ntpd Certificate Loading

Richard Laager rlaager at wiktel.com
Tue Apr 7 16:16:38 UTC 2020


ntpd seems to load the TLS certificate and key before dropping
privileges. Unfortunately, when it tries to *reload* the certificate
later, it has dropped privileges and fails. This is a bit of a trap, as
a sysadmin can think a setup is working when it isn't. (This bit me.) I
think it would be better to do the initial load after dropping
privileges so that it is consistent with reloading.

-- 
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200407/5da82f9c/attachment.bin>


More information about the devel mailing list