On Tue, Jul 13, 2010 at 06:19:19PM +0200, Jon Kristensen wrote:
> On 7/13/2010 6:07 PM, Victor Duchovni wrote:
>> perhaps your LDAP is using GNUTLS (it used to exit() in the library when
>> entropy was not available
> The LDAP library does indeed use GNU TLS:
>
> cybersec:~# ldd /usr/sbin/slapd | grep tls
> libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7526000)
You should probably avoid GNUTLS, if possible, especially if Postfix is
using OpenSSL.
>> it used to exit() in the library when
>> entropy was not available, perhaps it now aborts...
>
> Do I need to recompile LDAP with OpenSSL instead in order for Postfix to
> work, or is there some way I can make an entropy available? /dev/urandom
> seems to work fine.
Is trivial-rewrite running in a chroot jail? Does said jail, if any, have
/dev/urandom, ...
Test with chroot off, if that fixes it, either GNUTLS or Postfix is unhappy
in the jail, and given lack of "panic" log entries, I am guessing GNUTLS,
but the evidence is not yet conclusive.
--
Viktor.
