kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]
Shawn M. Emery
Shawn.Emery at sun.com
Mon Jul 9 00:17:08 PDT 2007
Michael Hunter wrote:
> On Mon, 09 Jul 2007 01:11:59 +0200
> Roland Mainz <roland.mainz at nrubsig.org> wrote:
>
>
>> James Carlson wrote:
>>
>>> Wyllys Ingersoll writes:
>>>
>>>> -t: configure a simple broadcast/multicast NTP client
>>>>
>>> Why is this part of kclient? Though having a tool to administer NTP
>>> clients would probably be helpful (and having it tied into something
>>> like DHCP and thus automatic would be much more helpful still), it
>>> seems out of place here.
>>>
>> Ugh... since when it is recommended to mix untrusted services like DHCP
>> with Kerberos5 ?
>>
> [...]
>
> This says to configure a client which uses broadcast/multicast for
> NTP. How is the attack vector of breaching DHCP different from
> breaching broadcast/multicast NTP?
>
> How would you expect different NTP administrative mechanisms to
> arbitrate control of the NTP configuration? time-admin(1) is one such
> thing which currently exists. NWAM will want to also be able to do
> this in the future.
>
Perhaps -t could have an argument that contains a list of NTP servers.
If a list is not provided then it reverts to configuring the client for
broadcast/multicast.
Shawn.
--
More information about the opensolaris-arc
mailing list