kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]
Michael Hunter
Michael.Hunter at sun.com
Mon Jul 9 00:05:21 PDT 2007
On Mon, 09 Jul 2007 01:11:59 +0200
Roland Mainz <roland.mainz at nrubsig.org> wrote:
> James Carlson wrote:
> > Wyllys Ingersoll writes:
> > > -t: configure a simple broadcast/multicast NTP client
> >
> > Why is this part of kclient? Though having a tool to administer NTP
> > clients would probably be helpful (and having it tied into something
> > like DHCP and thus automatic would be much more helpful still), it
> > seems out of place here.
>
> Ugh... since when it is recommended to mix untrusted services like DHCP
> with Kerberos5 ?
[...]
This says to configure a client which uses broadcast/multicast for
NTP. How is the attack vector of breaching DHCP different from
breaching broadcast/multicast NTP?
How would you expect different NTP administrative mechanisms to
arbitrate control of the NTP configuration? time-admin(1) is one such
thing which currently exists. NWAM will want to also be able to do
this in the future.
mph
More information about the opensolaris-arc
mailing list