North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ntp config tech note

  • From: james edwards
  • Date: Fri May 21 13:28:34 2004

> My personal feeling was that for most systems its better to not have the
> daemon running - i.e. the benefit of smaller more frequent clock
> adjustments does not outweigh the cost of another service running,
> especially as root or even as a jailed non-root user.


Well, present NTP drops to a nonroot user after it sets the time &
proprer use of the very flexable ACL lists in your ntp.conf should help
midigate
non-local NTP exploits, ie, don't offer NTP service to the world or anyone
else
for that matter.

I need better than one second resolution for syslog and other loging info to
be useful
in debugging problems across multiple hosts.

-- 
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
[email protected]
[email protected]
(505) 795-7101