Ping! OpenVPN with LDAP+TLS authentication runs into file exhaustion

Lars Ellenberg lars.ellenberg at linbit.com
Thu Nov 5 09:24:25 UTC 2009


OpenVPN with LDAP+TLS authentication runs into file exhaustion

> Issue is only happening when LDAP is used with TLS support. On every
> authentication, a file handle to /dev/urandom is created but never
> released.
> 
> Because the handle to /dev/urandom is never released, after some times
> the service had been running, users will fail to authentication because
> the backend is not able to open new file handles on /dev/urandom.

As there has been absolutely no reaction yet, maybe you just missed it.
Please have a look again at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941#36

Where I explain
 * the root cause,
 * possible workarounds,
	(one-line change to openvpn,
	or about 6 line change to libpam-ldap), and
 * a possible fix for this issue
	(slightly more involved libgcrypt stuff).

Thanks.

-- 
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com

DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.



More information about the Pkg-gnutls-maint mailing list