| View previous topic :: View next topic |
| Author |
Message |
Stygius
n00b
Joined: 27 Apr 2002
Posts: 16
|
 Posted: Tue Apr 30, 2002 10:04 pm Post subject: ntpd vs. ntpdate |
 |
|
I've recently read a bit about the Network Time Protocol (ebuild exists), and it seems really nice. However, the NTP-suite contains two different ways of synchronizing your time to a NTP-server on the net; the ntpd daemon and the ntpdate program.
Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.
What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server? |
|
| Back to top |
|
 |
Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
| Posted: Tue Apr 30, 2002 10:48 pm Post subject: Re: ntpd vs. ntpdate |
|
|
| Stygius wrote: | Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.
What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server? |
I run ntpd on my server, and the rest of my linux clients sync with it using ntpdate every now and then, and windows 2000 & XP clients also sync with ntpd running on my server. If your computer keeps accurate time, I don't see much of a need to start up ntpd, setup something like ntpdate to sync with a localtime server in cron every week or something.
As far as security, ntpd uses UDP, so half the time people don't realize it is running because they check it by running netstat, and well, it doesn't show up there. Use lsof -i to find it. ntpd has a access control (is that what they call it in the docs?) where you can allow only certain clients to use the server. For example, part of my server's /etc/ntp.conf reads: | Code: | restrict default nomodify nopeer notrust noserve notrap
restrict 127.0.0.1 notrust nomodify
restrict 24.160.253.95 notrust nomodify
restrict 192.168.1.0 mask 255.255.255.0 nopeer nomodify
restrict 192.168.2.0 mask 255.255.255.0 nopeer nomodify
|
Basically, I set my server to a restrictive default. Then, I tell it to restrict localhost to nomodify, in the event that somebody logged in to my server knows about ntpd, they can't go run around and screw up my time. Finally, I set my two private subnets to nopeer (so my server won't sync with them later) and no modify.
If you do plan to setup ntp (doesn't hurt does it?), might want to check out your default gateway on your ISP's end. Turns out that RoadRunner's routers are also running ntp.
My first line of defense is still my iptables firewall though. 
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't.
Last edited by Nitro on Tue Apr 30, 2002 11:41 pm; edited 1 time in total |
|
| Back to top |
|
|
Stygius
n00b
Joined: 27 Apr 2002
Posts: 16
|
| Posted: Tue Apr 30, 2002 11:05 pm Post subject: |
|
|
Well, that pretty much settles it for me... I'm gonna set up ntpd for my LAN.
Thanks Nitro, a lot of questions now answered. |
|
| Back to top |
|
|
hbbio
n00b
Joined: 21 Apr 2002
Posts: 38
Location: Paris, France
|
| Posted: Sat May 04, 2002 11:21 pm Post subject: Temporary problem ??? |
|
|
I post here because of ntp, but it's not directly related to the beginning of the thread...
I've been running ntp fine but now :
| Code: | bash-2.05a# emerge -p -u world
These are the packages that I would merge, in order.
Calculating world dependencies -
!!! Error: couldn't find match for net-misc/ntp in update (likely old /var/db/pkg entry)
bash-2.05a# emerge -s ntp
[ Results for search key : ntp ]
[ Applications found : 0 ]
|
I've just rsynced right now... What's up doc ? |
|
| Back to top |
|
|
Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
| Posted: Sun May 05, 2002 12:01 am Post subject: |
|
|
Did you do emerge --clean rsync recently? The older ntp ebuilds are no longer in your portage tree, because you blew them all away with --clean rsync. Now, you have the new versions which are alpha versions, and they are also masked. The solution is to either unmask them or use ebuild do build it.
| Code: | | ebuild /usr/portage/net-misc/ntp/ntp-4.1.72-r2.ebuild merge |
works for me 
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't. |
|
| Back to top |
|
|
hbbio
n00b
Joined: 21 Apr 2002
Posts: 38
Location: Paris, France
|
| Posted: Sun May 05, 2002 12:42 am Post subject: |
|
|
| Nitro wrote: | | Did you do emerge --clean rsync recently? |
Nitro,
I never cleaned emerge rsync (and my homemade ugly emerge scripts are still there...). I merged the ebuild manually, which works well, but -p -u world still come up with this ntp error. Btw, I'm with portage 1.9.6-r1.
I unmerged ntp, and now it is willing to update... I'll put it back after (directly, since as it masked it's not accesible through emerge). It might be a temporary portage tree glitch. The unstable/testing/stable branches should be applied to ebuilds
Thanks,
Henri |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
