APOP No Longer Working after Upgrade to IMAPd 2.3.12p2

Rudy Gevaert Rudy.Gevaert at UGent.be
Thu May 1 05:00:32 EDT 2008 

Andrew Morgan wrote:
> On Wed, 30 Apr 2008, Jorey Bump wrote:
> 
>> Wesley Craig wrote, at 04/30/2008 04:26 PM:
>>> Two options: some motherboards have an entropy generator hardware
>>> device; or, use the random device that doesn't block when entropy is low.
>> I think Cyrus IMAPd uses /dev/urandom by default, but I'm not sure how I
>> can confirm this. I didn't specify anything during compilation, and I
>> can't find a runtime setting to explicitly select the random device,
>> either.
>>
>> In any case, I can now faithfully trigger the problem by making multiple
>> webmail requests until the browser hangs, then hold down the spacebar of
>> the server's keyboard to build up entropy until the request is served
>> and performance returns to normal. I haven't had a chance to check if
>> this restores APOP, though.
>>
>> Maybe an IMAP proxy would help prevent the webmail from depleting the
>> entropy, but I'm still wondering why this is a problem on this server
>> running Linux kernel 2.6 and not my other IMAP servers running Linux
>> kernel 2.4. I have an identical Linux 2.6 server that isn't having this
>> problem, and the only difference is that it doesn't have Cyrus IMAPd on it.
> 
> Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge. 
> On my Debian Etch system, libsasl2.so uses /dev/random.

That is strange!  sasl in Debian Etch is compiled against /dev/urandom. 
And so my system confirms:

cyrus:/usr/lib# strings libsasl2.* | grep random
/dev/urandom
/dev/urandom
/dev/urandom
/dev/urandom

Rudy

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur  Direction ICT, Infrastructure dept.
Groep Systemen                     Systems group
Universiteit Gent                  Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

More information about the Info-cyrus mailing list