MyWebUniversity.com Home Page
 



Darwin Mac OS X man pages main menu 
TLSMGR(8)                                                            TLSMGR(8)



NAME
       tlsmgr - Postfix TLS session cache and PRNG handling manager

SYNOPSIS
       tlsmgr [generic Postfix daemon options]

DESCRIPTION
       The  tlsmgr  process  does  housekeeping  on the session cache database
       files. It runs through the databases and removes  expired  entries  and
       entries written by older (incompatible) versions.

       The  tlsmgr  is  responsible  for  the PRNG handling. The used internal
       OpenSL PRNG has a pool size of 8192 bits (= 1024 bytes). The  pool  is
       initially  seeded at startup from an external source (EGD or /dev/uran-
       dom) and additional seed is obtained later during program run at a con-
       figurable  interval.  The  exact  time of each successive seed query is
       randomly distributed in the range of [0-tlsrandomreseedperiod]  with
       tlsrandomreseedperiod having a default of 1 hour.

       Tlsmgr can be run chrooted and with dropped privileges, as it will con-
       nect to the entropy source at startup.

       The PRNG is additionally seeded internally by the  data  found  in  the
       session cache and timevalues.

       Tlsmgr  reads  the  old  value  of the exchange file at startup to keep
       entropy already collected during previous runs.

       From the PRNG random pool a cryptographically strong 1024  byte  random
       sequence  is  written  into the PRNG exchange file. The file is updated
       periodically  with  the  time  changing   randomly   from   [0-tlsran-
       domprngupdateperiod].

STANDARDS
SECURITY
       Tlsmgr  is  not security-sensitive. It only deals with external data to
       be fed into the PRNG, its content is never trusted. The  session  cache
       housekeeping  will  only remove entries if expired and will never touch
       the contents of the cached data.

DIAGNOSTICS
       Problems and transactions are logged to the syslog daemon.

BUGS
       There is no automatic means to limit the number of entries in the  ses-
       sion caches and/or the size of the session cache files.

CONFIGURATION PARAMETERS
       The  following  main.cf parameters are especially relevant to this pro-
       gram. See the Postfix main.cf file for syntax details and  for  default
       values. Use the postfix reload command after a configuration change.

Session Cache
       smtpdtlssessioncachedatabase
              Name  of  the  SDBM file (type sdbm:) containing the SMTP server
              session cache. If the file does not exist, it is created.

       smtpdtlssessioncachetimeout
              Expiry time of SMTP server session  cache  entries  in  seconds.
              Entries  older  than  this are removed from the session cache. A
              cleanup-run  is  performed  periodically  every   smtpdtlsses-
              sioncachetimeout seconds. Default is 3600 (= 1 hour).

       smtptlssessioncachedatabase
              Name  of  the  SDBM file (type sdbm:) containing the SMTP client
              session cache. If the file does not exist, it is created.

       smtptlssessioncachetimeout
              Expiry time of SMTP client session  cache  entries  in  seconds.
              Entries  older  than  this are removed from the session cache. A
              cleanup-run  is  performed  periodically   every   smtptlsses-
              sioncachetimeout seconds. Default is 3600 (= 1 hour).

Pseudo Random Number Generator
       tlsrandomsource
              Name  of  the  EGD  socket  or  device or regular file to obtain
              entropy from. The type of entropy source must  be  specified  by
              preceding     the    name    with    the    appropriate    type:
              egd:/path/to/egdsocket,       dev:/path/to/devicefile,       or
              /path/to/regular/file.  tlsmgr opens tlsrandomsource and tries
              to read tlsrandombytes from it.

       tlsrandombytes
              Number of bytes to  be  read  from  tlsrandomsource.   Default
              value is 32 bytes. If using EGD, a maximum of 255 bytes is read.

       tlsrandomexchangename
              Name of the file written by tlsmgr and read by smtp and smtpd at
              startup.  The  length is 1024 bytes. Default value is /etc/post-
              fix/prngexch.

       tlsrandomreseedperiod
              Time in seconds until the next reseed from external  sources  is
              due.   This  is  the  maximum value. The actual point in time is
              calculated with a random factor equally  distributed  between  0
              and this maximum value. Default is 3600 (= 60 minutes).

       tlsrandomprngupdateperiod
              Time in seconds until the PRNG exchange file is updated with new
              pseude random values. This is  the  maximum  value.  The  actual
              point  in  time  is calculated with a random factor equally dis-
              tributed between 0 and this maximum value. Default is  60  (=  1
              minute).

SEE ALSO
       smtp(8) SMTP client
       smtpd(8) SMTP server

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
                                                                     TLSMGR(8)
Darwin Mac OS X man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™