Yo Achim! On Thu, 07 Mar 2019 19:41:05 +0100 Achim Gratz via devel <devel@ntpsec.org> wrote:
> Hal Murray via devel writes:
> > Where should we put the file used to store the key used to make
> > cookies? It gets read at startup and updated daily.
>
> Nowhere. Those keys are ephemeral and shouldn't be stored at all,
> except maybe for debugging.
Not required, but it would be nice if the ntpd server could restart
without losing all its cookies.
If the master key is not in a file, how does it get into the ntpd?
I guess is the NTS-KE server and NTPD server are one in the same the
master key could be pulled from /dev/random. But what if they
are aon different hosts?
> > Fedora and Debian put things like that in /var/lib/ntp/
> > NetBSD and FreeBSD put them in /var/db/ntp/
>
> Nope, the place for that sort of stuff is /var/run.
/var/run does not persist after a reboot. At least on gentoo. I'd like
to be able to do a quick reboot and not lose all the cookies based on
the current master key.
If we lose the master key, we lose all the cookies based on it, so then
we get a big inrush of NTS-KE requests for cookies.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpL7JEdaCtKb.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
