On 24/02/2014 11:26, Joe Holden wrote:
On 24/02/2014 11:18, Ollivier Robert wrote:
According to Joe Holden on Mon, Feb 24, 2014 at 11:13:23AM +0000:
hm, I can't say I have noticed this as being a problem where I've
used it, are there any scenarios where this is a showstopper?

Non-support for auth is a concern, lack of NTPv4 protocol support is
another.  Base ntpd also include SNTP which is a lightweight NTPv3

I suspect if you can't be reasonably sure about the integrity of your
network traffic you have other problems anyway... one can run ntpd -s to
get a similar function to ntpdate/sntp.

But again, for 99% of installs as a client, auth and/or ntpv4 doesn't
matter and much like sendmail/dma, one can always install ntp.org from
ports if they require authentication (I've never seen it used).

The other point I should make here is that if you care that much about time security you shouldn't be contacting ntp servers over 3rd party networks anyway, at least not without some IP-level encryption/authentication, or use a source that can't easily be used as an attack surface, such as GPS/MSF etc.

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to