hmurray at megapathdsl.net
Thu Jan 11 06:25:45 UTC 2018
>> When I use ntpq from Classic, I'm never prompted for a password. I'm not
>> sure if it's reading the key from /etc/ntp.keys on my behalf or not.
>> Are you modifying things, or just looking?
>> For example, ntpq -p doesn't require a password.
> I only run ntpq -p and other read-only operations.
You can read most things without a password, so I'm not surprised that it
isn't asking for one.
There are a few things that require a password to read. I haven't looked
carefully. I assume they might provide hints to somebody with evil
There is another possibility here. If you try to do something that requires
a password, it could give you an error message and let you figure out how to
tell it the password, Or it could lead you by the hand and ask you for the
keyid, digest type, and password. If you are looking at localhost, it can
skip the keyid if it can read /etc/ntp.conf and skip the digest and password
if it can read /etc/ntp/ntp.keys.
These are my opinions. I hate spam.
More information about the devel