Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 59 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

tlsmgr




SYNOPSIS

       tlsmgr [generic Postfix daemon options]


DESCRIPTION

       The tlsmgr process does housekeeping on the session  cache
       database  files. It runs through the databases and removes
       expired entries and entries written by  older  (incompati­
       ble) versions.

       The  tlsmgr is responsible for the PRNG handling. The used
       internal OpenSSL PRNG has a pool size of 8192 bits (= 1024
       bytes).  The  pool  is initially seeded at startup from an
       external source (EGD or /dev/urandom) and additional  seed
       is  obtained  later  during  program run at a configurable
       period. The exact time  of  seed  query  is  using  random
       information  and  is  equally  distributed in the range of
       [0-tls_random_reseed_period]     with      a      tls_ran­
       dom_reseed_period having a default of 1 hour.

       Tlsmgr can be run chrooted and with dropped privileges, as
       it will connect to the entropy source at startup.

       The PRNG is additionally seeded  internally  by  the  data
       found in the session cache and timevalues.

       Tlsmgr reads the old value of the exchange file at startup
       to keep entropy already collected during previous runs.

       From the PRNG random pool a cryptographically strong  1024
       byte  random  sequence  is  written into the PRNG exchange
       file. The file  is  updated  periodically  with  the  time
       changing  randomly from [0-tls_random_prng_update_period].


STANDARDS


SECURITY

       Tlsmgr is  not  security-sensitive.  It  only  deals  with
       external  data  to  be  fed into the PRNG, the contents is
       never trusted. The session cache  housekeeping  will  only
       remove  entries  if  expired and will never touch the con­
       tents of the cached data.


DIAGNOSTICS

       Problems and transactions are logged to the syslog daemon.


BUGS

       There is no automatic means to limit the number of entries
       in the session caches and/or the size of the session cache
       files.


CONFIGURATION PARAMETERS

       The  following  main.cf parameters are especially relevant
              odically every smtpd_tls_session_cache_timeout sec­
              onds. Default is 3600 (= 1 hour).

       smtp_tls_session_cache_database
              Name of the SDBM file (type sdbm:)  containing  the
              SMTP  client  session  cache.  If the file does not
              exist, it is created.

       smtp_tls_session_cache_timeout
              Expiry time of SMTP client session cache entries in
              seconds.  Entries  older than this are removed from
              the session cache. A cleanup-run is performed peri­
              odically  every smtp_tls_session_cache_timeout sec­
              onds. Default is 3600 (= 1 hour).


Pseudo Random Number Generator

       tls_random_source
              Name of the EGD socket or device or regular file to
              obtain  entropy  from.  The  type of entropy source
              must be specified by preceding the  name  with  the
              appropriate      type:     egd:/path/to/egd_socket,
              dev:/path/to/devicefile, or  /path/to/regular/file.
              tlsmgr  opens  tls_random_source  and tries to read
              tls_random_bytes from it.

       tls_random_bytes
              Number of bytes to be read from  tls_random_source.
              Default  value is 32 bytes. If using EGD, a maximum
              of 255 bytes is read.

       tls_random_exchange_name
              Name of the file written by tlsmgr and read by smtp
              and  smtpd  at  startup.  The length is 1024 bytes.
              Default value is /etc/postfix/prng_exch.

       tls_random_reseed_period
              Time in seconds until the next reseed from external
              sources  is  due.   This  is the maximum value. The
              actual point in time is calculated  with  a  random
              factor equally distributed between 0 and this maxi­
              mum value. Default is 3600 (= 60 minutes).

       tls_random_prng_update_period
              Time in seconds until the  PRNG  exchange  file  is
              updated  with new pseude random values. This is the
              maximum value. The actual point in time  is  calcu­
              lated  with  a  random  factor  equally distributed
              between 0 and this maximum value. Default is 60  (=
              1 minute).


SEE ALSO

       smtp(8) SMTP client
  

There are several different ways to navigate the tutorial.


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.10 Seconds