#34362 – Поддержка раcширения ntp signd в chrony

Bug 34362 - Поддержка раcширения ntp signd в chrony

Summary: Поддержка раcширения ntp signd в chrony

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	chrony (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	Anton Farygin
QA Contact:	qa-sisyphus

URL:	https://wiki.samba.org/index.php/Time...
Keywords:

Depends on:
Blocks:

Reported:	2017-12-19 16:07 MSK by Evgeny Sinelnikov
Modified:	2018-11-11 11:07 MSK (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Evgeny Sinelnikov 2017-12-19 16:07:43 MSK

Текущая версия chrony собрана без поддержки MS-SNTP, необходимой для клиентов Samba, в режиме DC.


ntpsigndsocket directory

    This directive specifies the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC). If chronyd is compiled with this feature, responses to MS-SNTP clients will be signed by the smbd daemon.

    Note that MS-SNTP requests are not authenticated and any client that is allowed to access the server by the allow directive, or the allow command in chronyc, can get an MS-SNTP response signed with a trust account’s password and try to crack the password in a brute-force attack. Access to the server should be carefully controlled.

    An example of the directive is:

    ntpsigndsocket /var/lib/samba/ntp_signd


Кроме опции, нужно определиться, в какой пакет упаковать каталог /var/lib/samba/ntp_signd. Видимо, в samba, но их у нас две. Но это уже не проблема chrony.

Comment 1 Anton Farygin 2018-11-11 11:07:24 MSK

Включено, начиная с 3.3-alt2%ubt