[ntp:hackers] Protocol specification modification for MS-SNTP

Martin Burnicki martin.burnicki at meinberg.de
Thu Jul 9 13:03:05 UTC 2009


Dave,

Dave Mills wrote:
> Dave,
>
> I might not have been clear. The resonse to a symmetric active request
> is unconditionally a symmetric pasive packet. If authentirated, an
> association is mobilized. There is no way a symmetric active peer can
> tell if an association has been mobilized or not. This is all consistent
> with the spec and no enable bit is necessary.

That's IMHO a good solution and I appreciate this.

> I continue to be uncomfortable with an agenda that says compile the code
> whether or not it might be used. Is there some way you can tell from the
> environment that Samba is active? Thie Autokey code is compiled only if
> OpenSSL is present by default. This puppy is getting downright huge and
> needs to be potty trained.

In my opinion the problem is that nowadays only few people build the NTP 
package on their final target systems.

Not only the Windows port is shipped as a set of binaries, also Linux, 
Solaris, and (AFAIK) FreeBSD provide binary packages which are precompiled by 
the maintainers of the OS or distribution. So, for example, only the 
maintainers need to have the openSSL headers installed. On the end user's 
target system it is sufficient to have the openSSL libs installed.

Similarly, the end user can decide whether he wants to have the Samba daemon 
running or not, and I don't believe he would be happy to recompile the NTP 
daemon just because Sambe shall be running but the NTP installation package 
comes with support for Samba authentication disabled.

Martin
-- 
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany


More information about the hackers mailing list