Package: ntp Version: 1:4.2.6.p2+dfsg-1+b1 Severity: normal Short story: The entire possibility of secure / authorized time via ntp is broken in debian until this is fixed.
Two important issues are resolved by this as yet unimplemented fix: 1. When a system is itself one of the ntp servers mentioned in the dhcp roster it is an error for dhcp to put a 'server myname iburst' in ntp.conf. A person setting up a local server is naturally at that time able to edit an option in /etc/default/ntp to force use of /etc/ntp.conf and to ignore what dhcp says is apropos for most systems. Since those who want it to 'just work' are clients only, forcing those who want atypical but necessary behavior (setting up a local time server) to edit ntp.conf is reasonable. 2. Attacking the time can effectively distrupt many kerberos and any activities using x509 certificates as they are date sensitive (most secure web operations). The extensive mechanisms of secure ntp address this. Clients wishing to authenticate both themselves and the time server they think they are dealing with need 'server yoursecurehost autokey' and NOT 'server yoursecurehost iburst'. However, the script that forces use of /var/lib/ntp/ntp.conf.dhcp removes other server lines in ntp.conf and sticks in specifically insecure access mode 'server whatnot iburst'. Those who need authenticated time are in the minority even within their own subnets and most do just fine with the 'just works' Why this fix vector at /etc/default/ntp is to be preferred: Keeps things simplest for the most people. Putting an option in /etc/default/ntp to be read by /etc/init.d/ntp to ignore networking altogether (whether network manager invoking dhclient or /etc/network/interfaces) is to be preferred over against tweaking dhclient for two reasons. One is avoiding maintaining custom versions of highly diverse-use dhclient config files-- complex and involved in lots of other unrelated activities. Worse: there are two ways to potentially make dhclient 'do the right thing' via dhlient config tweaking-- one is to not request ntp services (editing a complex default file with many other implications). The other is to remove the ntp hook in /etc/dhcp/dhclient-exit whatnot. I vote leave it all alone so someone editing /etc/default/ntp can make it all 'just work' again if a box is to no longer act as a server simply by a one line well named edit in the config file related to the daemon where the fix is to be expected. Furthermore this approach avoids dealing with a wierd leftover debris effect when switching to gome's network manager. Sometimes /var/lib/ntp/ntp.conf.dhclient is leftover debris that goes un-updated. One makes a tweak to /etc/ntp.conf, restarts ntp... and ... nothing. Why? Because the mechanism that updates /var/lib/ntp/ntp.conf.dhcp doesn't catch the user editing ntp.conf, and most users can't be expected to 'just know' that the file the man page says does the right thing, ntp.conf, isn't actually being used. 'ifconfig eth0 down/up' won't trigger an update when gnome is installed and neither will telling gnome to disconnct and reconnect. In short, making it possible to add an option in /etc/default/ntp to force use of /etc/ntp.conf by /etc/init.d/ntp makes secure ntp, now broken in debian, possible with the least ongoing maintinance burden and zero impact to everyone that are typical clients of time servers outside their dhcp service area. -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ntp depends on: ii adduser 3.112+nmu2 add and remove users and groups ii dpkg 1.15.8.12 Debian package management system ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libedit2 2.11-20080614-2 BSD editline and history libraries ii libopts25 1:5.10-1.1 automated option processing librar ii libssl0.9.8 0.9.8o-4squeeze13 SSL shared libraries ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii netbase 4.45 Basic TCP/IP networking system Versions of packages ntp recommends: ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction Versions of packages ntp suggests: ii ntp-doc 1:4.2.6.p2+dfsg-1 Network Time Protocol documentatio -- Configuration Files: /etc/ntp.conf [Errno 13] Permission denied: u'/etc/ntp.conf' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
