also sprach Stephen Gran <sgran@debian.org> [2006.07.04.1151 +0200]: > 15 seconds is too short for a network lookup failure, I think. > I would expect more like 30 seconds if it was that. Is the client > low on entropy? It may be blocking until it has enough to > negotiate the TLS data. Interesting. The only thing I could say against this is that it's very consistent across all clients, and has been the case for several days now. Anyway, looking at lsof output while the client blocks, all I ever see is /dev/urandom, which does not block, right? Also, both pam_ldap.conf and libnss-ldap.conf have # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool and /dev/urandom exists, so that's what they use. Is there anything else you'd say I should check? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system murphy's law is recursive. washing your car to make it rain doesn't work.
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)