APOP No Longer Working after Upgrade to IMAPd 2.3.12p2
Andrew Morgan
morgan at orst.edu
Wed Apr 30 17:15:53 EDT 2008
On Wed, 30 Apr 2008, Jorey Bump wrote:
> Wesley Craig wrote, at 04/30/2008 04:26 PM:
>> Two options: some motherboards have an entropy generator hardware
>> device; or, use the random device that doesn't block when entropy is low.
>
> I think Cyrus IMAPd uses /dev/urandom by default, but I'm not sure how I
> can confirm this. I didn't specify anything during compilation, and I
> can't find a runtime setting to explicitly select the random device,
> either.
>
> In any case, I can now faithfully trigger the problem by making multiple
> webmail requests until the browser hangs, then hold down the spacebar of
> the server's keyboard to build up entropy until the request is served
> and performance returns to normal. I haven't had a chance to check if
> this restores APOP, though.
>
> Maybe an IMAP proxy would help prevent the webmail from depleting the
> entropy, but I'm still wondering why this is a problem on this server
> running Linux kernel 2.6 and not my other IMAP servers running Linux
> kernel 2.4. I have an identical Linux 2.6 server that isn't having this
> problem, and the only difference is that it doesn't have Cyrus IMAPd on it.
Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge.
On my Debian Etch system, libsasl2.so uses /dev/random.
Andy
More information about the Info-cyrus
mailing list