On 2006-06-07, Richard B. Gilbert <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>
>>Steve Kostecke said:
>>
>>>[EMAIL PROTECTED] wrote:
>>>
>>>>That simple configuration is all you really need in almost all
>>>>cases.
>>>
>>>Your sample configuration is a _very_ bad example.
>>
>> Fine, please post what you consider to be a minimal configuration.
>
> driftfile /var/ntp/ntp.drift
> restrict default notrust nomodify
> server <ip-address> iburst
> restrict <ip-address> <ip mask> nomodify #Address of server above.
>
> The restrict statements say by default trust no one to give you correct
> time and allow no one to modify your ntpd parameters and to trust your
> chosen server for time.
This minimal configuration will not work at all for NTP >= 4.2.
The meaning of notrust changed between NTP 4.1.x and NTP 4.2:
* In 4.1 (and earlier) notrust meant "Don't trust this host/subnet
for time".
* In 4.2 (and later) notrust means "Ignore all NTP packets that
are not cryptographically authenticated." This forces remote
time servers to authenticate themselves to your (client) ntpd.
See ConfiguringAutokey for information about configuring NTP
Authentication.
> It's not a particularly good config,
--
Steve Kostecke <[EMAIL PROTECTED]>
NTP Public Services Project - http://ntp.isc.org/
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
