[ntp:questions] NTP MD5

Brad Knowles brad at stop.mail-abuse.org
Mon Sep 12 10:37:11 UTC 2005


At 5:41 PM +0800 2005-09-12, Eric Liu wrote:

>  I am testing authentication with ntp-4.2.0.

	If you're going to test ntpd-4.2.x, then you should be testing 
one of the latest ntp-dev snapshot tarballs.  Go to 
<http://ntp.isc.org/bin/view/Main/SoftwareDownloads>, follow the link 
to <http://ntp.isc.org/bin/view/Main/SoftwareDevelopment>, then the 
link to <http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/> (or the FTP 
equivalent), then ultimately down to 
<http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-dev/2005/09/>.


	The point is that 4.2.0-RELEASE was cut almost two years ago, and 
in the meanwhile there have been a whole host of changes that have 
happened throughout the code.  Many vendors have decided to back-port 
some of these changes to their versions of ntpd which are actually 
based on older code, but they haven't increased the version number.

	So, the 4.2.0-RELEASE code you get from us might have an older 
MD5 library routine than the ntpd-4.1.2-whatever code provided by Red 
Hat, and which they have hacked a great deal on.

	If you make sure to get one of our latest ntp-dev tarballs, you 
will have the absolute latest code in this area.  Alternatively, you 
can wait a couple of weeks (or maybe less), for the official 
4.2.1-RELEASE version to come out.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list