On 3/6/19, Hal Murray via devel <devel@ntpsec.org> wrote: > > Where should we put the file used to store the key used to make cookies? It > > gets read at startup and updated daily. > > Fedora and Debian put things like that in /var/lib/ntp/ > NetBSD and FreeBSD put them in /var/db/ntp/ > > There used to be a man/web page with a list of the default file names. I > can't find it now.
$grep /var/ ntpd/* ntpd/ntp_util.c:# define NTP_VAR "/var/NTP/" /* NOTE the trailing '/' */ > Can we and/or should we make the default file names OS dependent? I'd say stick an override in a config file, but that would only make it more complicated. > This gets tangled up with initialization and the config file. > > What should the system do if it can't read the file? Crash? Blunder on in > > no-NTS mode? Make one? ... > > If it crashes, where do we get the first one? Possibly if there is not a file try to create/populate one and on success continue as if it were always there. If it can not be created switch off Network Time Security and log an error. If there is a file but it can be opened read-only the throw an error in the log and continue with NTS until the master key expires. If there is a file but it can not be opened then throw an error in the log file and switch off NTS. > Do we ant to be able to run in no-NTS mode? What does that mean? We have > nts > enable/disable in the config file. It enables the NTS-KE server which also > > needs cookies. > > Does it make sense to have a ntp server than supports NTS without having a > NTS-KE server to get the initial cookies? Eventually, you should be able to > > get the cookies from something like NST-KE server for a pool. But is there > > any reason for a system not to run its own NTS-KE server that will only send > > you to itself? > > Anybody have any good ideas on this area? No, but that did not stop me _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
