Tangle - cookie keys file
Gary E. Miller
gem at rellim.com
Thu Mar 7 20:58:54 UTC 2019
Yo Hal!
On Thu, 07 Mar 2019 12:44:40 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> Gary said:
> > My idiosyncratic read of the FHS would, by default, put the master
> > keys in /usr/local/var/lib:
>
> Is that a typo?
No.
> There is no /usr/local/var/ or /usr/var/ on Fedora
> or Debian.
Now would there be, unless/until a user installed package creates it.
Remeber, user installed codes should NEVER use /usr or /var.
I do realize this is a rule frequently violated, but givin how often
users install both the distro ntpd/gpsd and the source ntpd/gpsd it
is good to keep their files in different places.
Otherwise you get the constant problem reports we see.
> > We can pick a default, but no default would be fine for most linux.
> > It needs to be configurable for the packager.
>
> The server side needs 3 files:
> cookie keys
I think you mean the master key 'K', plus associated key identifier 'I'.
> certificate
> private key for certificate
Which already have standard locations.
> The certificate and private key can live in /etc/ntp/ -- they don't
> get updated by ntpd.
I sure hope not. That is not standard. sendmail did that for a while,
it was a huge mess. Let's Encrypt will not put your files there either.
That ship sailed a LONG time ago.
> We could give up on defaults for all of them. Then the documentation
> wouldn't have to discuss defaults.
If no defaults, then everything must be specified. How is that easier?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190307/2f7d7854/attachment.bin>
More information about the devel
mailing list