Re: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2
Rudy Gevaert <Rudy.Gevaert <at> UGent.be>
2008-05-01 09:00:32 GMT
Andrew Morgan wrote:
> On Wed, 30 Apr 2008, Jorey Bump wrote:
>> Wesley Craig wrote, at 04/30/2008 04:26 PM:
>>> Two options: some motherboards have an entropy generator hardware
>>> device; or, use the random device that doesn't block when entropy is low.
>> I think Cyrus IMAPd uses /dev/urandom by default, but I'm not sure how I
>> can confirm this. I didn't specify anything during compilation, and I
>> can't find a runtime setting to explicitly select the random device,
>> In any case, I can now faithfully trigger the problem by making multiple
>> webmail requests until the browser hangs, then hold down the spacebar of
>> the server's keyboard to build up entropy until the request is served
>> and performance returns to normal. I haven't had a chance to check if
>> this restores APOP, though.
>> Maybe an IMAP proxy would help prevent the webmail from depleting the
>> entropy, but I'm still wondering why this is a problem on this server
>> running Linux kernel 2.6 and not my other IMAP servers running Linux
>> kernel 2.4. I have an identical Linux 2.6 server that isn't having this
>> problem, and the only difference is that it doesn't have Cyrus IMAPd on it.
> Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge.
> On my Debian Etch system, libsasl2.so uses /dev/random.
That is strange! sasl in Debian Etch is compiled against /dev/urandom.
And so my system confirms:
cyrus:/usr/lib# strings libsasl2.* | grep random