diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-12-06 22:40:10 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-12-06 22:40:10 +1100 |
commit | ba2abb3699d5901898041dad45394e47de891cc9 (patch) | |
tree | 4a5da9821c8c1d4e827364f99c845ba57684c729 | |
parent | c13866719fc39d5feebfb80ca251a7b31583d803 (diff) |
- (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | TODO | 13 | ||||
-rw-r--r-- | WARNING.RNG | 11 |
3 files changed, 10 insertions, 19 deletions
@@ -1,3 +1,6 @@ +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + 20041203 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2004/11/07 17:42:36 @@ -1870,4 +1873,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3584 2004/12/03 03:33:47 dtucker Exp $ +$Id: ChangeLog,v 1.3585 2004/12/06 11:40:10 dtucker Exp $ @@ -30,13 +30,8 @@ Programming: - More platforms for for setproctitle() emulation (testing needed) -- Improve PAM support (a pam_lastlog module will cause sshd to exit) - and maybe support alternate forms of authentications like OPIE via - pam? - - Improve PAM ChallengeResponseAuthentication - Informational messages - - chauthtok - Use different PAM service name for kbdint vs regular auth (suggest from Solar Designer) - Ability to select which ChallengeResponseAuthentications may be used @@ -59,8 +54,6 @@ Clean up configure/makefiles: information in wtmpx or utmpx or any of that stuff if it's not detected from the start -- Fails to compile when cross compile. (vinschen@redhat.com) - - Replace the whole u_intXX_t evilness in acconfig.h with something better??? - Do it in configure.ac @@ -72,10 +65,6 @@ Clean up configure/makefiles: entropy related stuff into another. Packaging: -- Solaris: Update packaging scripts and build new sysv startup scripts - Ideally the package metadata should be generated by autoconf. - (gilbert.r.loomis@saic.com) - - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) @@ -94,4 +83,4 @@ PrivSep Issues: - Cygwin + Privsep for Pre-auth only (no fd passing) -$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $ +$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $ diff --git a/WARNING.RNG b/WARNING.RNG index 5d4ea875..687891a7 100644 --- a/WARNING.RNG +++ b/WARNING.RNG @@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time, especially on slower machines. Additionally some program can take a disproportionate time to execute. -Tuning the default entropy collection code is difficult at this point. -It requires doing 'times ./ssh-rand-helper' and modifying the -($etcdir)/ssh_prng_cmds until you have found the issue. In the next -release we will be looking at support '-v' for verbose output to allow -easier debugging. +Tuning the random helper can be done by running ./ssh-random-helper in +very verbose mode ("-vvv") and identifying the commands that are taking +accessive amounts of time or hanging altogher. Any problem commands can +be modified or removed from ssh_prng_cmds. The default entropy collector will timeout programs which take too long to execute, the actual timeout used can be adjusted with the @@ -93,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading prngd/egd and configure OpenSSH using --with-prngd-port=xx or --with-prngd-socket=xx (refer to INSTALL for more information). -$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $ +$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $ |