Removal of support for systems without /dev/urandom.

Andrew Bartlett abartlet at
Wed May 14 00:53:15 MDT 2014

On Sat, 2014-02-22 at 21:57 +1300, Andrew Bartlett wrote:
> On Sat, 2014-02-22 at 03:46 +0000, Ira Cooper wrote:
> > I'd like a 2nd reviewer, and a general signoff "Yes, we are ok ditching
> > support for those old systems."
> > 
> > Thanks,
> > 
> > -Ira
> We now always build with Kerberos, so why not make it the responsibility
> of the kerberos library?  (We will need that part to work anyway).
> Heimdal has krb5_generate_random_block which does not require any
> library set up, and MIT has krb5_c_random_make_octets but which needs a
> krb5 context. 
> Or we could make the test be Heimdal or /dev/urandom for simplicity.
> The Heimdal sources seem to indicate alternate possible devices
> of /dev/srandom and /dev/arandom for what it's worth. 
> Thoughts?

I would propose either using Heimdal or requiring /dev/urandom.  At
least the Heimdal code would have been looked at by genuine

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list