/INSTALL
@@ -14,17 +14,37 @@ Blowfish) do not work correctly.)
 The remaining items are optional.
-OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
-supports it. PAM is standard on Redhat and Debian Linux, Solaris and
-HP-UX 11.
 NB. If you operating system supports /dev/random, you should configure
 OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
-/dev/random. If you don't you will have to rely on ssh-rand-helper, which
+/dev/random, or failing that, either prngd or egd.  If you don't have
-is inferior to a good kernel-based solution.
+any of these you will have to rely on ssh-rand-helper, which is inferior
+to a good kernel-based solution or prngd.
+PRNGD:
+If your system lacks kernel-based random collection, the use of Lutz
+Jaenicke's PRNGd is recommended.
+http://prngd.sourceforge.net/
+EGD:
+The Entropy Gathering Daemon (EGD) is supported if you have a system which
+lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
+http://www.lothar.com/tech/crypto/
 PAM:
-http://www.kernel.org/pub/linux/libs/pam/
+OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
+system supports it. PAM is standard most Linux distributions, Solaris,
+HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
+Information about the various PAM implementations are available:
+Solaris PAM:    http://www.sun.com/software/solaris/pam/
+Linux PAM:      http://www.kernel.org/pub/linux/libs/pam/
+OpenPAM:        http://www.openpam.org/
 If you wish to build the GNOME passphrase requester, you will need the GNOME
 libraries and headers.
@@ -37,19 +57,14 @@ passphrase requester. This is maintained separately at:
 http://www.jmknoble.net/software/x11-ssh-askpass/
-PRNGD:
+TCP Wrappers:
-If your system lacks Kernel based random collection, the use of Lutz
-Jaenicke's PRNGd is recommended.
-http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
-EGD:
-The Entropy Gathering Daemon (EGD) is supported if you have a system which
+If you wish to use the TCP wrappers functionality you will need at least
-lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
+tcpd.h and libwrap.a, either in the standard include and library paths,
+or in the directory specified by --with-tcp-wrappers.  Version 7.6 is
+known to work.
-http://www.lothar.com/tech/crypto/
+http://ftp.porcupine.org/pub/security/index.html
 S/Key Libraries:
@@ -72,7 +87,7 @@ Autoconf:
 If you modify configure.ac or configure doesn't exist (eg if you checked
 the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
 the automatically generated files by running "autoreconf".  Earlier
-version may also work but this is not guaranteed.
+versions may also work but this is not guaranteed.
 http://www.gnu.org/software/autoconf/
@@ -162,7 +177,7 @@ Integration Architecture.  The default for OSF1 machines is enable.
 need the S/Key libraries and header files installed for this to work.
 --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
-support. You will need libwrap.a and tcpd.h installed.
+support.
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
 if your operating system uses MD5 passwords and the system crypt() does
@@ -180,7 +195,7 @@ $DISPLAY environment variable. Some broken systems need this.
 --with-default-path=PATH allows you to specify a default $PATH for sessions
 started by sshd. This replaces the standard path entirely.
--with-pid-dir=PATH specifies the directory in which the ssh.pid file is
+--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
 created.
 --with-xauth=PATH specifies the location of the xauth binary
@@ -251,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
-$Id: INSTALL,v 1.77 2007/03/02 06:53:41 dtucker Exp $
+$Id: INSTALL,v 1.84 2007/08/17 12:52:05 dtucker Exp $

diff --git a/INSTALL b/INSTALL index af02c0b49..001ebb666 100644 --- a/INSTALL +++ b/INSTALL
@@ -14,17 +14,37 @@ Blowfish) do not work correctly.)
14		14
15	The remaining items are optional.	15	The remaining items are optional.
16		16
17	OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
18	supports it. PAM is standard on Redhat and Debian Linux, Solaris and
19	HP-UX 11.
20
21	NB. If you operating system supports /dev/random, you should configure	17	NB. If you operating system supports /dev/random, you should configure
22	OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of	18	OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
23	/dev/random. If you don't you will have to rely on ssh-rand-helper, which	19	/dev/random, or failing that, either prngd or egd. If you don't have
24	is inferior to a good kernel-based solution.	20	any of these you will have to rely on ssh-rand-helper, which is inferior
		21	to a good kernel-based solution or prngd.
