| Re: [chrony-users] NTS: Limiting |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: "chrony-users@xxxxxxxxxxxxxxxxxxxx" <chrony-users@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [chrony-users] NTS: Limiting
- From: FUSTE Emmanuel <emmanuel.fuste@xxxxxxxxxxxxxxx>
- Date: Wed, 20 Jan 2021 09:25:59 +0000
- Accept-language: fr-FR, en-US
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thalesgroup.com; s=xrt20181201; t=1611134760; bh=1cZV49kKitZnUB2b0l8hQnODIy1lKD58d0oJA9LGDy8=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Transfer-Encoding:MIME-Version:From; b=4AtGR2gnbToLqiuS7auMjsw696r8y5reYL17D7FjfEP4sgnPZkDJddEE/Af5mQgLe XL0FxsiG6LaH6asVv04n796dIyIES8stS1a9qY5NGA2HcmFkN/P6OnXDut55YfogmP ntAsNGOPmA09LaaSU513G8cC4onjqCEsj1t7SFbeMRHxC/VnXzQd3Z8mmHEFMGDjD7 7fh5KmB0tywRGcnT+M/R38B62xEcmwftGGTRZFPjMAdJTBTyIWbGdi+6LVFOU4ivUQ IN415mea7rT14BdP8J+maZn5gGoAXOLgUxCuT19fbLjsDUMtbGaeq+fDf7tBMSfrRA /SBG3W9ng7gaA==
- Thread-index: AQHW7nsWScwpqBHI40SCUYjUS5BgnaovIHuAgAAI4ICAAAOMAIAA+72AgAADK4CAAAL8AA==
- Thread-topic: [chrony-users] NTS: Limiting
Le 20/01/2021 à 10:15, Miroslav Lichvar a écrit :
> On Wed, Jan 20, 2021 at 10:03:57AM +0100, Karol Babioch wrote:
>> When I have something like this in my chrony.conf:
>>
>>> pool pool.example.com iburst maxsources 3
>> Is NTS even possible in such a context? AFAIK only A records with IP
>> addresses are resolved, so I'm not sure if and how certificates can be
>> validated.
> Yes, NTS can work with pools. The servers need to have the same name
> in their certificates, one that matches the name specified in the
> chrony config.
Ok very specific case, but perfectly usable for "private" pool.
>
> I have a small pool of servers running under the name
> "nts-test.strangled.net".
>
Emmanuel.N������y隊W!����������n���\���"�������z)�.n7��Z+��f����|�������'��}���*+�������)�.n7��:蹹^�f��X��f����'��}���*+