[ntp:questions] notrust alternative?
ronan at noc.ulcc.ac.uk
Wed Nov 1 13:59:19 UTC 2006
"Dennis Hilberg Jr" <dhilberg at comcast.net> wrote:
> On one instance I noticed that in the output of 'ntpq -p' one of my server's
> clients was flagged with the '+'. notrust under version 4.2 and later now
> means "Ignore all NTP packets that are not cryptographically authenticated"
> instead of the 4.1 and earlier versions where it meant "Don't trust this
> host/subnet for time." How do I specify with version 4.2 and later that I
> only want the five server entries in the ntp.conf to be trusted for
> synchronization? Or is this automatic, and that particular 'ntpq -p' output
> a fluke?
'nopeer' should prevent a client establishing a symmetric-passive
association on your server, so the ntp.conf you show in your later
message should be working. Post the output of 'ntpq -p' showing
your client listed (with or without '+') and 'ntpq -classoc',
and 'ntpq "-crv nnn"' where nnn is the number of the association
(assID) for your client in the lassoc output.
Hmm, "ntpdc -ncreslist" will show the active restrictions, so check
that matches your ntp.conf.
Ronan Flood <R.Flood at noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
More information about the questions