[ntp:hackers] configuration file rewrite

Wouters, Michael Michael.Wouters at measurement.gov.au
Sun Feb 26 23:32:11 UTC 2006


>> Some sort of facility for reconfiguring on the fly is  desirable. We
>> operate a nation-wide network of NTP servers that are closed access.
>> To add new users, we have an automated process that sends out new
user
>> details, and via ntpdc on the remote NTP server, authorizes new
users.
>> Having to kill ntpd to reread ntp.conf and suffer a timequake is
ugly,
>> so a facility for re-reading ntp.conf on the fly would be nice. 

>Could you do that sort of access control with a firewall?

Sure, a firewall would work at the moment. I guess since both iptables
and ntpd use linked lists for their rule lists both scale
equally. Not sure whether, in terms of time service, 
ntpd/firewall is better. The issue here is eg what if you have
10000 rules ? Some packets will take a long time to match.
ntpd time stamps packets before the restriction matching is done 
I think, so there is no asymmetric delay there at least.

Cheers
Michael Wouters

Time and Frequency Section
National Measurement Institute
Bradfield Road
Lindfield NSW 2070 Australia
Ph  61 2 8467 3501
Fax 61 2 8467 3752





+

*************************************************************************
The information contained in this e-mail, and any attachments to it,
is intended for the use of the addressee and is confidential.  If you
are not the intended recipient you must not use, disclose, read,
forward, copy or retain any of the information.  If you received this
e-mail in error, please delete it and notify the sender by return
e-mail or telephone.

The Commonwealth does not warrant that any attachments are free
from viruses or any other defects.  You assume all liability for any
loss, damage or other consequences which may arise from opening
or using the attachments.
*************************************************************************




More information about the hackers mailing list