network time default, f23

Simo Sorce simo at redhat.com
Tue Sep 1 15:16:52 UTC 2015


On Tue, 2015-09-01 at 16:57 +0200, Miroslav Lichvar wrote:
> On Tue, Sep 01, 2015 at 10:42:00AM -0400, Simo Sorce wrote:
> > On Tue, 2015-09-01 at 11:26 +0200, Miroslav Lichvar wrote:
> > Just FYI, the reason we chose ntpd and stuck top it is that we
> > eventually want to support MS-SNTP signing (for compatibility with
> > windows clients/samba). We haven't done that yet because when we did
> > work on the component it was still an external patch (IIRC) even for
> > ntpd, but signing time is something we'd really want to do.
> 
> If you need the MS-SNTP support, I can work on that. From what I saw
> it shouldn't be very difficult to implement.
> 
> > Note that having an implementation of Network Time Security to which we
> > can feed certificates (for the server) would also be a very good thing,
> > sadly none of the clients/servers support it yet apparently.
> 
> The NTS specification is still a work in progress.

Indeed, and it would be nice if we could have Kerberos based keys used
for signatures as well, I am not really fond of the NTP server
distributing yet another set of keys ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the server mailing list