[ntp:questions] notrust alternative?
Dennis Hilberg Jr
dhilberg at comcast.net
Tue Oct 31 21:11:23 UTC 2006
I forgot to include my ntp.conf. Here it is:
# Default restriction.
restrict default kod nomodify notrap nopeer noquery
# Allow free access to localhost.
restrict 127.0.0.1
# Allow the local network access with the following modified restrictions.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer
# Synchronization servers. Include at least three, but no more than five.
server bigben.cac.washington.edu iburst
server montpelier.ilan.caltech.edu iburst
server tick.ucla.edu iburst
server clock.xmission.com iburst
server clepsydra.dec.com iburst
# Drift file location
driftfile /etc/ntp/drift
# Location of the log file
logfile /var/log/ntp/ntp.log
# NTP monitoring parameters
statsdir /var/log/ntp/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# Authentication parameters
#keys /etc/ntp/keys
#trustedkey 2 3 4
#controlkey 3 # To access the ntpq utility
#requestkey 2 # To access the ntpdc utility
"Dennis Hilberg Jr" <dhilberg at comcast.net> wrote in message
news:UZOdnQLLdJhzJdrYnZ2dnUVZ_sqdnZ2d at comcast.com...
| On one instance I noticed that in the output of 'ntpq -p' one of my
server's
| clients was flagged with the '+'. notrust under version 4.2 and later now
| means "Ignore all NTP packets that are not cryptographically
authenticated"
| instead of the 4.1 and earlier versions where it meant "Don't trust this
| host/subnet for time." How do I specify with version 4.2 and later that I
| only want the five server entries in the ntp.conf to be trusted for
| synchronization? Or is this automatic, and that particular 'ntpq -p'
output
| a fluke?
|
| Thanks!
|
|
More information about the questions
mailing list