-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are having recurrent problems with kadmind not being able to lock the kerberos database. When this happens we cannot create, delete or modify principals. Here is an example: kerberos logs: Feb 27 13:23:58 kadmind[17363]: Request: kadm5_create_principal, @IU.EDU, Cannot lock database, client=host/.indiana.edu@IU.EDU, service=kadmin/admin@IU.EDU, addr= available entropy is stuck at 0: # watch -n 1 cat /proc/sys/kernel/random/entropy_avail The only solution we've found so far is to reboot the master kdc. We have a system of redundant kdc's so this doesn't interrupt normal transactions, but is clearly not an ideal solution. We're running our KDC's on hardened gentoo linux: # uname -a Linux 2.4.32-hardened-r6 #1 SMP Mon Oct 30 22:02:46 UTC 2006 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux I emailed the kerberos list first, as requested here: http://web.mit.edu/kerberos/contact.html Please advise, Thanks, Nate Johnson - -- * Nate Johnson, Lead Security Engineer, GCIH, GCFA * University Information Security Office, Indiana University -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (GNU/Linux) iEYEARECAAYFAkfMYFQACgkQGQUVGJudcw7tEQCfYzXDteGh9GxOC1H74JI8ifob hfMAoINBSFYQwMxndyxIwVq3kWt1d1oW =bpn0 -----END PGP SIGNATURE-----