[ntp:questions] Re: obtaining multicast config from ntpdc
kostecke at ntp.isc.org
Fri Dec 16 14:46:46 UTC 2005
On 2005-12-15, Ben Fitzgerald <bmf1DELETE at ukonline.co.uk> wrote:
> On Thu, 15 Dec 2005 21:06:43 +0000, Harlan Stenn <stenn at ntp.isc.org>
>> Danny sez:
>>> There is no way to find out whether it's been configured as a
>>> multicast client unless it's actually receiving multicast packets
>>> for the given multicast address. For that you need to go to the
>>> configuration file.
>> And it's possible that somebody added the multicast client via ntpdc
>> at runtime, right?
> yes, this was my concern.
There is no ntpdc command for configuring multicastclient mode.
Some of the ntpdc commands are:
| addpeer addserver
Intiates a unicast association with that host
Brings up a refclock attached to your ntpd
Turns your ntpd in to a broadcast server
There are commands for restrictions, traps, symmetric key
authentication, status display (lots), enabling / disabling various
> I guess it cuts both ways. If you can only derive it from ntp.conf the
> daemon could have been reconfigured post-invocation and if you derive
> it from the runtime status it must match ntp.conf or the behaviour
> will change after the next restart.
> It's a pity you cannot get this information from the daemon but if
> that's the way it is...
Don't configure your ntpd for remote configuration changes. Or, if you
must, use a non-standard key-id and a good password and don't write this
information on a post-it note.
Remote configuration is not possible unless you configure symmetric
key authentication in your ntpd.conf _OR_ deliberately disable
authentication. You may use the 'nomodify' keyword on your restrict
lines if you want to make absolutely, positively, sure that no one can
remotely modify your ntpd.
What's the real issue here?
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions