Re: port-xen/40739: no entropy device sourcese on 5.0_RC2 XEN3PAE_DOMU

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Feb 24, 2009 at 06:00:01PM +0000, gendalia%iastate.edu@localhost wrote:
> >Environment:
> NetBSD kerberos-1.iastate.edu 5.0_RC2 NetBSD 5.0RC2 (XEN3PAE_DOMU) #0: Mon 
> Feb  9 10:22:33 UTC 2009  
> builds%b4.netbsd.org@localhost:/home/builds/ab/netbsd-5-0-RC2/i386/200902090142Z-obj/home/builds/ab/netbsd-5-0-RC2/src/sys/arch/i386/compile/XEN3PAE_DOMU
>  i386
> Architecture: i386
> Machine: i386
> >Description:
> Running MIT's kerberos server, kadmind (for kerberos 5) will not start due
> to a lack of entropy.  There are no entropy sources available to generate
> entropy from.
> % rndctl -ls
> Source                Bits    Type    Flags
>          4346 bits mixed into pool
>             0 bits currently stored in pool (max 4096)
>             0 bits of entropy discarded due to full pool
>          4346 hard-random bits generated
>        210118 pseudo-random bits generated

the problem in the case of a Xen domU is that there's no good source
of entropy. On native systems we use the hard disk as a source
of entropoy; but on a domU it's disabled because others domU could interfere
with it.
rndctl should show xennets as a possible source of entropy, but it has
to be enabled manually.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--