If your system supports /dev/urandom, you can skip
this section.
For TLS (and thus STARTTLS) to work in a reliable and secure manner, you need to
set up a way for sendmail to acquire high-quality pseudorandom numbers. There are
a few alternatives to /dev/urandom that you can use, some more suitable than others.
They are, in order of preference:
??? SUNWski, which is a package from Sun Microsystems that emulates /dev/
urandom, and which works only with SunOS 5.5.
??? EGD, which stands for Entropy Gathering Daemon.
* Examples of Unix utilities that watch the network are snoop(8) and tcpdump. For others, see your online
documentation.
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
204 | Chapter 5: Authentication and Encryption
??? PRNGD, which stands for PseudoRandom Number Generator Daemon.
??? You can also roll your own random number source in a file.
5.3.1.1 SUNWski
Sun Microsystems provides an equivalent to /dev/urandom, called /dev/random, as
part of its SUNWski package for Solaris. If it is not already installed on your system,
you can install it from a variety of sources. Look for it on your Solaris Server Intranet
Extension CD.
For Solaris 2.6, look for patchnumber 106754, 106755, or 106756, whichcontains
the SUNWski package.
5.3.1.2 EGD
EGD is a persistent daemon that provides excellent pseudorandom numbers via a
Unix domain socket.
Pages:
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390