Get strong random bits at kadmind startup

provide better error message for current round of keytab not found

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14089 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 15 insertions, 1 deletions

diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
index 9af1d19e3d..05e551404c 100644
--- a/src/kadmin/server/ChangeLog
+++ b/src/kadmin/server/ChangeLog
@@ -1,3 +1,8 @@
+2002-01-08  Sam Hartman  <hartmans@mit.edu>
+
+	* ovsec_kadmd.c (main): Get random data from /dev/random
+	(main): If we can't set gssapi names, hint that the keytab might be at fault
+
 2001-10-26  Ezra Peisach  <epeisach@mit.edu>
 
 	* schpw.c (process_chpw_request): Use GETSOCKNAME_ARG3_TYPE
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 619e2b5eda..72d339a354 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -264,6 +264,15 @@ int main(int argc, char *argv[])
 
      krb5_klog_init(context, "admin_server", whoami, 1);
 
+
+     krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
+          ret = krb5_c_random_os_entropy(context, 1, NULL);
+	  if(ret) {
+	    krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
+			     error_message(ret));
+	    exit(1);
+	  }
+	  
      if((ret = kadm5_init("kadmind", NULL,
 			  NULL, &params,
 			  KADM5_STRUCT_VERSION,
@@ -489,7 +498,7 @@ int main(int argc, char *argv[])
 	  oldnames++;
      if (!oldnames && _svcauth_gssapi_set_names(names, 2) == FALSE) {
 	  krb5_klog_syslog(LOG_ERR,
-			   "Cannot set GSS-API authentication names, "
+			   "Cannot set GSS-API authentication names (keytab not present?), "
 			   "failing.");
 	  fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n",
 		  whoami);