On Tue, May 08, 2018 at 09:28:08AM -0400, Sam Hartman wrote: > Benjamin> Now, we have getrandom(), which is a great API and is > Benjamin> pretty much exactly what you want (again, at least in this > Benjamin> worldview). IIUC Ted says that you should "just use > Benjamin> getrandom" for your entropy needs and not worry about > Benjamin> /dev/*random. I don't know whether he takes a stance on > Benjamin> the GRND_RANDOM flag, though. > > And I think that's fine for kadmind. > I think there's a very real practical question about whether you want > the KDC to fail to start if your RNG is not seeded. > Having your KDCs be unavailable from a cold start of an environment is a > really big thing.
I'll note that the original user report seems to have involved a virtual machine running on Xen; my general expectation is that bare-metal KDCs will get enough entropy from device attachment and network traffic for long blocking to not be an issue. Enterprise-scale deployments that use virtualized KDCs are likely to have proper randomness pass-through devices installed, so I suspect that the number of sites that are at any significant risk of being affected will be a pretty small percentage. Do you think we should raise the question on upstream's mailing list? -Ben
