[ntp:hackers] unprivileged ntpd prototype

Brian Utterback brian.utterback at sun.com
Tue Nov 3 13:54:30 UTC 2009


See? That was exactly my point before. Once you have the ability to 
set the listening port and to specify alternate ports on a per server 
basis, people are going to want to deploy using that feature.

Dave's original plan was to use this as a method for testing and 
monitoring. But as you can see, there will be those that will want to 
use the alternate port feature in production.

Now, I can't say that they should not, but I can say that it violates 
the RFC and that it is a feature that has been discussed and rejected 
many times before.

So, we have three choices:

1. Reject the alternate port feature out of hand.
2. Force the synth-clock when an alternate port is in use, making the 
alternate port useless in deployment.
3. Re-visit the prohibition against using alternate ports.

Hal Murray wrote:
>> What other reasons are there for using a synthetic clock or alternate
>> port?   
> 
> I thought of a potential useful reason for using an alternate port.
> 
> Suppose you are behind a NAT box.
> 
> If you only have one NTP server, it's simple to point port 123 on your 
> external NAT side to that server.  If you have 2 or more servers, I don't 
> know how to let the external users specify which server they want to contact.
> 
> With the extension, you could point port 1234 at the second server, port 2234 
> at the 3rd server ...
> 
> 

-- 
blu

It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom


More information about the hackers mailing list