ntpd replacement (Was: Re: Import of DragonFly Mail Agent)
Joe Holden
lists at rewt.org.uk
Mon Feb 24 11:33:13 UTC 2014
On 24/02/2014 11:26, Joe Holden wrote:
> On 24/02/2014 11:18, Ollivier Robert wrote:
>> According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +0000:
>>> hm, I can't say I have noticed this as being a problem where I've
>>> used it, are there any scenarios where this is a showstopper?
>>
>> Non-support for auth is a concern, lack of NTPv4 protocol support is
>> another. Base ntpd also include SNTP which is a lightweight NTPv3
>> client.
>>
> I suspect if you can't be reasonably sure about the integrity of your
> network traffic you have other problems anyway... one can run ntpd -s to
> get a similar function to ntpdate/sntp.
>
> But again, for 99% of installs as a client, auth and/or ntpv4 doesn't
> matter and much like sendmail/dma, one can always install ntp.org from
> ports if they require authentication (I've never seen it used).
The other point I should make here is that if you care that much about
time security you shouldn't be contacting ntp servers over 3rd party
networks anyway, at least not without some IP-level
encryption/authentication, or use a source that can't easily be used as
an attack surface, such as GPS/MSF etc.
More information about the freebsd-current
mailing list