On 24/02/2014 11:26, Joe Holden wrote:
On 24/02/2014 11:18, Ollivier Robert wrote:
According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +0000:
hm, I can't say I have noticed this as being a problem where I've
used it, are there any scenarios where this is a showstopper?
Non-support for auth is a concern, lack of NTPv4 protocol support is
another. Base ntpd also include SNTP which is a lightweight NTPv3
client.
I suspect if you can't be reasonably sure about the integrity of your
network traffic you have other problems anyway... one can run ntpd -s to
get a similar function to ntpdate/sntp.
But again, for 99% of installs as a client, auth and/or ntpv4 doesn't
matter and much like sendmail/dma, one can always install ntp.org from
ports if they require authentication (I've never seen it used).
The other point I should make here is that if you care that much about
time security you shouldn't be contacting ntp servers over 3rd party
networks anyway, at least not without some IP-level
encryption/authentication, or use a source that can't easily be used as
an attack surface, such as GPS/MSF etc.
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
