From 50b5e3f72e5381cd9bb641dcdb28ebb4ba7e8734 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 8 Jan 2002 19:27:00 +0000 Subject: [PATCH] Get strong random bits at kadmind startup provide better error message for current round of keytab not found git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14089 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ChangeLog | 5 +++++ src/kadmin/server/ovsec_kadmd.c | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 9af1d19e3..05e551404 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,8 @@ +2002-01-08 Sam Hartman + + * ovsec_kadmd.c (main): Get random data from /dev/random + (main): If we can't set gssapi names, hint that the keytab might be at fault + 2001-10-26 Ezra Peisach * schpw.c (process_chpw_request): Use GETSOCKNAME_ARG3_TYPE diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 619e2b5ed..72d339a35 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -264,6 +264,15 @@ int main(int argc, char *argv[]) krb5_klog_init(context, "admin_server", whoami, 1); + + krb5_klog_syslog(LOG_INFO, "Seeding random number generator"); + ret = krb5_c_random_os_entropy(context, 1, NULL); + if(ret) { + krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting", + error_message(ret)); + exit(1); + } + if((ret = kadm5_init("kadmind", NULL, NULL, ¶ms, KADM5_STRUCT_VERSION, @@ -489,7 +498,7 @@ int main(int argc, char *argv[]) oldnames++; if (!oldnames && _svcauth_gssapi_set_names(names, 2) == FALSE) { krb5_klog_syslog(LOG_ERR, - "Cannot set GSS-API authentication names, " + "Cannot set GSS-API authentication names (keytab not present?), " "failing."); fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n", whoami); -- 2.26.2