Actually, that's not completely true. Using /dev/random as the file argument for RAND_load_file when seeding the PRNG is recommended practice on systems that have it. The RAND_load_file call in the eap_tls code will only read at max 1048567 (1024 * 1024) bytes from the file, so it won't read infinitely. The problem here is that /dev/random is blocking. To keep that from happening, use /dev/urandom, if your system has it, or some other entropy source (such as egd). --Mike Alan DeKok wrote:
Robin Mordasiewicz <rmordasiewicz@samuelmanutech.com> wrote:
thanks for this. I change to use the /dev/random as per your tutorial but radiusd hangs. When I change the random_file back to the original then it works
Yes. The "random_file" needed by the TLS module is a *pool* of random numbers. /dev/random and /dev/urandom are infinite streams of random numbers. So the TLS module thinks that the "pool" is infinite in size, and takes forever to read it.
The default config of the server for "random_file" is correct, and should be used.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html