[ntp:questions] notrust alternative?

wa6zvp wa6zvp at gmail.com
Wed Nov 1 03:20:28 UTC 2006


Dennis Hilberg Jr wrote:
> On one instance I noticed that in the output of 'ntpq -p' one of my server's
> clients was flagged with the '+'.  notrust under version 4.2 and later now
> means "Ignore all NTP packets that are not cryptographically authenticated"
> instead of the 4.1 and earlier versions where it meant "Don't trust this
> host/subnet for time."  How do I specify with version 4.2 and later that I
> only want the five server entries in the ntp.conf to be trusted for
> synchronization?  Or is this automatic, and that particular 'ntpq -p' output
> a fluke?
>
> Thanks!

Dennis,
 I'm not sure how you are tying '+' flags and authentication together
at all.  If you are referring to a leading '+' sign in the billboard
output like this:

+time-C.timefreq .ACTS.           1 u   41   64  377    67.66    0.791
  0.96

^^ This plus indicates that this timeserver has been selected as
candidate for syncronization.  This is a good thing.  One of my primary
stratum 2 timeservers has 4 different ones flagged this way, which make
them all candidates for assuming the role of syncronization.  You would
(should) always see one flagged with a ' * ' which is the currently
selected source.

Your server will _only_ attempt to sync to the servers you have
specifically listed in your config file.  With five of them, you should
be in good shape.

 Roger
 Harvey Mudd College, one of the 'new ivies'.




More information about the questions mailing list