Michael Biebl <bi...@debian.org> writes: > Am 10.05.2018 um 00:46 schrieb Ben Hutchings:
>> One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and >> also proposed that systemd could provide a wait-for-rng-ready unit to >> support this. > What exactly would such a wait-for-rng-ready service do and how would it > solve this particular problem? I may be misunderstanding the nature of the issue, but I believe that a Type=oneshot service that runs a small C program that calls getrandom() and then exit(0) when it returns would provide a useful facility. krb5-kdc could then just declare a dependency on that service and wouldn't be started until randomness was available. There's been some further discussion among the krb5 maintainers about whether delaying startup of the KDC until randomness is ready is the best approach, but for any service that decide to take this approach (this seems obviously correct for kadmind, for instance), having this sort of facility available would make it easy to declare the right dependency. It's akin to systemd-networkd-wait-online.service. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
