EditWYSIWYGAttachPrintable
r3 - 2007-10-23 - 17:49:09 - HarlanStennYou are here: NTP >  Dev Web > DevelopmentIssues > GettingNtpdItsConfiguration
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p13 was released on 07 March 2019. It addresses 1 medium-severity security issue in ntpd, and provides 17 non-security bugfixes and 1 other improvements over 4.2.8p12.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Getting ntpd its Configuration

Related Items: bug_small.png Bug #923

/etc/ntp.conf

Traditionally, ntpd gets its configuration information from /etc/ntp.conf.

Using ntpd -C ...

If the simulator is no longer using the -C flag then we could use -C filename to mean "process filename as an additional configuration file".

The following URL extension could also be used in this case.

Extending ntpd -c ...

The -c flag to ntpd can be used to specify the filename of an ntp.conf file.

If we allowed a URL as an argument we could support additional methods of getting this information to ntpd.

=ntpd -c file:///etc/ntp.conf=

This is equivalent to ntpd -c /etc/ntp.conf.

=ntpd -c http://server/ntp.conf=

If the web server on server processed this URL, it could take the 'client' information from the HTTP request and customize a response.

ntpd -c dhcpinfo://server

Communicate with a DHCP server to get any NTP configuration information it might have.

Comments and Discussion

Rather than adding a -C to process an additional config file, why not simply allow -c to be specified multiple times?

And regarding my request, I would suggest adding a (possibly multiply given) -e flag that would have as its argument a string that would be processed as a single line config file.

BrianUtterback - 23 Oct 2007


I'm concerned that changing the behavior of multiple -c instances would be a break with backward compatibility.

I'm OK with multiple -e instances.

-- HarlanStenn - 23 Oct 2007


Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r7 | r5 < r4 < r3 < r2 | More topic actions...
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback