Bug 34362 - Поддержка раcширения ntp signd в chrony
Summary: Поддержка раcширения ntp signd в chrony
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: chrony (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: https://wiki.samba.org/index.php/Time...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-19 16:07 MSK by Evgeny Sinelnikov
Modified: 2018-11-11 11:07 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Evgeny Sinelnikov 2017-12-19 16:07:43 MSK 
Текущая версия chrony собрана без поддержки MS-SNTP, необходимой для клиентов Samba, в режиме DC.


ntpsigndsocket directory

    This directive specifies the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC). If chronyd is compiled with this feature, responses to MS-SNTP clients will be signed by the smbd daemon.

    Note that MS-SNTP requests are not authenticated and any client that is allowed to access the server by the allow directive, or the allow command in chronyc, can get an MS-SNTP response signed with a trust account’s password and try to crack the password in a brute-force attack. Access to the server should be carefully controlled.

    An example of the directive is:

    ntpsigndsocket /var/lib/samba/ntp_signd


Кроме опции, нужно определиться, в какой пакет упаковать каталог /var/lib/samba/ntp_signd. Видимо, в samba, но их у нас две. Но это уже не проблема chrony.
Comment 1 Anton Farygin 2018-11-11 11:07:24 MSK 
Включено, начиная с 3.3-alt2%ubt