diff --git a/configure.in b/configure.in
index 7536168e2..9a610f623 100644
--- a/configure.in
+++ b/configure.in
@@ -23,9 +23,31 @@ AC_SUBST(ipsecdir, '${libexecdir}/ipsec')
 AC_SUBST(confdir, '${sysconfdir}')
 AC_SUBST(piddir, '/var/run')
 
-dnl ===========================
-dnl  check --enable-xxx params
-dnl ===========================
+dnl =================================
+dnl  check --enable-xxx & --with-xxx
+dnl =================================
+
+
+AC_ARG_WITH(
+    [default-pkcs11],
+    AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than /usr/lib/opensc-pkcs11.so]),
+    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")],
+    [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")]
+)
+
+AC_ARG_WITH(
+    [random-device],
+    AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than /dev/random]),
+    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")],
+    [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")]
+)
+
+AC_ARG_WITH(
+    [urandom-device],
+    AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than /dev/urandom]),
+    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")],
+    [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")]
+)
 
 AC_ARG_ENABLE(
     [http],
@@ -37,27 +59,17 @@ AM_CONDITIONAL(USE_LIBCURL, test x$http = xtrue)
 
 AC_ARG_ENABLE(
     [ldap],
-    AS_HELP_STRING([--enable-ldap],[enable fetching of CRLs from LDAP (default is NO). Requires openldap. \
-                                    Protocol version 2 or 3 are supported, use --with-ldap=version to specify \
-                                    explicitly.]),
+    AS_HELP_STRING([--enable-ldap],[enable fetching of CRLs from LDAP (default is NO). Requires openLDAP.]),
     ldap=true
-    [case "${enableval}" in
-        2) AC_DEFINE(LDAP_VER, 2) ;;
-        3) AC_DEFINE(LDAP_VER, 3) ;;
-        *) AC_MSG_ERROR([Invalid LDAP protocol version specified!]) ;;
-        esac
-    ]
+    AC_DEFINE(LDAP_VER, 3)
 )
 AM_CONDITIONAL(USE_LDAP, test x$ldap = xtrue)
 
 AC_ARG_ENABLE(
-    [pkcs11],
-    AS_HELP_STRING([--enable-pkcs11],[enable PKCS11 smartcard support (default is NO). \
-                                      Set the default PKCS11 library using \
-                                      --enable-pkcs11=/path/to/default-pkcs11.so]),
+    [smartcard],
+    AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]),
     smartcard=true
     AC_DEFINE(SMARTCARD)
-    AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$enableval")
 )
 AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue)
 
@@ -65,7 +77,7 @@ AC_ARG_ENABLE(
     [leak-detective],
     AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]),
     leak_detective=true
-    AC_DEFINE(USE_LEAK_DETECTIVE)
+    AC_DEFINE(LEAK_DETECTIVE)
 )
 AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
 
diff --git a/src/libstrongswan/utils/randomizer.c b/src/libstrongswan/utils/randomizer.c
index 09e81894e..5db150e92 100644
--- a/src/libstrongswan/utils/randomizer.c
+++ b/src/libstrongswan/utils/randomizer.c
@@ -65,7 +65,7 @@ static status_t get_bytes_from_device(private_randomizer_t *this,bool pseudo_ran
 	size_t got;
 	char * device_name;
 
-	device_name = pseudo_random ? PSEUDO_RANDOM_DEVICE : RANDOM_DEVICE;
+	device_name = pseudo_random ? DEV_URANDOM : DEV_RANDOM;
 
 	device = open(device_name, 0);
 	if (device < 0) {
diff --git a/src/libstrongswan/utils/randomizer.h b/src/libstrongswan/utils/randomizer.h
index 993f71d12..a2e0f75c8 100644
--- a/src/libstrongswan/utils/randomizer.h
+++ b/src/libstrongswan/utils/randomizer.h
@@ -26,15 +26,19 @@
 #include <types.h>
 
 
+#ifndef DEV_RANDOM
 /**
  * Device to read real random bytes
  */
-#define RANDOM_DEVICE "/dev/random"
+# define DEV_RANDOM "/dev/random"
+#endif
 
+#ifndef DEV_URANDOM
 /**
  * Device to read pseudo random bytes
  */
-#define PSEUDO_RANDOM_DEVICE "/dev/urandom"
+# define DEV_URANDOM "/dev/urandom"
+#endif
 
 typedef struct randomizer_t randomizer_t;
 
diff --git a/src/pluto/rnd.c b/src/pluto/rnd.c
index da72cc8ff..812882c6b 100644
--- a/src/pluto/rnd.c
+++ b/src/pluto/rnd.c
@@ -69,7 +69,7 @@
 
 #ifdef linux
 # define USE_DEV_RANDOM	1
-# define RANDOM_PATH    "/dev/urandom"
+# define RANDOM_PATH    DEV_URANDOM
 #else
 # ifdef __OpenBSD__
 #  define USE_ARC4RANDOM
diff --git a/src/scepclient/rsakey.c b/src/scepclient/rsakey.c
index c4f26b286..a7c6321f5 100644
--- a/src/scepclient/rsakey.c
+++ b/src/scepclient/rsakey.c
@@ -47,8 +47,8 @@
 /* Public exponent used for signature key generation */
 #define PUBLIC_EXPONENT		0x10001
 
-#ifndef RANDOM_DEVICE
-#define	RANDOM_DEVICE	"/dev/random"
+#ifndef DEV_RANDOM
+#define	DEV_RANDOM	"/dev/random"
 #endif
 
 
@@ -66,9 +66,9 @@ get_true_random_bytes(size_t nbytes, char *buf)
 {
     size_t ndone;
     size_t got;
-    char *device = RANDOM_DEVICE;
+    char *device = DEV_RANDOM;
 
-    int dev = open(RANDOM_DEVICE, 0);
+    int dev = open(DEV_RANDOM, 0);
 
     if (dev < 0)
     {
diff --git a/src/starter/files.h b/src/starter/files.h
index 39b89bc2d..88b670d94 100644
--- a/src/starter/files.h
+++ b/src/starter/files.h
@@ -19,8 +19,6 @@
 
 #define STARTER_PID_FILE IPSEC_PIDDIR "/starter.pid"
 
-#define DEV_RANDOM      "/dev/random"
-#define DEV_URANDOM     "/dev/urandom"
 #define PROC_NETKEY	"/proc/net/pfkey"
 #define PROC_MODULES	"/proc/modules"