kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]
Michael Hunter
Michael.Hunter at sun.com
Mon Jul 9 01:05:55 PDT 2007
On Mon, 09 Jul 2007 09:35:41 +0200
Roland Mainz <roland.mainz at nrubsig.org> wrote:
[...]
> ... or "kclient" could check whether the "ntp" client service is running
> (and working) on the current machine and refuse to work if there is no
> ntp service active (unless a specific option (like --no-ntp-needed) is
> provided (this may be required for systems (like Solaris running as a
> VMware or XEN guest OS) where other mechanisms do the time
> syncronisation work)) ... that may be much easier and keep both items
> (NTP vs. Kerberos5) seperate...
[...]
But this seems in conflict with the security concern.
And define "working". Has it found a server? Did it find the right
server? Did it converge? How long ago did it talk to the server? If
any of these are true now but are no longer true in the future is that
going to break some important assumption that kclient need to
revalidate? If so how are you going to discover that situation?
mph
More information about the opensolaris-arc
mailing list