Re: [chrony-users] NTS: Limiting

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] NTS: Limiting
From: Kurt Roeckx <kurt@xxxxxxxxx>
Date: Wed, 20 Jan 2021 10:30:55 +0100

On Wed, Jan 20, 2021 at 10:15:17AM +0100, Miroslav Lichvar wrote:
> On Wed, Jan 20, 2021 at 10:03:57AM +0100, Karol Babioch wrote:
> > When I have something like this in my chrony.conf:
> > 
> > > pool pool.example.com iburst maxsources 3
> > 
> > Is NTS even possible in such a context? AFAIK only A records with IP
> > addresses are resolved, so I'm not sure if and how certificates can be
> > validated.
> 
> Yes, NTS can work with pools. The servers need to have the same name
> in their certificates, one that matches the name specified in the
> chrony config.
> 
> I have a small pool of servers running under the name
> "nts-test.strangled.net".

I think what you're saying is that even when it there are multiple
A records for it, they all have a certificate for
nts-test.strangled.net.


Kurt


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] NTS: Limiting
  - From: Karol Babioch
- Re: [chrony-users] NTS: Limiting
  - From: Kurt Roeckx
- Re: [chrony-users] NTS: Limiting
  - From: Karol Babioch
- Re: [chrony-users] NTS: Limiting
  - From: Karol Babioch
- Re: [chrony-users] NTS: Limiting
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] NTS: Limiting
Next by Date: Re: [chrony-users] NTS: Limiting
Previous by thread: Re: [chrony-users] NTS: Limiting
Next by thread: Re: [chrony-users] NTS: Limiting

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/