[ntp:hackers] unprivileged ntpd prototype
Brian Utterback
brian.utterback at sun.com
Tue Nov 3 13:54:30 UTC 2009
See? That was exactly my point before. Once you have the ability to
set the listening port and to specify alternate ports on a per server
basis, people are going to want to deploy using that feature.
Dave's original plan was to use this as a method for testing and
monitoring. But as you can see, there will be those that will want to
use the alternate port feature in production.
Now, I can't say that they should not, but I can say that it violates
the RFC and that it is a feature that has been discussed and rejected
many times before.
So, we have three choices:
1. Reject the alternate port feature out of hand.
2. Force the synth-clock when an alternate port is in use, making the
alternate port useless in deployment.
3. Re-visit the prohibition against using alternate ports.
Hal Murray wrote:
>> What other reasons are there for using a synthetic clock or alternate
>> port?
>
> I thought of a potential useful reason for using an alternate port.
>
> Suppose you are behind a NAT box.
>
> If you only have one NTP server, it's simple to point port 123 on your
> external NAT side to that server. If you have 2 or more servers, I don't
> know how to let the external users specify which server they want to contact.
>
> With the extension, you could point port 1234 at the second server, port 2234
> at the 3rd server ...
>
>
--
blu
It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom
More information about the hackers
mailing list