klist -t opening $HOME/.rnd
ghudson at mit.edu
Thu Mar 15 16:36:01 CET 2018
On 03/15/2018 05:38 AM, Harald Barth wrote:> But why do I need to
initialize a random number function just to
> determine if the ticket in the file ticket cache is valid?
> Seems like waste of resources to me.
Heimdal's krb5_init_context() intentionally initializes the random
number generator, so that subsequent uses don't have to worry about
I think that side of the design is fine, but a library PRNG probably
doesn't need to interact with a seed file in this day and age. That
decision is under Heimdal's control, not OpenSSL's; removing the code
ifdef'd NO_RANDFILE in lib/krb5/crypto-rand.c would suffice.
(MIT krb5 could also stand to simplify its PRNG, although it doesn't
have this particular problem.)
More information about the Heimdal-discuss