<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
For internal encrypting/decrypting operations we want to use a NFS location for the gpg keystore available to two (possibly more) user IDs across many servers. It was designed this way so we did not have to share the keystore to each server and updates to
the keystore could be done in one location, not on several (100+) servers. When the servers and the NAS appliance are on the same network and domain, there is no issue calling the fcntl system call to lock the random_seed file. However, we are moving the
servers to a new network and a new domain but not all at once. This is where the issue showed up. On servers already moved to the new network/domain any fctnl on the randon_seed file hangs. Servers still in the same network/domain as the NAS appliance work
as before (no hang). We believe this is a firewall issue and are investigating a solution.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
However, this leads to the following questions: what functionality does the random_seed file provide? We know it can be ignored with the --no-random-seed-file option, but there is the possibility of doing many <span style="background-color:rgb(255, 255, 255);display:inline !important">encrypting/decrypting
operations simultaneously from both user IDs executing on different servers. Would ignoring the file locking on the random_seed file with the --no-random-seed-file option cause issues with independent processes accessing the same keystore at the same time
on different servers? If so, what are those issues, and can they be avoided/worked around?</span></div>
</body>
</html>