APR presently uses /dev/random for entropy. Since /dev/random blocks if no entropy is available, and on servers, entropy tends not be generated too quickly, applications that are used often then use APR to get entropy tend to block and hence become useless. I reported this bug in mod_auth_cas here, and the developer pointed me to the APR, so I created this bug report. Here's the original issue: http://www.ja-sig.org/issues/browse/MAS-16
See apr-1.3.0 - this was already addressed.