[ntp:questions] notrust alternative?

Dennis Hilberg Jr dhilberg at comcast.net
Tue Oct 31 21:11:23 UTC 2006


I forgot to include my ntp.conf.  Here it is:


# Default restriction.

restrict default kod nomodify notrap nopeer noquery

# Allow free access to localhost.

restrict 127.0.0.1

# Allow the local network access with the following modified restrictions.

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer

# Synchronization servers.  Include at least three, but no more than five.

server bigben.cac.washington.edu  iburst
server montpelier.ilan.caltech.edu   iburst
server tick.ucla.edu                        iburst
server clock.xmission.com             iburst
server clepsydra.dec.com              iburst

# Drift file location

driftfile /etc/ntp/drift

# Location of the log file

logfile /var/log/ntp/ntp.log

# NTP monitoring parameters

statsdir /var/log/ntp/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Authentication parameters

#keys           /etc/ntp/keys
#trustedkey     2 3 4
#controlkey     3       # To access the ntpq utility
#requestkey     2       # To access the ntpdc utility


"Dennis Hilberg Jr" <dhilberg at comcast.net> wrote in message 
news:UZOdnQLLdJhzJdrYnZ2dnUVZ_sqdnZ2d at comcast.com...
| On one instance I noticed that in the output of 'ntpq -p' one of my 
server's
| clients was flagged with the '+'.  notrust under version 4.2 and later now
| means "Ignore all NTP packets that are not cryptographically 
authenticated"
| instead of the 4.1 and earlier versions where it meant "Don't trust this
| host/subnet for time."  How do I specify with version 4.2 and later that I
| only want the five server entries in the ntp.conf to be trusted for
| synchronization?  Or is this automatic, and that particular 'ntpq -p' 
output
| a fluke?
|
| Thanks!
|
| 





More information about the questions mailing list