[ntp:questions] Linux client ntp

castellani.riccardo at tiscali.it castellani.riccardo at tiscali.it
Mon Apr 16 07:23:22 UTC 2007

Steve thanks for your full explanation.
So, if I have in my client ntp.conf: 

restrict default nomodify notrap nopeer noquery
server A
server B

I'm able to accept time from both server A and server B ? it's OK ?

----Messaggio originale----
Da: kostecke at ntp.isc.org
Data: 16/04/2007 1.07
A: <questions at lists.ntp.isc.org>
Ogg: Re: [ntp:questions] Linux client ntp

On 2007-04-15, Harlan Stenn <stenn at ntp.isc.org> wrote:
>Ricardo Castellani said:
>> IPv4: restrict x.y.z.w [nomodify notrap nopeer noquery]


>> I don't understand because there also is "nomodify" option inside 
>> If added "nomodify" option(as I told you in previous message) I 
think it
>> would not be permitted to ntpd to use time information (sent from 
>> "x.y.z.w" server) to set local clock. If I want to receive time 
>> external servers I presume that ntpd can be modified from those 
>> Do you agree ?

No, 'nomodify' has nothing to do with time service.

According to the distribution documentation at

nomodify -- "Deny ntpq and ntpdc queries which attempt to modify the
state of the server (i.e., run time reconfiguration). Queries which
return information are permitted."

According to the 'Access Control Options' section of
Support.AccessRestrictions (ironically not far below the section you

nomodify -- "Do not allow this host/subnet to modify the ntpd settings
even if they have the correct keys." By default ntpd requires
authentication with symmetric keys for modifications made with ntpdc.
So if you don't configure symmetric keys for your ntpd, or keep them
properly safeguarded, you don't need to use 'nomodify' unless you are
concerned that the NTP authentication scheme might be compromised."

> Yes.  Sometimes people want to use a server for *tracking* purposes 
> but they do not want to accept time from that server.

The correct configuration keyword for this purpose is 'noselect'.

> The 'nomodify' parameter is one of the optional bits.

The restrictions that are included in the brackets (as quoted above) 
the maximum restrictions that may be used without impeding time 

> I'm wondering if it would be better to put some/each of those 
> in separate [] blocks.


Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

questions mailing list
questions at lists.ntp.isc.org

Naviga e telefona senza limiti con Tiscali     
Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom


More information about the questions mailing list