Re: ntp package. Client by default?



On Tue, 06 Mar 2012 16:32:03 +0100, Alberto Fuentes wrote:

On 06/03/12 15:34, Camaleón wrote:
On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:

I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me
if im wrong but it says "[...]The default ntp.conf file is set up for
an NTP "client" that [...]" "[...]Extra configuration work will be
necessary to offer time service to other hosts. [...]"

By default, it works as a server not just as a client.

How is that? I mean, how did you reach that conclusion?

(...)

Well, the port opened in all my interfaces was not a very good sign. But
then I tried to set my computer as the only server of 2 other boxes on
my network. It worked flawesly :)

This comes from "/etc/ntp.conf":

# Note that "restrict" applies to both servers and clients, so a
# configuration that might be intended to block requests from certain
# clients could also end up blocking replies from your own upstream
# servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

(ipv6 entries omitted)

And after carefully reading this doc:

http://support.ntp.org/bin/view/Support/AccessRestrictions

It seems that "syncing" and allowing your local hosts "to connect" to ntp
(that is, "exchange time") is not treated at the same hazard level than
running a ntpd server.

In brief, I think the default is a very limited setup. Let's not be
paranoids :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/jj5f9g$ds9$17@xxxxxxxxxxxxxxx