Removal of support for systems without /dev/urandom.
Andrew Bartlett
abartlet at samba.org
Wed May 14 00:53:15 MDT 2014
On Sat, 2014-02-22 at 21:57 +1300, Andrew Bartlett wrote:
> On Sat, 2014-02-22 at 03:46 +0000, Ira Cooper wrote:
> > I'd like a 2nd reviewer, and a general signoff "Yes, we are ok ditching
> > support for those old systems."
> >
> > Thanks,
> >
> > -Ira
>
> We now always build with Kerberos, so why not make it the responsibility
> of the kerberos library? (We will need that part to work anyway).
>
> Heimdal has krb5_generate_random_block which does not require any
> library set up, and MIT has krb5_c_random_make_octets but which needs a
> krb5 context.
>
> Or we could make the test be Heimdal or /dev/urandom for simplicity.
>
> The Heimdal sources seem to indicate alternate possible devices
> of /dev/srandom and /dev/arandom for what it's worth.
>
> Thoughts?
I would propose either using Heimdal or requiring /dev/urandom. At
least the Heimdal code would have been looked at by genuine
cryptographers.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list