[ntp:bugs] [Bug 1242] --enable-wintime should be enabled by default on all target systems
Dave Hart via the NTP Bugzilla
bugzilla at ntp.org
Mon Jul 6 12:03:23 UTC 2009
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-07-06 12:03
(In reply to Martin's comment #27)
> (In reply to Dave Hart's comment #17)
> > (In reply to Martin's comment #16)
> > > (In reply to Dave Mills' comment #14)
> > > > Then, the Samba folks hijacked the ifdef, but I didn't
> > > > notice it. If I had, I would have squawked. The two uses of WINTIME
> > > > should be separated;
> > >
> > > I absolutely agree. A different symbol should be used to control support
> > > for MS authentication.
> > Dave & Martin: It's not fair to describe the interaction of WINTIME and the
> > Samba "signd" extension to implement the Microsoft-style signed NTP
> > documented in [MS-SNTP] as hijacking WINTIME.
> I think the meaning of this is that WINTIME has originally been used to
> the workaround for w32time peer packets.
> Later WINTIME started to be used also to control whether MS style
> authentication shall be supported, or not.
No, WINTIME alone controls only whether ntpd drops or replies to unauthenticated
symmetric mode requests from a non-configured peer.
> Basically these are 2 different things, so they should be controlled by
> different symbols. I.e. it should be *possible* to enable the peer workaround
> without enabling support for MS authentication. Using HAVE_NTP_SIGND for this,
> as Dave Mills has suggested, sounds good to me.
This is what we have today. If you compile with WINTIME alone, ntpd works for
the simple Windows "Internet Time" case, but does not reply to requests from
domain members for Windows-style authenticated time.
> If support for MS authentication also *requires* the peer workaround then this
> should be reflected in a dependency of the settings, i.e. WINTIME should be
> forced to be defined if HAVE_NTP_SIGND has been defined, but the other way
> round HAVE_NTP_SIGND must not necessarily be defined just because WINTIME has
Both macros are set up by configure/configure.ac, which does not currently
enforce the dependency, but it does default WINTIME to on if HAVE_NTP_SIGND is
enabled. That is, configure --enable-ntp-signd --disable-wintime is currently
accepted by configure and will result in a broken signd configuration as the
necessary code to set FLAG_ADKEY is omitted. I agree the dependency should be
enforced, either with .c/.h code to force on WINTIME if HAVE_NTP_SIGND is set,
or by configure.ac.
Dave Hart <hart at ntp.org>
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the bugs