| Re: [chrony-users] NTS: Limiting |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] NTS: Limiting
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Wed, 20 Jan 2021 10:15:17 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611134122; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1gB5ZixYPnY5bj6FfBV/QDVpFeRGUK/CE0DPvfl9nT8=; b=VquIGLoWaSK/Af8vP5LPbyJfJeQXC4RyI/wXKQM+MSrgvEof7FLTgXVmeodm2/M1tqmBvF 7sGoaZ0efr5Hn3/NjYlT8NWYHaNMaHQ9F7U3+XzWjMAZknsMAZEdCET//ge6dbiOD/TrJB /J8wIZHupjN+y/FlMVZmwcejP5W/N7A=
On Wed, Jan 20, 2021 at 10:03:57AM +0100, Karol Babioch wrote:
> When I have something like this in my chrony.conf:
>
> > pool pool.example.com iburst maxsources 3
>
> Is NTS even possible in such a context? AFAIK only A records with IP
> addresses are resolved, so I'm not sure if and how certificates can be
> validated.
Yes, NTS can work with pools. The servers need to have the same name
in their certificates, one that matches the name specified in the
chrony config.
I have a small pool of servers running under the name
"nts-test.strangled.net".
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.