[SERVER-46139] Report missing active ntpd/chrony when external auth is configured Created: 13/Feb/20  Updated: 13/Jan/21  Resolved: 28/Feb/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Trivial - P5
Reporter: Nic Cottrell Assignee: Spencer Jackson
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Sprint: Security 2020-03-09
Participants:

 Description   

Although it's no longer as critical for replication lag (maxStaleness calculations etc) when hosts' clocks are out of sync there can still be problems with external auth particularly with Kerberos with fixed windows.

Let's add a startup warning when neither ntpd nor chrony are detected, but only when some external auth mechanism like GSSAPI or PLAIN are enabled. 



 Comments   
Comment by Spencer Jackson [ 28/Feb/20 ]

While accurate clocks are important for Kerberos authentication, checking for the presence of an NTP daemon isn't something we can easily do. The set of daemons which may adjust the clock changes over time, as they fall in and out of favour, and checks for particular running processes could become stale. Implementing support for NTP in the server would be non-trivial and probably should be considered out of scope for a database.

Generated at Thu Feb 08 05:10:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.