[ntp:questions] Re: Why ntpd is losing out to openntp at OpenBSD

David L. Mills mills at udel.edu
Sat Oct 16 17:57:35 UTC 2004


Goran,

This is what Autokey is for. You need to boogie only with 
Autokey-configured sites. Our primary server pogo has been running this 
for several months in trial. I expect soon the ISC folks will start 
handing out identity keys using an automated script. You would log in 
via the web, provide your key-encrypting key and get back the identity 
key. There are directions elsewhere, probably on the twichy, that tell 
you how to configure the client, or see the authentication options page 
in the current documentation.

The rfc2030 rules say a host can be a SNTP server only if directly 
connected to an external source, such as a GPS radio or NIST modem. To 
do that it would have to comply with the NTP protocol as a server, which 
means it would have to implement the full suite of server functions as 
described in rfc2030. A SNTP client obtaining time from another server 
cannot be a server for other clients. To do that, it would have to 
comply with the rfc1305 rules and include the NTP algorithms.

Dave

Dave

Goran Larsson wrote:
> In article <mailman.27.1097873718.72027.questions at lists.ntp.isc.org>,
> Brad Knowles  <brad at stop.mail-abuse.org> wrote:
> 
> 
>>	If you want to seriously consider OpenNTPd, then I would 
>>encourage you to look at 
>><http://bradknowles.typepad.com/considered_harmful/2004/09/openntpd.html> 
>>and make sure that you have answered in your own mind how you're 
>>going to deal with all these problems.
> 
> 
> What happens if one of those broken OpenNTPd servers manages to be
> listed in e.g. pool.ntp.org? Will it be filtered out as a false ticker
> or will it be able to give me false time? How can I make sure my NTP
> daemon never attempts to use an OpenNTPd "NTP server"? 
> 




More information about the questions mailing list