JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Alan Amos

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Problem

JS7 - Credential Store can be used in a number of places. If access to a Credential Store is slow then you probably are hit by a problem with your entropy pool settings. This problem preferably can occur with Unix operating systems. This problem is not related to JS7.

The article explains why this happens and what you can do about it.

Entropy Pool Issues

The connection to a Credential Store requires random numbers to encrypt the connection. Java releases before 12 use the /dev/random file for high quality of randomness. However, when the entropy pool falls below the number of 64 units then /dev/random will block while reading random numbers.

Java can be configured to read from the file /dev/urandom to get random numbers. The difference to the /dev/random file is that /dev/urandom does not block if random numbers are not immediately available.

Check Entropy Pool Issues (Unix)

Check Entropy Pool Configuration

You can check available entropy pool units with the command:

...

The /dev/random file will deliver the next random number when the pool has reached more than 64 entropy units and otherwise blocks any application accessing the entropy pool. Such blocks can substantially delay access to a Credential Store.

Check Temporary Resolution

To verify the entropy pool being the root cause of this issue try (requires root permission):

...

If this solves your problem then the connection to the Credential Store was not able to get random numbers from the OS in good time. Please note that the effect of the given commands is reverted on reboot.

Monitor Entropy Pool Use

You can check use of random numbers by running the following commands in two separate console windows:

...

Code Block
languagebash
titleRun test for random numbers with Unix
# initial test
dd if=/dev/random of=/dev/null bs=1024 count=1 iflag=fullblock 

# full test (should rngtest be available)
rngtest -c 100 </dev/random

Resolve Entropy Pool Issues

There are two alternative solutions: modifying the Java security settings or modifying the Java options in use.

Both solutions apply to Unix and Windows operating systems.

Modify Java Security Configuration

Java holds the security configuration for example with the ./jre/lib/security/java.security or ./conf/security/java.security files. Specific locations depend on the Java version in use. You can modify this file to point to /dev/urandom instead of /dev/random like this:

Code Block
languagebash
titleModification to java.security file
# original configuration
# securerandom.source=file:/dev/random

# updated configuration
securerandom.source=file:/dev/urandom

Modify Java Options

Modify the JAVA_OPTIONS environment variable for use with an Agent like this:

...