From 23a1441beccfd75f87cd812b42d6fbf28b4b854c Mon Sep 17 00:00:00 2001 From: dtucker Date: Mon, 6 Dec 2004 11:40:10 +0000 Subject: [PATCH] - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ --- ChangeLog | 3 +++ TODO | 11 ----------- WARNING.RNG | 9 ++++----- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 10ad58f7..625ee909 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20041206 + - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ + 20041203 - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2004/11/07 17:42:36 diff --git a/TODO b/TODO index 9c3494aa..06f1fe53 100644 --- a/TODO +++ b/TODO @@ -30,13 +30,8 @@ Programming: - More platforms for for setproctitle() emulation (testing needed) -- Improve PAM support (a pam_lastlog module will cause sshd to exit) - and maybe support alternate forms of authentications like OPIE via - pam? - - Improve PAM ChallengeResponseAuthentication - Informational messages - - chauthtok - Use different PAM service name for kbdint vs regular auth (suggest from Solar Designer) - Ability to select which ChallengeResponseAuthentications may be used @@ -59,8 +54,6 @@ Clean up configure/makefiles: information in wtmpx or utmpx or any of that stuff if it's not detected from the start -- Fails to compile when cross compile. (vinschen@redhat.com) - - Replace the whole u_intXX_t evilness in acconfig.h with something better??? - Do it in configure.ac @@ -72,10 +65,6 @@ Clean up configure/makefiles: entropy related stuff into another. Packaging: -- Solaris: Update packaging scripts and build new sysv startup scripts - Ideally the package metadata should be generated by autoconf. - (gilbert.r.loomis@saic.com) - - HP-UX: Provide DEPOT package scripts. (gilbert.r.loomis@saic.com) diff --git a/WARNING.RNG b/WARNING.RNG index 71e23900..30b61849 100644 --- a/WARNING.RNG +++ b/WARNING.RNG @@ -55,11 +55,10 @@ Executing each program in the list can take a large amount of time, especially on slower machines. Additionally some program can take a disproportionate time to execute. -Tuning the default entropy collection code is difficult at this point. -It requires doing 'times ./ssh-rand-helper' and modifying the -($etcdir)/ssh_prng_cmds until you have found the issue. In the next -release we will be looking at support '-v' for verbose output to allow -easier debugging. +Tuning the random helper can be done by running ./ssh-random-helper in +very verbose mode ("-vvv") and identifying the commands that are taking +accessive amounts of time or hanging altogher. Any problem commands can +be modified or removed from ssh_prng_cmds. The default entropy collector will timeout programs which take too long to execute, the actual timeout used can be adjusted with the -- 2.45.2