Date: Thu, 18 Sep 2008 10:46:48 +1000 From: Da Rock <rock_on_the_web@comcen.com.au> To: freebsd-questions@freebsd.org Subject: NTP authentication using kerberos Message-ID: <1221698808.29382.23.camel@laptop1>
next in thread | raw e-mail | index | archive | help
This may be a stupid question, and/or a chicken and egg conundrum: Is it possible to use kerberos in authentication with an ntp server? Here is my reasoning for this (and please correct any wrong assumptions I have here): In the handbook regarding kerberos (and nearly every other reliable source) kerberos is all or nothing- every service needs to be included or it is not as secure as it should be. On the other hand, there are problems with using kerberos if the time is not synchronised, so use ntp. And so far I have only found simple key authentication similar to dhcp and dns to authenticate ntp with. But if kerberos provides keys then this could be simpler, yes? Once I have worked through this, I'd like to multicast ntp, but I think I've got that sewn up already, unless anybody has some advice on this? I'll probably be using the 239 subnet rather than 224 if that is not an issue. One more thing- if ntp uses the same sort of authentication as dhcp and dns, is there a way to extend this kerberos setup (if it is possible with ntp) to dhcp and dns on my local network? Or am I just getting too ambitious with everything here? :) Cheers
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1221698808.29382.23.camel>