		22
		23	PRNGD:
		24
		25	If your system lacks kernel-based random collection, the use of Lutz
		26	Jaenicke's PRNGd is recommended.
		27
		28	http://prngd.sourceforge.net/
		29
		30	EGD:
		31
		32	The Entropy Gathering Daemon (EGD) is supported if you have a system which
		33	lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
		34
		35	http://www.lothar.com/tech/crypto/
25		36
26	PAM:	37	PAM:
27	http://www.kernel.org/pub/linux/libs/pam/	38
		39	OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
		40	system supports it. PAM is standard most Linux distributions, Solaris,
		41	HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
		42
		43	Information about the various PAM implementations are available:
		44
		45	Solaris PAM: http://www.sun.com/software/solaris/pam/
		46	Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
		47	OpenPAM: http://www.openpam.org/
28		48
29	If you wish to build the GNOME passphrase requester, you will need the GNOME	49	If you wish to build the GNOME passphrase requester, you will need the GNOME
30	libraries and headers.	50	libraries and headers.
@@ -37,19 +57,14 @@ passphrase requester. This is maintained separately at:
37		57
38	http://www.jmknoble.net/software/x11-ssh-askpass/	58	http://www.jmknoble.net/software/x11-ssh-askpass/
39		59
40	PRNGD:	60	TCP Wrappers:
41
42	If your system lacks Kernel based random collection, the use of Lutz
43	Jaenicke's PRNGd is recommended.
44
45	http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
46
47	EGD:
48		61
49	The Entropy Gathering Daemon (EGD) is supported if you have a system which	62	If you wish to use the TCP wrappers functionality you will need at least
50	lacks /dev/random and don't want to use OpenSSH's internal entropy collection.	63	tcpd.h and libwrap.a, either in the standard include and library paths,
		64	or in the directory specified by --with-tcp-wrappers. Version 7.6 is
		65	known to work.
51		66
52	http://www.lothar.com/tech/crypto/	67	http://ftp.porcupine.org/pub/security/index.html
53		68
54	S/Key Libraries:	69	S/Key Libraries:
55		70
@@ -72,7 +87,7 @@ Autoconf:
72	If you modify configure.ac or configure doesn't exist (eg if you checked	87	If you modify configure.ac or configure doesn't exist (eg if you checked
73	the code out of CVS yourself) then you will need autoconf-2.61 to rebuild	88	the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
74	the automatically generated files by running "autoreconf". Earlier	89	the automatically generated files by running "autoreconf". Earlier
75	version may also work but this is not guaranteed.	90	versions may also work but this is not guaranteed.
76		91
77	http://www.gnu.org/software/autoconf/	92	http://www.gnu.org/software/autoconf/
78		93
@@ -162,7 +177,7 @@ Integration Architecture. The default for OSF1 machines is enable.
162	need the S/Key libraries and header files installed for this to work.	177	need the S/Key libraries and header files installed for this to work.
163		178
164	--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow\|deny)	179	--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow\|deny)
165	support. You will need libwrap.a and tcpd.h installed.	180	support.
166		181
167	--with-md5-passwords will enable the use of MD5 passwords. Enable this	182	--with-md5-passwords will enable the use of MD5 passwords. Enable this
168	if your operating system uses MD5 passwords and the system crypt() does	183	if your operating system uses MD5 passwords and the system crypt() does
@@ -180,7 +195,7 @@ $DISPLAY environment variable. Some broken systems need this.
180	--with-default-path=PATH allows you to specify a default $PATH for sessions	195	--with-default-path=PATH allows you to specify a default $PATH for sessions
181	started by sshd. This replaces the standard path entirely.	196	started by sshd. This replaces the standard path entirely.
182		197
183	--with-pid-dir=PATH specifies the directory in which the ssh.pid file is	198	--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
184	created.	199	created.
185		200
186	--with-xauth=PATH specifies the location of the xauth binary	201	--with-xauth=PATH specifies the location of the xauth binary
@@ -251,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at
251	http://www.openssh.com/	266	http://www.openssh.com/
252		267
253		268
254	$Id: INSTALL,v 1.77 2007/03/02 06:53:41 dtucker Exp $	269	$Id: INSTALL,v 1.84 2007/08/17 12:52:05 dtucker Exp $