22 August 2008
mod-auth-cas and slow logins
Posted by Michele Baldessari under: en; music; tech; travel .
Today I dedicated some time to hunt down my “the logins via CAS on apache2 are awfully slow, but not always, just most of the time” problem. At first I thought I had some weird network/dns/whatever issues, but after proper investigation it turned out to be that /dev/random is being used for generating the CAS cookies and my entropy pool is depleted most of the time..badaboom..APR is blocking.
This machine is a virtual server so no way I can use any Hardware RNG or anything along those lines. Given that it only runs in an internal corporate network, I’ve started feeding the cryptographically-strong entropy pool with rng-tools and /dev/urandom. In /etc/default/rng-tools:
HRNGDEVICE=/dev/urandom
Finally, no more login times issues
ps. APR 1.3.0 has switched to urandom for apr_generate_random_bytes, so in the future this won’t be needed
4 Comments so far...
Central Authentication Service - CAS: concepts and examples « IT PASSION - “IT professional Blog” Says:
23 August 2008 at 4:49 pm.
[...] mod-auth-cas and slow logins [...]
Anurag Sharma Says:
18 September 2008 at 12:00 am.
Thanks a lot for this information. Here is little more information that I think may help others.
[1] apt-get install rng-tools
[2] vi /etc/default/rng-tools: for adding HRNGDEVICE=/dev/urandom
[3] /etc/init.d/rng-tools start
Recent Links Tagged With "slow" - JabberTags Says:
7 October 2008 at 2:35 am.
[...] public links >> slow mod-auth-cas and slow logins Saved by punchpixie on Sun 05-10-2008 Seriously considering a power boat! Saved by cwarkentin on [...]
