Internet screwed up?
Kurt Wall
kwall
Mon May 17 12:01:57 PDT 2004
In a 0.7K blaze of typing glory, Tim Wunder wrote:
>
>
> On 5/5/2004 10:39 AM, I believe that Kurt Wall wrote:
>
> >In a 0.4K blaze of typing glory, M.W. Chang wrote:
> >
> >>>keys /etc/ntp.keys
> >>>requestkey 15
> >>>trustedkey 3 4 5 6 14
> >>
> >>what is this ntp.keys file?
> >
> >
> >The keys are used to transmit time sync data securely.
> >
>
> Is this overkill? Is there really a security issue with querying a time
> server in plain text?
>
> This is the script I run at 2:05 every day:
> #!/bin/bash
> if rdate -s clock-1.cs.cmu.edu; then
> /sbin/hwclock --systohc
> fi
I knew someone would ask this. No, it isn't overkill. If you have
a stratum 1 server to which multiple stratum 2 servers sync, you
don't want an unauthorized or malicious server spoofing your stratum
1 server. I know from personal experience that databases don't like
time skew, which tends to degrade data integrity and, in banking,
you need precisely timestamped transaction records.
Kurt
--
Don't believe everything you hear or anything you say.
More information about the Linux-users
mailing list