[Maas-devel] Clock skew and OAuth
Robie Basak
robie.basak at canonical.com
Mon Aug 6 08:32:46 UTC 2012
Now that we have a dynamic TFTP server serving pxelinux configurations,
how about embedding the current time in the kernel command line?
Like: it_is_after=1344241395. Very early in the boot, if it_is_after is
supplied, check the hardware clock and if it is before the time
specified then bump it to that time.
This definitely can't make the situation worse, as any hardware clock
before it_is_after is definitely wrong. We're only supplying guaranteed
truth that cannot be wrong.
This will bring the clock close enough for auth, and ntp can kick in at
a later time for greater accuracy later.
I don't think this is as ugly as it first seems in a world where
instances are ephemeral and need to bootstrap the clock on boot more
often than not. I think that overloading use of the command line is
justified here because it is necessary for communication to get further
configuration.
It should also be pretty trivial to implement.
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20120806/ad5e0737/attachment.pgp>
More information about the Maas-devel
mailing list