Chrooted servers

If your server is chrooted and you have no access to /dev/random or /dev/urandom this can be a security risk. LAM stores your LDAP password encrypted in the session. LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. Therefore the key can be easily guessed. An attaker needs read access to the session file (e.g. by another Apache instance) to exploit this.