[ntp:questions] Re: why does my unauthenticated peer still sync?

mlawdawg@yahoo.com mlawdawg at comcast.net
Wed Mar 8 17:54:45 UTC 2006


Hi Danny,

Thanks for reading my post and replying. I understand your point that
it's the client that decides whether or not to append the
authentication info (ie. "mac"). However, there's still an important
difference occuring on the "server" side that I don't understand.

When the client does not send authentication info, the "server" side
(really the "symmetric passive" side) will NOT mobilize an ephemeral
symmetic passive association because in receive() sys_authenticate is 1
and is_authentic is 0, resulting in the server side sending the
"crypto-NAK" via fast_xmit().

When the client does send valid authentication info, the "server" side
WILL mobilize an ephemeral symmetic passive association because
sys_authenticate is 1 and is_authentic is 1.

So, in the former case the "server" side does NOT have a symmetic
passive association and in the later case it does. This doesn't seem
correct. Isn't there some impact of the symmetic passive association
NOT being created in the former case?

Tx,
Mark




More information about the questions mailing list