[ntp:questions] Autokey users - please read

David Mills mills at udel.edu
Thu Sep 10 17:36:26 UTC 2009


Folks should understand this is a rather trivial fix to make sure 
autokeys are no shortened when a null byte is generated at random.  The 
bug has been present since 1993. Thus, "old" version will interoperate 
as will "new" versions, but old and new will not. I would like to 
simplify these things as much as possible. I am not interested in 
supporting both old and new at the same time and not interested in 
supporting on a per-associatino basis. The changes I suggested could 
easily be implemented as an option on the crypto command. There would be 
only one place to back out in the session_key() routine; the other 
changes in fact fix another bug in ntp_config.c.


Harlan Stenn wrote:

>https://support.ntp.org/bugs/show_bug.cgi?id=1243 talks about a bug that
>affects autokey users.
>We have a fix ready to go.
>There are 2 ways to go, however.
>One way is to just fix the problem, which will mean an "old" version of
>ntpd will not authenticate with a "new" version of ntpd.
>The other way is to provide a backward-compatibility mode, and there
>would be a switch in the config file that would say whether or not the
>backward-compatible mechanism should be enabled or not.
>Does anybody *know* that:
>- they are actively using autokey
>- they would have difficulty updating all of their autokey-using hosts
>  at the same time
>- and therefore they would appreciate our implementing the backward-
>  compatibility fix

More information about the questions mailing list