125743 – kadmind hangs reading from /dev/random

Bug 125743 - kadmind hangs reading from /dev/random

Summary: kadmind hangs reading from /dev/random

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	krb5
Sub Component:
Version:	1
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-10 19:27 UTC by Johannes Erdfelt
Modified:	2008-08-02 23:40 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-25 20:38:01 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Johannes Erdfelt 2004-06-10 19:27:53 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
kadmind can hang reading from /dev/random.

This happened recently when a yum update of krb5-server hung. After
some troubleshooting, strace showed that kadmind is blocked waiting
from /dev/random.

The ultimate problem appears to be the lack of entropy being added to
the kernel entropy pool. My system is a Dual Pentiun 3 system running
on a Serverworks chipset with SCSI hard drives. The ethernet driver
being used is e100.

The Serverworks chipset I have does not appear to have a random number
generator.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Restart kadmind until process hangs at startup.


Actual Results:  kadmind hung waiting for a read from /dev/random to
succeed.

Expected Results:  kadmind should startup quickly.

Additional info:

I've done some research and other packages have had similar problems.
Such as bug #103049.

The fix for bug #103049 was to use /dev/urandom instead of
/dev/random. I haven't analyzed the impact to kadmind security with a
change similar to that.

The best solution would be to solve the lack of entropy in the kernel,
but with no hardware random number generator, that appears to be
difficult.

Comment 1 Matthew Miller 2006-07-11 17:19:49 UTC

Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.

Thanks!

NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 2 John Thacker 2006-10-25 20:38:01 UTC

Closing per lack of response.  Also note that FC1 and FC2 are no longer
supported even by Fedora Legacy.  If this still occurs on FC3 or FC4, please
assign to that version and Fedora Legacy.  If it still occurs on FC5 or FC6,
please reopen and assign to the correct version.

Note You need to log in before you can comment on or make changes to this bug.