debbieg@smokey.sandiego.NCR.COM (04/19/91)
I am testing authentication in xntpd and found that if a
peer is configured and without a key (making it not authenable)
then it is always trustable even if the local host has
authentication set and the peer is not sending macs.
See the following code in ntp_proto.c:
/*
* Determine if this guy is basically trustable.
*/
if (restrict & RES_DONTTRUST)
trustable = 0;
else
trustable = 1;
if (sys_authenticate && trustable) {
if (!(peer->flags & FLAG_CONFIG)
|| (peer->flags & FLAG_AUTHENABLE))
trustable = 0;
if (has_mac) {
"code omitted for brevity"
}
}
This seems to contradict the documentation which says that if
authenticate = yes on the local server, then only peers which
include an authentication field encrypted with one of our trusted
keys will be considered for synchronizing to.
Which one is correct? Thanks!!!
Debbie.Galeazzi@SanDiego.NCR.COM
NCR E&M - San Diego, California