ALT Linux Bugzilla – Full Text Bug Listing
| Summary: | Поддержка раcширения ntp signd в chrony | ||
|---|---|---|---|
| Product: | Sisyphus | Reporter: | Evgeny Sinelnikov <sin> |
| Component: | chrony | Assignee: | Anton Farygin <rider> |
| Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
| Severity: | normal | ||
| Priority: | P3 | CC: | rider |
| Version: | unstable | ||
| Hardware: | all | ||
| OS: | Linux | ||
| URL: | https://wiki.samba.org/index.php/Time_Synchronisation | ||
Включено, начиная с 3.3-alt2%ubt |
Текущая версия chrony собрана без поддержки MS-SNTP, необходимой для клиентов Samba, в режиме DC. ntpsigndsocket directory This directive specifies the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC). If chronyd is compiled with this feature, responses to MS-SNTP clients will be signed by the smbd daemon. Note that MS-SNTP requests are not authenticated and any client that is allowed to access the server by the allow directive, or the allow command in chronyc, can get an MS-SNTP response signed with a trust account’s password and try to crack the password in a brute-force attack. Access to the server should be carefully controlled. An example of the directive is: ntpsigndsocket /var/lib/samba/ntp_signd Кроме опции, нужно определиться, в какой пакет упаковать каталог /var/lib/samba/ntp_signd. Видимо, в samba, но их у нас две. Но это уже не проблема chrony.