Re: [chrony-users] Client Authentication
On Thu, Nov 17, 2022 at 03:24:29PM -0500, Elise Atkins wrote: > I am converting from using ntp to chrony and it's fairly straightforward > but I have one question. In the ntp server configuration we could deny > clients that were not authenticated. These requests were dropped. The > configuration line to accomplish used restrict with the notrust flag. > > Is there a way to configure chrony to only respond to clients that use a > valid digest? There is no such option. How exactly it would be useful? Please note that the "restrict notrust" in ntpd does something different. It disables responses to requests that have no MAC, but it responds with a crypto-NAK if the request contains an invalid MAC, which can be used for synchronization. It doesn't prevent access to the time service. If the server responded only to authenticated requests, there is still a possibility of replaying an authenticated request message if you can get one. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
答复: [chrony-users] Client Authentication
If you know the IP addresses of these clients, you can use allow or deny to control the access rate. However, as far as I know, there should be no configuration option on the server that controls whether visitors must carry keys or certificates. 发件人: Elise Atkins [mailto:elise.atk...@tavve.com] 发送时间: 2022年11月18日 4:24 收件人: chrony-users@chrony.tuxfamily.org 主题: [chrony-users] Client Authentication I am converting from using ntp to chrony and it's fairly straightforward but I have one question. In the ntp server configuration we could deny clients that were not authenticated. These requests were dropped. The configuration line to accomplish used restrict with the notrust flag. Is there a way to configure chrony to only respond to clients that use a valid digest? Thanks, Elise
[chrony-users] Client Authentication
I am converting from using ntp to chrony and it's fairly straightforward but I have one question. In the ntp server configuration we could deny clients that were not authenticated. These requests were dropped. The configuration line to accomplish used restrict with the notrust flag. Is there a way to configure chrony to only respond to clients that use a valid digest? Thanks, Elise
