DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-05 00:35:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: reset NAK indicator with new request

Browse Source 
Don't restart NTS-KE if a spoofed NAK response was received and no valid
response is received for a subsequent request.
This commit is contained in:
Miroslav Lichvar
2020-07-20 16:31:49 +02:00
parent fd8fbcd090
commit cc20ead3dc
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/chronyc.adoc
View File

@@ -599,8 +599,8 @@ This column shows the number of attempts to perform the key establishment since
the last successful key establishment. A number larger than 1 indicates a
problem with the network or server.
*NAK*:::
This column shows whether an NTS NAK was received since the last authenticated
response. A NAK indicates that authentication failed on the server side due to
This column shows whether an NTS NAK was received since the last request.
A NAK indicates that authentication failed on the server side due to
*chronyd* using a cookie which is no longer valid and that it needs to perform
the key establishment again in order to get new cookies.
*Cook*:::