SINGLESOCK - How much to strip away?

Gary E. Miller gem at rellim.com
Sat Jun 2 18:47:16 UTC 2018


Yo Eric!

On Sat, 2 Jun 2018 10:27:05 -0400
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:

> Hal Murray via devel <devel at ntpsec.org>:
> > One interesting case is the home user.  Roughly, they don't have
> > sysadmins and they only have one interface.  (Laptops might have
> > both WiFi and Ether, but I'll bet somebody turns off WiFi if the
> > Ether gets plugged in.)  
> 
> For them, just defaulting to listen on the wildcard address is OK.
> I think.  Am I missing something?

Yes.  For example, imagine you are serving leap smeared time on yout
ntpd.  You do not want it leaking on the internet.  So instead you lock
your ntpd to serve just your inside interface, and your internal IPs.

The easy way to server your internal IPs is to assign your ntpd to your
internal non-routed local private IPv4 numbers.

You may say that can be duplicate in your firewall settings.  But maybe
you want to run two ntpd, one leap smeared, one normal.  And you want to
put one on one interface/address, and the other on another interface/address.

Both quite common configurations.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180602/dd328dfd/attachment.bin>


More information about the devel mailing list