Dave Hart wrote:
> Danny Mayer wrote:
>> Dave Hart wrote:
>>> Harlan Stenn wrote:
A single "pool FOO.pool.ntp.org iburst" line should be
enough.
>>> ... assuming you're using 4.2.7. Â With 4.2.6 or earlier,
>>> "pool" spins up only one association, and uses DNS only
>>> at startup.
Se
On Sun, Nov 14, 2010 at 04:27 UTC, Danny Mayer wrote:
> On 11/13/2010 9:47 PM, Dave Hart wrote:
>> On Sun, Nov 14, 2010 at 00:32 UTC, Harlan Stenn wrote:
>>> A single "pool FOO.pool.ntp.org iburst" line should be enough.
>>
>> ... assuming you're using 4.2.7. With 4.2.6 or earlier, "pool" spins
On 11/13/2010 9:47 PM, Dave Hart wrote:
> On Sun, Nov 14, 2010 at 00:32 UTC, Harlan Stenn wrote:
>> Somebody wrote:
>>
>>> pool in.pool.ntp.org iburst  # will likely get 2 national servers
>>> # pool 0.in.pool.ntp.org iburst
>>> # pool 1.in.pool.ntp.org iburst
>>> # pool 2.in.pool.ntp.org iburst
Harlan, Dave, Steve, Dave (Mills), and "E-Mail Sent to this address
will be added to the BlackLists"...
That God is in details is proving once again to be true in this
"simple and trivial looking" service that runs on such a simple "123-
and-snap!" port.
Can't thank you guys enough for all your e
On Sun, Nov 14, 2010 at 00:32 UTC, Harlan Stenn wrote:
> Somebody wrote:
>
>> pool in.pool.ntp.org iburst # will likely get 2 national servers
>> # pool 0.in.pool.ntp.org iburst
>> # pool 1.in.pool.ntp.org iburst
>> # pool 2.in.pool.ntp.org iburst
>> # pool 3.in.pool.ntp.org iburst
>
> One should
Somebody wrote:
> pool in.pool.ntp.org iburst # will likely get 2 national servers
> # pool 0.in.pool.ntp.org iburst
> # pool 1.in.pool.ntp.org iburst
> # pool 2.in.pool.ntp.org iburst
> # pool 3.in.pool.ntp.org iburst
One should not need to use the {0,1,2,3}. names when using the 'pool'
directi
Harry wrote:
> My ntp.conf looks like this right now.
>server 0.asia.pool.ntp.org
>server 1.asia.pool.ntp.org
>server 2.asia.pool.ntp.org
> I assume, then, that adding a couple more entries should address the
> "4 or more" tip of yours and provide me a stable and accurate time...
tos
On 2010-11-13, Harry wrote:
> On Nov 13, 3:39 pm, David Woolley
> wrote:
>
>> Harry wrote:
>>
>> > server 2.asia.pool.ntp.org I assume, then, that adding a couple
>> > more entries should address the "4 or more" tip of yours and
>> > provide me a stable and accurate time... enough to not neces
Harry wrote:
server 2.asia.pool.ntp.org
I assume, then, that adding a couple more entries should address the
"4 or more" tip of yours and provide me a stable and accurate time...
enough to not necessitate the need for an MD5 authentication. Chuck
If you need a high level of trust, you should
On Nov 13, 3:39 pm, David Woolley
wrote:
> Harry wrote:
> > server 2.asia.pool.ntp.org
> > I assume, then, that adding a couple more entries should address the
> > "4 or more" tip of yours and provide me a stable and accurate time...
> > enough to not necessitate the need for an MD5 authenticati
On Nov 13, 12:18 am, Steve Kostecke wrote:
> On 2010-11-12, Harry wrote:
>
> > On Nov 10, 9:36 pm, Steve Kostecke wrote:
>
> >> Which associations are you attempting to "secure"? LAN client to LAN
> >> server? LAN server to remote time server?
>
> > "LAN server to remote time server." So, this L
On 2010-11-12, Harry wrote:
> On Nov 10, 9:36 pm, Steve Kostecke wrote:
>
>> Which associations are you attempting to "secure"? LAN client to LAN
>> server? LAN server to remote time server?
>
> "LAN server to remote time server." So, this LAN host will be a client
> of the remote time server bu
On Nov 10, 9:36 pm, Steve Kostecke wrote:
> On 2010-11-10, Harry wrote:
>
> > 1. What, then, would be the next best way (MD5-based symmetric key
> > mode?) to syncing up a behind-NAT NTP client from an external NTP
> > server in a tamper-proof manner? I'm not competent/powerful enough to
> > advi
On 2010-11-10, Harry wrote:
> 1. What, then, would be the next best way (MD5-based symmetric key
> mode?) to syncing up a behind-NAT NTP client from an external NTP
> server in a tamper-proof manner? I'm not competent/powerful enough to
> advise the powers what be in my organization to have an Au
Harry,
Symmetric key cryptography works fine behind a NAT box. See the
Authentication Support page in the official NTP documentation on
ntp.org. As I said, the intended Autokey model is for the server and
client to live on the Internet side of the NAT box and have it serve
time to the interna
On Nov 10, 6:05 pm, Danny Mayer wrote:
> On 11/10/2010 6:11 AM, Harry wrote:
>
>
>
> > On Nov 10, 2:59 am, "David L. Mills" wrote:
> >> Harry,
>
> >> Autokey is not designed to work behind NAT boxes. The Autokey server and
> >> client must have the same (reversed) IP addresses. The intended model
On 11/10/2010 6:11 AM, Harry wrote:
> On Nov 10, 2:59 am, "David L. Mills" wrote:
>> Harry,
>>
>> Autokey is not designed to work behind NAT boxes. The Autokey server and
>> client must have the same (reversed) IP addresses. The intended model is
>> using two interfaces, one for the Internet side
On Nov 10, 2:59 am, "David L. Mills" wrote:
> Harry,
>
> Autokey is not designed to work behind NAT boxes. The Autokey server and
> client must have the same (reversed) IP addresses. The intended model is
> using two interfaces, one for the Internet side running Autokey, the
> other for the inside
Harry,
Autokey is not designed to work behind NAT boxes. The Autokey server and
client must have the same (reversed) IP addresses. The intended model is
using two interfaces, one for the Internet side running Autokey, the
other for the inside net on the other side of the NAT box.
Dave
Harry
Hello,
I want to employ the AutoKey method of securing NTP.
Basically, I want one host that would act as an NTP client of an
external NTP server, talking AutoKey. This NTP client is to become the
NTP server for other hosts on the intranet. All these hosts are behind
a corporate firewall and are v
20 matches
Mail list logo
