On Sun, Sep 30, 2007 at 07:54:48PM -0700, jekillen wrote: > > > >The removal of ntpdate is something I'll believe in when it happens. > >ntpd -q is a superior drop-in replace for ntpdate when it's being run > >from cron. OTOH if you run ntpd -q in place of ntpdate at boot (before > >starting ntpd), it adds about 15 seconds to the boot-time for no > >significant benefit.
Heheh! The threats do seem somewhat hollow these days... > > Thanks for the info. > So ntp, as I understand it, has to have time servers to reference, and > of course > the system has to be connected to the public network to contact the > time servers. > Are there any security issues with ntp? Or, where can I find info on > security issues > related to ntp? > Update on original question related to the use of date in FreeBSD; I > finally brightened > up and set the time in the bios. > Jeff K Provided you use sensible settings in your ntp.conf, you should come to no harm using ntpd. Something like this works well for me: driftfile /var/db/ntp.drift restrict default ignore restrict 127.0.0.1 server ip.ad.dre.ss restrict ip.ad.dre.ss nomodify notrap nopeer noquery restrict 10.37.125.0 mask 255.255.255.0 nomodify notrap This config tells ntpd to use ip.ad.dre.ss as its synchronisation host, and to restrict that host so that it cannot make any alterations to the local machine's clock or to the state of the running ntpd. It also says to allow hosts on my private network to synchronise against it, but again, to prevent them from making any changes to the state of the nptd on the server. There are many more options that may or may not be interesting - check out www.ntp.org for plenty of useful information about configuring ntpd and selecting a suitable set of synchronisation servers. Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A
pgpn7YDpY40Pp.pgp
Description: PGP signature
