Ping! OpenVPN with LDAP+TLS authentication runs into file exhaustion
Lars Ellenberg
lars.ellenberg at linbit.com
Thu Nov 5 09:24:25 UTC 2009
OpenVPN with LDAP+TLS authentication runs into file exhaustion
> Issue is only happening when LDAP is used with TLS support. On every
> authentication, a file handle to /dev/urandom is created but never
> released.
>
> Because the handle to /dev/urandom is never released, after some times
> the service had been running, users will fail to authentication because
> the backend is not able to open new file handles on /dev/urandom.
As there has been absolutely no reaction yet, maybe you just missed it.
Please have a look again at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941#36
Where I explain
* the root cause,
* possible workarounds,
(one-line change to openvpn,
or about 6 line change to libpam-ldap), and
* a possible fix for this issue
(slightly more involved libgcrypt stuff).
Thanks.
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
More information about the Pkg-gnutls-maint
mailing list