[ntp:questions] Autokey users - please read
mills at udel.edu
Thu Sep 10 17:36:26 UTC 2009
Folks should understand this is a rather trivial fix to make sure
autokeys are no shortened when a null byte is generated at random. The
bug has been present since 1993. Thus, "old" version will interoperate
as will "new" versions, but old and new will not. I would like to
simplify these things as much as possible. I am not interested in
supporting both old and new at the same time and not interested in
supporting on a per-associatino basis. The changes I suggested could
easily be implemented as an option on the crypto command. There would be
only one place to back out in the session_key() routine; the other
changes in fact fix another bug in ntp_config.c.
Harlan Stenn wrote:
>https://support.ntp.org/bugs/show_bug.cgi?id=1243 talks about a bug that
>affects autokey users.
>We have a fix ready to go.
>There are 2 ways to go, however.
>One way is to just fix the problem, which will mean an "old" version of
>ntpd will not authenticate with a "new" version of ntpd.
>The other way is to provide a backward-compatibility mode, and there
>would be a switch in the config file that would say whether or not the
>backward-compatible mechanism should be enabled or not.
>Does anybody *know* that:
>- they are actively using autokey
>- they would have difficulty updating all of their autokey-using hosts
> at the same time
>- and therefore they would appreciate our implementing the backward-
> compatibility fix
More information about the questions