[cifs-protocol] Re: 600548 RE: SNTP issues

Andrew Bartlett abartlet at samba.org
Tue Jun 24 23:41:00 GMT 2008


On Wed, 2008-06-25 at 09:01 +1000, Andrew Bartlett wrote:
> On Tue, 2008-06-24 at 09:11 -0700, Richard Guthrie wrote:
> > Andrew, 
> > 
> >  
> > 
> > The link you cite,
> > http://www.cis.udel.edu/~mills/database/reports/ntp4/ntp4.pdf, is
> > related to an implementation of NTPv4.  MS-SNTP is an implementation
> > of NTPv3 as per RFC1305.  In appendix C of the RFC it talks about a
> > field length for the authenticator field of 96 bits.  The MS-SNTP
> > implementation uses an authenticator field length of 160 bits.  If you
> > review the packet layout in section 2.2 of the MS-SNTP document, along
> > with the accompanying text, this section describes the reasoning
> > behind the check of 68 bytes to determine if the request is an MS-SNTP
> > formatted request based on the difference in size of this field.  Used
> > in conjunction with the version field this should alleviate any
> > problems you have in distinguishing the request type.  
> > 
> >  
> > 
> > Hopefully this answers your question.  Thank you for the feedback.
> 
> And soon enough Microsoft will move to NTPv4, and no doubt keep exactly
> the same extension format, as you have done already with the move from
> SNTP to NTP.  

And to be clear, simple enquires on the #ntp channel on irc.freenode.net
indicate that NTPv3 has supported MD5 authentication (and hence this
packet length) since 1996. 

What enquires have you made to satisfy yourself that nobody other than
Microsoft has used this packet length with version 3?

> I see two ways me can move forward on this:  I can help Microsoft stop
> stepping on toes more, by a simple clarification of the documentation,
> or we can watch the same mistakes (there is no world outside Microsoft,
> clearly) happen again and again.  
> 
> Perhaps you might wish to ask the NTP community how they feel about
> this?
> 
> Which shall it be?
> 
> Perhaps you might wish to download and run the NTP distribution from
> www.ntp.org and see how well it works with MS-SNTP packets?  If you are
> unwilling or cannot, perhaps escalate this to someone who will?  Just
> because something isn't in your documentation, does not mean it is not a
> real pain in the real world. 
> 
> Thanks,
> 
> Andrew Bartlett
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at cifs.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080625/e1a59b66/attachment.bin


More information about the cifs-protocol mailing list