[ntp:questions] Re: Why ntpd is losing out to openntp at OpenBSD
David L. Mills
mills at udel.edu
Sat Oct 16 17:57:35 UTC 2004
This is what Autokey is for. You need to boogie only with
Autokey-configured sites. Our primary server pogo has been running this
for several months in trial. I expect soon the ISC folks will start
handing out identity keys using an automated script. You would log in
via the web, provide your key-encrypting key and get back the identity
key. There are directions elsewhere, probably on the twichy, that tell
you how to configure the client, or see the authentication options page
in the current documentation.
The rfc2030 rules say a host can be a SNTP server only if directly
connected to an external source, such as a GPS radio or NIST modem. To
do that it would have to comply with the NTP protocol as a server, which
means it would have to implement the full suite of server functions as
described in rfc2030. A SNTP client obtaining time from another server
cannot be a server for other clients. To do that, it would have to
comply with the rfc1305 rules and include the NTP algorithms.
Goran Larsson wrote:
> In article <mailman.27.1097873718.72027.questions at lists.ntp.isc.org>,
> Brad Knowles <brad at stop.mail-abuse.org> wrote:
>> If you want to seriously consider OpenNTPd, then I would
>>encourage you to look at
>>and make sure that you have answered in your own mind how you're
>>going to deal with all these problems.
> What happens if one of those broken OpenNTPd servers manages to be
> listed in e.g. pool.ntp.org? Will it be filtered out as a false ticker
> or will it be able to give me false time? How can I make sure my NTP
> daemon never attempts to use an OpenNTPd "NTP server"?
More information about the questions