Manual Pages for UNIX Darwin command on man tlsmgr
MyWebUniversity

Manual Pages for UNIX Darwin command on man tlsmgr

TLSMGR(8) TLSMGR(8)





NAME
       tlsmgr - Postfix TLS session cache and PRNG handling manager



SYNOPSIS
       ttllssmmggrr [generic Postfix daemon options]


DESCRIPTION
       The  tlsmgr  process  does  housekeeping  on the session cache database

       files. It runs through the databases and removes  expired  entries  and
       entries written by older (incompatible) versions.


       The  tlsmgr  is  responsible  for  the PRNG handling. The used internal

       OpenSSL PRNG has a pool size of 8192 bits (= 1024 bytes). The  pool  is

       initially  seeded at startup from an external source (EGD or /dev/uran-

       dom) and additional seed is obtained later during program run at a con-

       figurable  interval.  The  exact  time of each successive seed query is

       randomly distributed in the range of [0-ttllssrraannddoommrreesseeeeddppeerriioodd]  with

       ttllssrraannddoommrreesseeeeddppeerriioodd having a default of 1 hour.


       Tlsmgr can be run chrooted and with dropped privileges, as it will con-

       nect to the entropy source at startup.

       The PRNG is additionally seeded internally by the  data  found  in  the
       session cache and timevalues.

       Tlsmgr  reads  the  old  value  of the exchange file at startup to keep
       entropy already collected during previous runs.

       From the PRNG random pool a cryptographically strong 1024  byte  random
       sequence  is  written  into the PRNG exchange file. The file is updated

       periodically  with  the  time  changing   randomly   from   [0-ttllssrraann-

       ddoommpprrnngguuppddaatteeppeerriioodd].

STANDARDSSSEECCUURRIITTYY

       Tlsmgr  is  not security-sensitive. It only deals with external data to

       be fed into the PRNG, its content is never trusted. The  session  cache
       housekeeping  will  only remove entries if expired and will never touch
       the contents of the cached data.

DIAGNOSTICS       Problems and transactions are logged to the syslog daemon.


BUGS
       There is no automatic means to limit the number of entries in the  ses-

       sion caches and/or the size of the session cache files.

CCOONNFFIIGGUURRAATTIIOONN PPAARRAAMMEETTEERRSS

       The  following  mmaaiinn..ccff parameters are especially relevant to this pro-

       gram. See the Postfix mmaaiinn..ccff file for syntax details and  for  default
       values. Use the ppoossttffiixx rreellooaadd command after a configuration change.

SSeessssiioonn CCaacchhee
       ssmmttppddttllsssseessssiioonnccaacchheeddaattaabbaassee
              Name  of  the  SDBM file (type sdbm:) containing the SMTP server
              session cache. If the file does not exist, it is created.

       ssmmttppddttllsssseessssiioonnccaacchheettiimmeeoouutt
              Expiry time of SMTP server session  cache  entries  in  seconds.
              Entries  older  than  this are removed from the session cache. A

              cleanup-run  is  performed  periodically  every   ssmmttppddttllsssseess-

              ssiioonnccaacchheettiimmeeoouutt seconds. Default is 3600 (= 1 hour).

       ssmmttppttllsssseessssiioonnccaacchheeddaattaabbaassee
              Name  of  the  SDBM file (type sdbm:) containing the SMTP client
              session cache. If the file does not exist, it is created.

       ssmmttppttllsssseessssiioonnccaacchheettiimmeeoouutt
              Expiry time of SMTP client session  cache  entries  in  seconds.
              Entries  older  than  this are removed from the session cache. A

              cleanup-run  is  performed  periodically   every   ssmmttppttllsssseess-

              ssiioonnccaacchheettiimmeeoouutt seconds. Default is 3600 (= 1 hour).

PPsseeuuddoo RRaannddoomm NNuummbbeerr GGeenneerraattoorr
       ttllssrraannddoommssoouurrccee
              Name  of  the  EGD  socket  or  device or regular file to obtain
              entropy from. The type of entropy source must  be  specified  by
              preceding     the    name    with    the    appropriate    type:
              egd:/path/to/egdsocket,       dev:/path/to/devicefile,       or

              /path/to/regular/file.  tlsmgr opens ttllssrraannddoommssoouurrccee and tries

              to read ttllssrraannddoommbbyytteess from it.

       ttllssrraannddoommbbyytteess
              Number of bytes to  be  read  from  ttllssrraannddoommssoouurrccee.   Default
              value is 32 bytes. If using EGD, a maximum of 255 bytes is read.

       ttllssrraannddoommeexxcchhaannggeennaammee

              Name of the file written by tlsmgr and read by smtp and smtpd at

              startup.  The  length is 1024 bytes. Default value is /etc/post-

              fix/prngexch.

       ttllssrraannddoommrreesseeeeddppeerriioodd
              Time in seconds until the next reseed from external  sources  is
              due.   This  is  the  maximum value. The actual point in time is
              calculated with a random factor equally  distributed  between  0
              and this maximum value. Default is 3600 (= 60 minutes).

       ttllssrraannddoommpprrnngguuppddaatteeppeerriioodd
              Time in seconds until the PRNG exchange file is updated with new
              pseude random values. This is  the  maximum  value.  The  actual

              point  in  time  is calculated with a random factor equally dis-

              tributed between 0 and this maximum value. Default is  60  (=  1
              minute).


SEE ALSO
       smtp(8) SMTP client
       smtpd(8) SMTP server

LLIICCEENNSSEE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)                                                                     TLSMGR(8)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™