On Fri, Aug 24, 2007 at 11:45:48AM -0400, Brian Utterback wrote: > Here is what I propose in the V4 code: > > In V4, ntpdate is no longer used. Instead, the NTP has a new mode > that is used only on the first synchronization. It goes into a > super fast mode that gets an offset to within a second in about > 5 seconds instead of the 5 minutes previously needed. It will then > correct this offset, regardless of the magnitude, just as ntpdate > does now. It will do this just once, afterward imposing a 20 minute > maximum offset.
Here we have a dependency scheme where online/offline/disabled states are not sufficient for representing dependents' needs. Instead we might have applications that want to have a dependency on time being within N microseconds of UTC (e.g., I'd want the KDC services to have a dependency of less than 2e6 us of UTC, while a satellite tracking application might want much, much more accurate time). So even my suggestion of marking the service degraded when the clock is out of sync (i.e., when the estimated offset to UTC is indeterminate or past some arbitrary cutoff). I'd like SMF to be able to represent such analog dependencies. (BTW, for non-KDC krb5 code, client and server alike, it'd help to have an estimate of time offset to UTC -- if it's larger than the configured (or default) time skew for Kerberos V, then not negotiating Kerberos V might be better than negotiating it only to fail (e.g., in SSHv2 GSS key exchange. This wouldn't be a dependency as such since client software usually isn't part of an SMF service.) Nico --
