This one time, at band camp, Alexander Vlasov said: > Ok, +1. > > using ldap instead of ldaps solves the problem. With `ldaps', system > quickly runs out of entropy (/proc/sys/kernel/random/entropy_avail > falls down to ~200 and this number grows very slow). With `ldap', > entropy level in ~15 secs becomes ~3500 > > Well, disabling TLS is workaround, not solution anyway. What's wrong > with entropy?
There was a change in how the kernel entropy gathering works, and not all modules have been ported to the new model, so many do effectively nothing for your entropy pool. This is unfortunately the case for a lot of hardware raid cards, which is where most of my entropy used to come from. This is sort of a seperate issue, though - the main problem here for libnss-ldap is how it addresses tls negotiation stalls or failures caused by the low entropy levels. Right now, it doesn't handle it particularly well. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
