Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ntpd vs. ntpdate
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Stygius
n00b
n00b


Joined: 27 Apr 2002
Posts: 16

PostPosted: Tue Apr 30, 2002 10:04 pm    Post subject: ntpd vs. ntpdate Reply with quote

I've recently read a bit about the Network Time Protocol (ebuild exists), and it seems really nice. However, the NTP-suite contains two different ways of synchronizing your time to a NTP-server on the net; the ntpd daemon and the ntpdate program.

Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.

What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server?
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Tue Apr 30, 2002 10:48 pm    Post subject: Re: ntpd vs. ntpdate Reply with quote

Stygius wrote:
Apparently, the daemon is far more advanced and contains complex algorithms. The creator of NTP argues that everyone should use ntpd. Ntpdate is similar to rdate - it runs once and quickly sets the right time, and is very popular because of its simplicity.

What I'd like to hear are some opinions and experiences regarding the ntpd/ntpdate issue, and generally on using the NTP. Further, are there any security concerns in letting your system act as a NTP-server?


I run ntpd on my server, and the rest of my linux clients sync with it using ntpdate every now and then, and windows 2000 & XP clients also sync with ntpd running on my server. If your computer keeps accurate time, I don't see much of a need to start up ntpd, setup something like ntpdate to sync with a localtime server in cron every week or something.

As far as security, ntpd uses UDP, so half the time people don't realize it is running because they check it by running netstat, and well, it doesn't show up there. Use lsof -i to find it. ntpd has a access control (is that what they call it in the docs?) where you can allow only certain clients to use the server. For example, part of my server's /etc/ntp.conf reads:
Code:
restrict default nomodify nopeer notrust noserve notrap
restrict 127.0.0.1 notrust nomodify
restrict 24.160.253.95 notrust nomodify
restrict 192.168.1.0 mask 255.255.255.0 nopeer nomodify
restrict 192.168.2.0 mask 255.255.255.0 nopeer nomodify

Basically, I set my server to a restrictive default. Then, I tell it to restrict localhost to nomodify, in the event that somebody logged in to my server knows about ntpd, they can't go run around and screw up my time. Finally, I set my two private subnets to nopeer (so my server won't sync with them later) and no modify.

If you do plan to setup ntp (doesn't hurt does it?), might want to check out your default gateway on your ISP's end. Turns out that RoadRunner's routers are also running ntp.

My first line of defense is still my iptables firewall though. :)
_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.


Last edited by Nitro on Tue Apr 30, 2002 11:41 pm; edited 1 time in total
Back to top
View user's profile Send private message
Stygius
n00b
n00b


Joined: 27 Apr 2002
Posts: 16

PostPosted: Tue Apr 30, 2002 11:05 pm    Post subject: Reply with quote

Well, that pretty much settles it for me... I'm gonna set up ntpd for my LAN.

Thanks Nitro, a lot of questions now answered.
Back to top
View user's profile Send private message
hbbio
n00b
n00b


Joined: 21 Apr 2002
Posts: 38
Location: Paris, France

PostPosted: Sat May 04, 2002 11:21 pm    Post subject: Temporary problem ??? Reply with quote

I post here because of ntp, but it's not directly related to the beginning of the thread...

I've been running ntp fine but now :
Code:
bash-2.05a# emerge -p -u world

These are the packages that I would merge, in order.

Calculating world dependencies -
!!! Error: couldn't find match for net-misc/ntp in update (likely old /var/db/pkg entry)

bash-2.05a# emerge -s ntp
[ Results for search key : ntp ]
[ Applications found : 0 ]


I've just rsynced right now... What's up doc ?
Back to top
View user's profile Send private message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Sun May 05, 2002 12:01 am    Post subject: Reply with quote

Did you do emerge --clean rsync recently? The older ntp ebuilds are no longer in your portage tree, because you blew them all away with --clean rsync. Now, you have the new versions which are alpha versions, and they are also masked. The solution is to either unmask them or use ebuild do build it.
Code:
 ebuild /usr/portage/net-misc/ntp/ntp-4.1.72-r2.ebuild merge
works for me ;)
_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
hbbio
n00b
n00b


Joined: 21 Apr 2002
Posts: 38
Location: Paris, France

PostPosted: Sun May 05, 2002 12:42 am    Post subject: Reply with quote

Nitro wrote:
Did you do emerge --clean rsync recently?

Nitro,
I never cleaned emerge rsync (and my homemade ugly emerge scripts are still there...). I merged the ebuild manually, which works well, but -p -u world still come up with this ntp error. Btw, I'm with portage 1.9.6-r1.
I unmerged ntp, and now it is willing to update... I'll put it back after (directly, since as it masked it's not accesible through emerge). It might be a temporary portage tree glitch. The unstable/testing/stable branches should be applied to ebuilds :)
Thanks,
Henri
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum