Re: port-xen/40739: no entropy device sourcese on 5.0_RC2 XEN3PAE_DOMU

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

The following reply was made to PR port-xen/40739; it has been noted by GNATS.

From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: port-xen-maintainer%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
        netbsd-bugs%netbsd.org@localhost
Subject: Re: port-xen/40739: no entropy device sourcese on 5.0_RC2 XEN3PAE_DOMU
Date: Tue, 24 Feb 2009 19:56:41 +0100

 On Tue, Feb 24, 2009 at 06:00:01PM +0000, gendalia%iastate.edu@localhost wrote:
 > >Environment:
 > NetBSD kerberos-1.iastate.edu 5.0_RC2 NetBSD 5.0RC2 (XEN3PAE_DOMU) #0: Mon 
 > Feb  9 10:22:33 UTC 2009  
 > builds%b4.netbsd.org@localhost:/home/builds/ab/netbsd-5-0-RC2/i386/200902090142Z-obj/home/builds/ab/netbsd-5-0-RC2/src/sys/arch/i386/compile/XEN3PAE_DOMU
 >  i386
 > Architecture: i386
 > Machine: i386
 > >Description:
 > Running MIT's kerberos server, kadmind (for kerberos 5) will not start due
 > to a lack of entropy.  There are no entropy sources available to generate
 > entropy from.
 > % rndctl -ls
 > Source               Bits    Type    Flags
 >         4346 bits mixed into pool
 >            0 bits currently stored in pool (max 4096)
 >            0 bits of entropy discarded due to full pool
 >         4346 hard-random bits generated
 >       210118 pseudo-random bits generated
 
 the problem in the case of a Xen domU is that there's no good source
 of entropy. On native systems we use the hard disk as a source
 of entropoy; but on a domU it's disabled because others domU could interfere
 with it.
 rndctl should show xennets as a possible source of entropy, but it has
 to be enabled manually.
 
 -- 
 Manuel Bouyer <bouyer%antioche.eu.org@localhost>
      NetBSD: 26 ans d'experience feront toujours la difference
 --