> The problem in the manual is different. You do not have any access > control in your server, your server is worldwide open to other people > changing your runtime configuration etc. (as it seems from your conf file)
Wrong - ntpd will never allow changes to itself without explicitly allowing it (via a private key file, and mutually-agreed key numbersi and passwords). > From ntp handbook page! > ---- > If you only want to allow machines within your own network to > synchronize their clocks with your server, but ensure they are not > allowed to configure the server or used as peers to synchronize against, add That line may be technically true, but it is alarmist and wrong. > restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap See http://ntp.isc.org/Support/ConfRestrict for info about notrust. Dave Mimlls changed the behavior of notrust between the 4.1 and 4.2 releases of ntp. In 4.1, notrust means "do not trust this host/subnet for time". In 4.2, notrust means "require crypto auth before believing this host/subnet for time". nomodify will block changes even with the correct key/password. But you have to have the correct key and password first. > But if you use notrust in this line no clients are able to connect. I am > not sure why. That is why I asked about an ntpd pro having a look. We'd appreciate more folks adding more info to ntp.isc.org. H _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
