DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

prngd(1)

NAME

       prngd - Pseudo Random Number Generator Daemon

SYNOPSIS

       prngd [ command_opts ] /path/to/socket [ /path/to/other_socket ]

       prngd -k/--killmode /path/to/socket [ /path/to/other_socket ]

DESCRIPTION

       PRNGD is the Pseudo Random Number Generator Daemon.  It offers an EGD
       compatible interface to obtain random data and is intended to be used
       as an entropy source to feed other software, especially software based
       on OpenSSL.

       Like EGD (http://sourceforge.net/projects/egd/) it calls system pro-
       grams to collect entropy.  Unlike EGD it does not generate a pool of
       random bits that can be called from other software.

       Rather it feeds the bits gathered into its internal PRNG from which the
       "random bits" are obtained when requested. This way, PRNGD is never
       drained and can never block (unlike EGD), so it is also suitable to
       seed inetd-started programs.

       It also features a seed-save file, so that it is immediately usable
       after system start.

USAGE

       Startup - (reads the seed file)
        /usr/local/bin/prngd [other options] /var/run/egd-pool

       Clean shutdown - (saves current data to the seed file)
        /usr/local/bin/prngd --kill /var/run/egd-pool

       The above line should be added to the system startup files so that
       prngd starts up before any program that would query the random data
       socket, such as OpenSSH.

       PRNGD supports both UNIX sockets (as shown in the examples) as well as
       TCP sockets (localhost only!). There is no port number registered
       (yet), so pick a free port on your system, e.g. 708 when running with
       root perms and you want to offer it as a system service, or 4840 with-
       out root perms.

       Both ports are not assigned to any service as of
        http://www.isi.edu/in-notes/iana/assignments/port-numbers

       To have PRNGD listen on both the Unix socket and TCP do
        prngd [other options] /var/run/egd-pool tcp/localhost:708 tcp/local-
       host:4840

       You should add these lines to /etc/services: (substitute your chosen
       ports)
        prngd         708/tcp     # prngd/EGD system service
        prngd-user    4840/tcp    # prngd/EGD user service

       PRNGD itself by now only handles numerical port numbers.

OPTIONS

       PRNGD has the following options:

       -c / --cmdfile file
           Read the entropy gathering commands from "file" instead of reading
           from the compiled in default location.

       -d / --debug
           Do not go into daemon (background) mode and print diagnostic mes-
           sages to stderr.

       -f / --fg
           Stay in foreground, do not fork. Do not print diagnostic messages.
           This is e.g. usefull when using AIX System Resource Controller, so
           that the resource controler could detect a crash of prngd.

       -k / --kill
           Kill the daemon(s) at the locations given. It is possible to kill
           more than one prngd at a time with this command. If several loca-
           tions are given at one time, prngd will try to contact them one
           after the other, query the process id according to the EGD protocol
           and send a SIGTERM to the process. As one daemon may server more
           than one socket, one may wish to kill the daemon with the same
           argument that was used to start prngd.  The kill operation will
           however only succeed for the first socket, as the daemon will be
           killed in the first attempt. prngd -k ... will therefore silently
           ignore the failure at the other location(s).

       -m / --mode mode
           Set the file access mode of the UNIX socket to be "mode". The mode
           is set after creation of the socket. This option can be used to
           restrict access to prngd. If more than one UNIX socket is served by
           prngd, the same mode setting applies to all UNIX sockets. The mode
           must be given in numeric notation, e.g. 777 for read and write and
           execute permission for owner/group/other.

       -n / --no-seedfile
           Do not read from any seedfile and do not create a seedfile or write
           to any seedfile.

       -p / --pidfile file
           Write the pid of the prngd process into the specified file. If this
           option is not explicitly used, no pid-file will be written, as
           prngd -k can be used to kill a running prngd.

       -s / --seedfile file
           Location of the seedfile. The file is read at startup to initially
           seed the PRNG. On clean shutdown entropy is retrieved from the pool
           and written back to the file. If no location is given, the compiled
           in location of the seedfile is used. If the seedfile does not exist
           on startup, it is created automatically.

       -v / --version
           Print the version of prngd and exit.

DIAGNOSTICS

AUTHOR/LICENSE

       Author: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

       This software is free. You can do with it whatever you want.  I would
       however kindly ask you to acknowledge the use of this package, if you
       are going use it in your software, which you might be going to distrib-
       ute. I would also like to receive a note if you are a satisfied user
       :-)

SEE ALSO

       PRNGD Home Page:
         http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html

       Related Sites:
         http://sourceforge.net/projects/egd/
         http://www.openssh.org/
         http://www.openssl.org/

2002-05-17                      SCO OpenServer                        PRNGD(1)
Man(1) output converted with man2html