Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ntp config tech note

  • From: Jared Mauch
  • Date: Thu May 20 19:14:25 2004

On Thu, May 20, 2004 at 06:37:23PM -0400, C. Jon Larsen wrote:
> 
> 
> On Thu, 20 May 2004, Jared Mauch wrote:
> 
> > 
> > 
> > 	I've found it useful on older machines (PCs with cheap clocks and
> > oscilators) to cron ntpdate once an hour to prevent the clock from
> > getting too far off by itself.  I've found the daemon doesn't do good enough
> > of a job to sync on it's own...
> 
> Isn't that a lot safer anyway than running a daemon (ntpd) as root ?  I do 
> this on my systems (run ntpdate from cron), even though the xntpd 
> docs IIRC specifically advised against this hack. One less 
> vulnerability waiting to be exploited ... is the way I see it.

	well, it does help if your clock goes nicely (or poorly) askew.
problem is any timestamps you may have on that host (radius, smtp, etc..) 
that you use to track down the (l)users on your network can cause a problem.

	all you have to be concerned with is "am i doing ntpdate from something
that can be poisoned".  that's amongst many reasons to have the "your clock is
too far off, you must reset manually" log messages.

	- jared

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.