[Date Prev][Date Next]
Digest-MD5 SASL binds (solved)
I'd just like to close this thread by reporting the actual cause and the
> However, the main reason for all the fuzz had been that I get deadlocks when
> trying Digest-MD5 SASL binds. The 2.2.23 slapd does not flood the logs with
The real issue had been that in fact both machines involved were bored test
machines, which have everything in memory and all what's happening is me
typing through a ssh terminal.
This does not yield significant entropy and /dev/random locks. The longer the
nonces or session keys the more probable the deadlocks, i.e. TLS and
DIGEST-MD5 is a killer!
Actually, /dev/random is an overkill for session keys, in particular
since /dev/urandom is a really good implementation (analysed it in 2.4.18),
unless you plan to set up a CA producing some 1000 RSA keys a day.
Recompiling SASL with --devrandom=/dev/urandom solves the problem, but the
following is easier for non CA systems:
rm -f /dev/random
ln -s /dev/urandom /dev/random
man urandom to revert, if you would
Thanks for all your support,