ntpd Certificate Loading

Hal Murray hmurray at megapathdsl.net
Tue Jun 9 04:23:48 UTC 2020


> Which causes ntpd to fail on startup (I assume after dropping root):

Looks like you are dying trying to read the certificate.  It will get worse 
when you want to read the key.

--------------

Do you trust user ntp?  If so, the fix is to change ownership.  I copy the 
cert and key over to /etc/ntp/ and change to user ntp:ntp


If not, things get complicated.  The current code will reload the certificate 
if it is updated.  Are you willing to give that up?  If so, we can add an 
option to read the certificate before dropping root and disable trying to 
reload.  That probably won't work with early drop root.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list