[Date Prev][Date Next] [Chronological] [Thread] [Top]

Digest-MD5 SASL binds (solved)


I'd just like to close this thread by reporting the actual cause and the 

> However, the main reason for all the fuzz had been that I get deadlocks when 
> trying Digest-MD5 SASL binds. The 2.2.23 slapd does not flood the logs with 

The real issue had been that in fact both machines involved were bored test 
machines, which have everything in memory and all what's happening is me 
typing through a ssh terminal.

This does not yield significant entropy and /dev/random locks. The longer the 
nonces or session keys the more probable the deadlocks, i.e. TLS and 
DIGEST-MD5 is a killer!

Actually, /dev/random is an overkill for session keys, in particular 
since /dev/urandom is a really good implementation (analysed it in 2.4.18), 
unless you plan to set up a CA producing some 1000 RSA keys a day.

Recompiling SASL with --devrandom=/dev/urandom solves the problem, but the 
following is easier for non CA systems:

rm -f /dev/random 
ln -s /dev/urandom /dev/random 

man urandom to revert, if you would

Thanks for all your support,
 - lars.