On 24/02/2014 11:26, Joe Holden wrote: > On 24/02/2014 11:18, Ollivier Robert wrote: >> According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +0000: >>> hm, I can't say I have noticed this as being a problem where I've >>> used it, are there any scenarios where this is a showstopper? >> >> Non-support for auth is a concern, lack of NTPv4 protocol support is >> another. Base ntpd also include SNTP which is a lightweight NTPv3 >> client. >> > I suspect if you can't be reasonably sure about the integrity of your > network traffic you have other problems anyway... one can run ntpd -s to > get a similar function to ntpdate/sntp. > > But again, for 99% of installs as a client, auth and/or ntpv4 doesn't > matter and much like sendmail/dma, one can always install ntp.org from > ports if they require authentication (I've never seen it used). The other point I should make here is that if you care that much about time security you shouldn't be contacting ntp servers over 3rd party networks anyway, at least not without some IP-level encryption/authentication, or use a source that can't easily be used as an attack surface, such as GPS/MSF etc.Received on Mon Feb 24 2014 - 10:33:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC