Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

RedHat 9 (Linux i386) - man page for tlsmgr (redhat section 8)

TLSMGR(8)			     System Manager's Manual				TLSMGR(8)

NAME
       tlsmgr - Postfix TLS session cache and PRNG handling manager

SYNOPSIS
       tlsmgr [generic Postfix daemon options]

DESCRIPTION
       The  tlsmgr process does housekeeping on the session cache database files. It runs through
       the databases and removes expired entries and entries written by older (incompatible) ver-
       sions.

       The tlsmgr is responsible for the PRNG handling. The used internal OpenSSL PRNG has a pool
       size of 8192 bits (= 1024 bytes). The pool is initially seeded at startup from an external
       source (EGD or /dev/urandom) and additional seed is obtained later during program run at a
       configurable period. The exact time of seed query  is  using  random  information  and  is
       equally	 distributed  in  the  range  of  [0-tls_random_reseed_period]	with  a  tls_ran-
       dom_reseed_period having a default of 1 hour.

       Tlsmgr can be run chrooted and with dropped privileges, as it will connect to the  entropy
       source at startup.

       The  PRNG  is  additionally  seeded  internally by the data found in the session cache and
       timevalues.

       Tlsmgr reads the old value of the exchange file at startup to keep  entropy  already  col-
       lected during previous runs.

       From  the PRNG random pool a cryptographically strong 1024 byte random sequence is written
       into the PRNG exchange file. The file is updated periodically with the time changing  ran-
       domly from [0-tls_random_prng_update_period].

STANDARDS
SECURITY
       Tlsmgr  is  not	security-sensitive.  It  only deals with external data to be fed into the
       PRNG, the contents is never trusted. The  session  cache  housekeeping  will  only  remove
       entries if expired and will never touch the contents of the cached data.

DIAGNOSTICS
       Problems and transactions are logged to the syslog daemon.

BUGS
       There  is  no  automatic means to limit the number of entries in the session caches and/or
       the size of the session cache files.

CONFIGURATION PARAMETERS
       The following main.cf parameters are especially relevant to this program. See the  Postfix
       main.cf	file  for  syntax  details and for default values. Use the postfix reload command
       after a configuration change.

Session Cache
       smtpd_tls_session_cache_database
	      Name of the SDBM file (type sdbm:) containing the SMTP server session cache. If the
	      file does not exist, it is created.

       smtpd_tls_session_cache_timeout
	      Expiry  time  of	SMTP  server session cache entries in seconds. Entries older than
	      this are removed from the session cache. A cleanup-run  is  performed  periodically
	      every smtpd_tls_session_cache_timeout seconds. Default is 3600 (= 1 hour).

       smtp_tls_session_cache_database
	      Name of the SDBM file (type sdbm:) containing the SMTP client session cache. If the
	      file does not exist, it is created.

       smtp_tls_session_cache_timeout
	      Expiry time of SMTP client session cache entries in  seconds.  Entries  older  than
	      this  are  removed  from the session cache. A cleanup-run is performed periodically
	      every smtp_tls_session_cache_timeout seconds. Default is 3600 (= 1 hour).

Pseudo Random Number Generator
       tls_random_source
	      Name of the EGD socket or device or regular file to obtain entropy from.	The  type
	      of  entropy  source  must  be  specified by preceding the name with the appropriate
	      type: egd:/path/to/egd_socket, dev:/path/to/devicefile,  or  /path/to/regular/file.
	      tlsmgr opens tls_random_source and tries to read tls_random_bytes from it.

       tls_random_bytes
	      Number  of  bytes to be read from tls_random_source.  Default value is 32 bytes. If
	      using EGD, a maximum of 255 bytes is read.

       tls_random_exchange_name
	      Name of the file written by tlsmgr and read by  smtp  and  smtpd	at  startup.  The
	      length is 1024 bytes. Default value is /etc/postfix/prng_exch.

       tls_random_reseed_period
	      Time  in	seconds  until the next reseed from external sources is due.  This is the
	      maximum value. The actual point in time is calculated with a random factor  equally
	      distributed between 0 and this maximum value. Default is 3600 (= 60 minutes).

       tls_random_prng_update_period
	      Time in seconds until the PRNG exchange file is updated with new pseude random val-
	      ues. This is the maximum value. The actual point in time is calculated with a  ran-
	      dom factor equally distributed between 0 and this maximum value. Default is 60 (= 1
	      minute).

SEE ALSO
       smtp(8) SMTP client
       smtpd(8) SMTP server

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
											TLSMGR(8)


All times are GMT -4. The time now is 12:38 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password