Config file format - (Was: [ntp:hackers] FreeBSD serial ports)

David L. Mills mills at udel.edu
Sat Feb 19 10:36:52 PST 2005


Harlan,

Lemme hear the word s*e*c*u*r*i*t*y here. I have no trouble with your 
suggestion as long as it is as secure as TLS (ssh). Is there a secure 
precedent for configuration file URL's?

If you think I am being paranoid here, you should see the comments from 
the reviewers of the proposed SNTP RFC. Four paes of tiny text, 90% of 
which is on security.

If you want a common configuration file from a local server, mount 
/usr/local/etc from a server machine as we do here with several hundred 
clients. Almost all of these use multicast.

Dave

Harlan Stenn wrote:

>I see no reason to lose the remote config stuff - it is mode7 and is
>implementation-specific.
>
>I would also like to see the -c flag take a URL as an option, so one might
>say:
>
> ntpd -c file:///etc/ntp.conf  (current behavior)
>
> ntpd -c http://ntpconf.my.dom.ain  (get a conf file from a local server)
>
>
>I'd also like to have the ability for ntpd to write its current config file.
>
>Just some thoughts.
>
>H
>




More information about the hackers mailing list