[ntp:hackers] Samba4 and NTP integration
Luke Howard
lukeh at padl.com
Tue Apr 1 21:58:56 UTC 2008
>> Are you saying that w32time clients require authentication unless you
>> tell it where an NTP server is?
>
> That assumes a funtional AD is available and was properly set up.
Right, but given the goal of Samba 4 is to be a functional AD
replacement, this is implied.
>> Also it it's going to do authentication, why not just have it use its
>> Kerberos ticket in the packet since it has to have one in order to be
>> part of the Windows domain?
>
> You could - but the kerberos ticket only allows interplay with those
> services identified by the ticket. The key here is that the client's
> use the same ticket for everything in many instances, and that means
> that the policy control model that is presented by the use of the
> token's is really not up for individual controls per auth-method.
I don't think this is anywhere near as important an issue as the fact
that Kerberos itself requires time synchronization.
-- Luke
More information about the hackers
mailing list