[ntp:questions] notrust alternative?

David L. Mills mills at udel.edu
Wed Nov 15 04:29:22 UTC 2006


Bill,

In your network the clients should be using server, not peer, unless 
they intend to mobilize a symmetric association. However, without 
notrust they get served anyway, but an association is not mobilized. I 
did that for the original Windows XP client that was using symmetric 
active mode in error. It's hard to figure out how the dominos should 
fall under all kinds of misconfigured clients.

Dave

ntplist at gmail.com wrote:
> I have seen behavior identical to what Dennis described with a
> pre-built Solaris 8 version of the 4.2.0 at 1.1161-r daemon that is
> available from Community Software (CSW), http://www.blastwave.org/ if
> your interested.  I have "restrict default nopeer" configured.  With
> authorization disabled, all of the systems on our network that peered
> my server showed up in its ntpq -p output.  With authorization enabled,
> only the systems I had configured on that server showed up.  I plopped
> a version 4.2.2p3 at 1.1577-o daemon that was build from the official
> source,  disabled authorization and it behaved normally, no additional
> spurious output from ntpq -p.  Something perculiar with 4.2.0 at 1.1161-r?
> 
> Regardless, this was enough to steer me away from anything pre-built
> and back to the genuine article.
> 
> Bill McGovern
> General Dynamics
> 




More information about the questions mailing list