[ntp:questions] /dev/random as opposed to //.rnd

coniptor at gmail.com coniptor at gmail.com
Tue May 15 18:42:44 UTC 2007


On May 11, 4:06 pm, conip... at gmail.com wrote:
> On May 11, 3:55 pm, conip... at gmail.com wrote:
>
>
>
> > On May 11, 2:53 pm, Harlan Stenn <s... at ntp.isc.org> wrote:
>
> > > coniptor,
>
> > > We use OpenSSL for our crypto stuff.
>
> > > OpenSSL uses ~/.rndfor some random stuff.
>
> > > H
>
> > Hi Harlen,
>
> > I updated my server and client ntp.conf files to specify the randfile
> > as /dev/random.
> > On the server it hung and didn't return right to the prompt after I
> > issued a /etc/init.d/ntpd restart
> > I backgrounded it and restarted it again and this time it did return
> > near as I can tell it hung because /dev/random had rw for u,g, & o but
> > it reset to just rw on user and now returns so my issue with not being
> > able to start ntpd and use /dev/random wasn't one to begin with.
>
> > Knowing that, is there any reason I shouldn't be able to use openssl
> > or ntp-keygen with /dev/random directly.
> > Sorry for commenting on something before thoroughly checking
> > everything out.
>
> I had not seen your reply before I posted Steve.
> Thank you for the information. I had seen part of that mask table
> before but not all of it so that should help me figure out what is
> working and what isn't. I will also try running ntp-keygen again and
> see if it creates the keys without complaining about the non-existence
> of .rnd in either /root or /etc/ntp. I have faith that it will given
> your reply and that crypto randfile /dev/random worked out once the
> permissions on /dev/random were sane.
>
> Thank you both for your help! =)

Just wanted to update this discussion I started to say both ntpd and
ntp-keygen are both happily using /dev/random now and it was just a
incorrect permission issue that was causing the problem.

Thank you again Steve and Harlan for your help.




More information about the questions mailing list