On 11/23/05, Olaf van der Spek <olafvdspek@xxxxxxxxx> wrote: > On 11/23/05, Joshua Slive <jslive@xxxxxxxxx> wrote: > > On 11/23/05, Olaf van der Spek <olafvdspek@xxxxxxxxx> wrote: > > > On 11/23/05, Joshua Slive <jslive@xxxxxxxxx> wrote: > > > > > Why is server startup blocked by that? > > > > > Can't server startup continue and all auth requests fail until there > > > > > are random bytes? > > > > > > > > I'd guess it would be much harder to impliment (would require > > > > dispatching a thread/process to wait on the random number generator) > > > > and wouldn't be what all admins would want anyway. > > > > > > Why would an admin prefer the entire server to block? > > > > If your site depends on digest auth, then you want to be confident > > that if apache says it started successfully, your site is going to > > work. Otherwise, you'd have to do detailed testing every time you > > restarted your server. > > I don't think Apache saying ok guarantees your site is going to work. > Doesn't digest also require random bytes after startup to periodically > regenerate secrets? There are no guarantees in life. There is no perfect solution to the question of which errors should inhibit startup and which shouldn't. I'm just saying that it is not something that would be universally welcomed. And no, I don't believe mod_auth_digest requires random bytes after startup. It just needs them to seed the random number generator. But as I said, I'm not an expert in this. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx