Rob schrieb:
David Woolley <david@ex.djwhome.demon.invalid> wrote:
On 21/12/14 10:48, Rob wrote:
People say "disable crypto" but there is no clear direction in the docs
on how to do that. There is no "crypto off" or "disable crypto" config
directive at first glance. So how is this done?
I would assume by not enabling it.
Ok, but in that case why the worry about the "millions of vulnerable
servers" on the internet, I think most users who just want to get and
serve time don't spend the week of time needed to get the crypto working
and to coordinate with other servers doing the same.
I think this is because they just didn't understand in which cases these
vulnerabilities can be exploited.
And of course, the information flow was really bad here, so that it is
very hard to figure out which systems are affected.
So for now I presume it is on by default... also because of what I saw
in the OpenSUSE example config. (or would the "keys" config directive
be the magic enable crypto directive?)
Unfortunately openSUSE has (symmetric keys) crypto enabled to be able to
change ntpd's configuration at runtime via ntpq and/or ntpdc commands.
E.g. if the dhcp client receives a DHCP option with the IP of an an NTP
server it configures ntpd dynamically to use this server.
Martin
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
