[ntp:hackers] Samba4 and NTP integration

Luke Howard lukeh at padl.com
Tue Apr 1 21:58:56 UTC 2008


>> Are you saying that w32time clients require authentication unless you
>> tell it where an NTP server is?
>
> That  assumes a funtional AD  is available and was properly set up.

Right, but given the goal of Samba 4 is to be a functional AD  
replacement, this is implied.

>> Also it it's going to do authentication, why not just have it use its
>> Kerberos ticket in the packet since it has to have one in order to be
>> part of the Windows domain?
>
> You could - but the kerberos ticket only allows interplay with those  
> services identified by the ticket. The key here is that the client's  
> use the same ticket for everything in many instances, and that means  
> that the policy control model that is presented by the use of the  
> token's is really not up for individual controls per auth-method.


I don't think this is anywhere near as important an issue as the fact  
that Kerberos itself requires time synchronization.

-- Luke


More information about the hackers mailing list