On Thu, Nov 17, 2022 at 03:24:29PM -0500, Elise Atkins wrote: > I am converting from using ntp to chrony and it's fairly straightforward > but I have one question. In the ntp server configuration we could deny > clients that were not authenticated. These requests were dropped. The > configuration line to accomplish used restrict with the notrust flag. > > Is there a way to configure chrony to only respond to clients that use a > valid digest?
There is no such option. How exactly it would be useful? Please note that the "restrict notrust" in ntpd does something different. It disables responses to requests that have no MAC, but it responds with a crypto-NAK if the request contains an invalid MAC, which can be used for synchronization. It doesn't prevent access to the time service. If the server responded only to authenticated requests, there is still a possibility of replaying an authenticated request message if you can get one. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
