[ntp:hackers] Autokey identity keys

Danny Mayer mayer at ntp.isc.org
Fri Nov 9 04:19:42 UTC 2007


Matthias Urlichs wrote:
> Hi,
> 
> timelord at horizon.com:
>> The feature request is to allow ntpd to act as a back-end for
>> such a NAT box.  But clients of the NAT box don't have to know
>> anything about that.
> 
> Right.
> 
> This should not be more involved than a "for purposes of AutoKey
> generation, pretend that your public IP address is 10.1.2.3"
> configuration option.
> 

At which point your Autokey will fail as the server will expect it to
match the actually address sending the packet and since NAT is likely to
result in giving you different adddresses and not just port numbers, the
authentication will fail.

Danny


More information about the hackers mailing list