On Wed, 2008-06-25 at 09:01 +1000, Andrew Bartlett wrote: > On Tue, 2008-06-24 at 09:11 -0700, Richard Guthrie wrote: > > Andrew, > > > > > > > > The link you cite, > > http://www.cis.udel.edu/~mills/database/reports/ntp4/ntp4.pdf, is > > related to an implementation of NTPv4. MS-SNTP is an implementation > > of NTPv3 as per RFC1305. In appendix C of the RFC it talks about a > > field length for the authenticator field of 96 bits. The MS-SNTP > > implementation uses an authenticator field length of 160 bits. If you > > review the packet layout in section 2.2 of the MS-SNTP document, along > > with the accompanying text, this section describes the reasoning > > behind the check of 68 bytes to determine if the request is an MS-SNTP > > formatted request based on the difference in size of this field. Used > > in conjunction with the version field this should alleviate any > > problems you have in distinguishing the request type. > > > > > > > > Hopefully this answers your question. Thank you for the feedback. > > And soon enough Microsoft will move to NTPv4, and no doubt keep exactly > the same extension format, as you have done already with the move from > SNTP to NTP.
And to be clear, simple enquires on the #ntp channel on irc.freenode.net indicate that NTPv3 has supported MD5 authentication (and hence this packet length) since 1996. What enquires have you made to satisfy yourself that nobody other than Microsoft has used this packet length with version 3? > I see two ways me can move forward on this: I can help Microsoft stop > stepping on toes more, by a simple clarification of the documentation, > or we can watch the same mistakes (there is no world outside Microsoft, > clearly) happen again and again. > > Perhaps you might wish to ask the NTP community how they feel about > this? > > Which shall it be? > > Perhaps you might wish to download and run the NTP distribution from > www.ntp.org and see how well it works with MS-SNTP packets? If you are > unwilling or cannot, perhaps escalate this to someone who will? Just > because something isn't in your documentation, does not mean it is not a > real pain in the real world. > > Thanks, > > Andrew Bartlett > > _______________________________________________ > cifs-protocol mailing list > [email protected] > https://lists.samba.org/mailman/listinfo/cifs-protocol -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
