maas-devel team mailing list archive

Thread
Date

Re: Clock skew and OAuth

To: maas-devel@xxxxxxxxxxxxxxxxxxx
From: Robie Basak <robie.basak@xxxxxxxxxxxxx>
Date: Mon, 6 Aug 2012 09:32:46 +0100
In-reply-to: <alpine.DEB.2.02.1206270956220.4398@brickies>

Now that we have a dynamic TFTP server serving pxelinux configurations,
how about embedding the current time in the kernel command line?

Like: it_is_after=1344241395. Very early in the boot, if it_is_after is
supplied, check the hardware clock and if it is before the time
specified then bump it to that time.

This definitely can't make the situation worse, as any hardware clock
before it_is_after is definitely wrong. We're only supplying guaranteed
truth that cannot be wrong.

This will bring the clock close enough for auth, and ntp can kick in at
a later time for greater accuracy later.

I don't think this is as ugly as it first seems in a world where
instances are ephemeral and need to bootstrap the clock on boot more
often than not. I think that overloading use of the command line is
justified here because it is necessary for communication to get further
configuration.

It should also be pretty trivial to implement.

Robie

Attachment: signature.asc
Description: Digital signature

Follow ups

Re: Clock skew and OAuth
From: Gavin Panella, 2012-08-07

References

Clock skew and OAuth
From: Julian Edwards, 2012-06-27
Re: Clock skew and OAuth
From: Jeroen Vermeulen, 2012-06-27
Re: Clock skew and OAuth
From: Julian Edwards, 2012-06-27
Re: Clock skew and OAuth
From: Scott Moser, 2012-06-27