Delay kadmind random number initialization until after fork

Target_Version 1.6
Tags: pullup

Delay initialization of the random number generator in kadmind until
after the fork and backgrounding of the process.  Otherwise, a lack of
sufficient entropy during the system boot process will delay system
boot on systems that run each init script in series and that start
kadmind via an init script.

ticket: new
Component: krb5-admin
Version_Reported: 1.4.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18793 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 1efdf078bf3e5bebb8eca142863092b79ad3d8d1..48fc38daae4c40683eec1c2c0d5f1f04863143a9 100644 (file)
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -301,15 +301,6 @@ int main(int argc, char *argv[])
 
      krb5_klog_init(context, "admin_server", whoami, 1);
 
-     krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
-          ret = krb5_c_random_os_entropy(context, 1, NULL);
-         if(ret) {
-           krb5_klog_syslog(LOG_ERR,
-                            "Error getting random seed: %s, aborting",
-                            krb5_get_error_message (context, ret));
-           exit(1);
-         }
-         
      if((ret = kadm5_init("kadmind", NULL,
                          NULL, &params,
                          KADM5_STRUCT_VERSION,
@@ -639,6 +630,17 @@ kterr:
          exit(1);
      }
      
+     krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
+     ret = krb5_c_random_os_entropy(context, 1, NULL);
+     if (ret) {
+         krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
+                          krb5_get_error_message(context, ret));
+         svcauth_gssapi_unset_names();
+         kadm5_destroy(global_server_handle);
+         krb5_klog_close(context);
+         exit(1);
+     }
+         
      setup_signal_handlers();
      krb5_klog_syslog(LOG_INFO, "starting");
      kadm_svc_run(&params);