[109305] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (Joe Greco)
Sat Nov 15 17:19:07 2008
From: Joe Greco <jgreco@ns.sol.net>
To: ask@develooper.com (=?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?=)
Date: Sat, 15 Nov 2008 16:18:47 -0600 (CST)
In-Reply-To: <05F68E68-D41C-4CD4-AE66-664B80C8536E@develooper.com> from
"=?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?=" at Nov 15, 2008 01:25:08 AM
Cc: bmanning@vacation.karoshi.com, nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
> On Nov 4, 2008, at 3:11 AM, Glen Kent wrote:
> > My original question got drowned amidst all this vibrant discussions!
> >
> > Do folks already use or plan to use Autokey for NTP?
>
> In my experience most people have a hard enough time remembering to
> run ntp at all (and with an even remotely sane configuration - this is
> why a sane default using the ntp pool is helpful as a baseline). Add
> authentication into the mix and many operations will almost certainly
> just have even more mis-configuration. :-)
One of the things to lament is that it is so hard to find any reasonable
examples of how to set up various configurations in a secure manner.
There is voluminous documentation. Some of it is dated. Some of it is
contradictory. Most of it assumes at least general familiarity with the
topic.
Accurate time/NTP is, on one hand, fundamentally important to a variety
of needs, but on the other hand, is usually implemented just "well
enough."
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
