Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2

• Next in thread: Andrew Morgan: "Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2"
• Maybe reply: Andrew Morgan: "Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andrew Morgan wrote:
> On Wed, 30 Apr 2008, Jorey Bump wrote:
>
>> Wesley Craig wrote, at 04/30/2008 04:26 PM:
>>> Two options: some motherboards have an entropy generator hardware
>>> device; or, use the random device that doesn't block when entropy is low.
>> I think Cyrus IMAPd uses /dev/urandom by default, but I'm not sure how I
>> can confirm this. I didn't specify anything during compilation, and I
>> can't find a runtime setting to explicitly select the random device,
>> either.
>>
>> In any case, I can now faithfully trigger the problem by making multiple
>> webmail requests until the browser hangs, then hold down the spacebar of
>> the server's keyboard to build up entropy until the request is served
>> and performance returns to normal. I haven't had a chance to check if
>> this restores APOP, though.
>>
>> Maybe an IMAP proxy would help prevent the webmail from depleting the
>> entropy, but I'm still wondering why this is a problem on this server
>> running Linux kernel 2.6 and not my other IMAP servers running Linux
>> kernel 2.4. I have an identical Linux 2.6 server that isn't having this
>> problem, and the only difference is that it doesn't have Cyrus IMAPd on it.
>
> Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge.
> On my Debian Etch system, libsasl2.so uses /dev/random.

That is strange! sasl in Debian Etch is compiled against /dev/urandom.
And so my system confirms:

cyrus:/usr/lib# strings libsasl2.* | grep random
/dev/urandom
/dev/urandom
/dev/urandom
/dev/urandom

Rudy

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert                    tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur  Direction ICT, Infrastructure dept.
Groep Systemen                     Systems group
Universiteit Gent                  Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

• Next in thread: Andrew Morgan: "Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2"
• Maybe reply: Andrew Morgan: "Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]