Re: ntp package. Client by default?



On Tue, 06 Mar 2012 16:32:03 +0100, Alberto Fuentes wrote:

On 06/03/12 15:34, Camaleón wrote:
On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:

I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me
if im wrong but it says "[...]The default ntp.conf file is set up for
an NTP "client" that [...]" "[...]Extra configuration work will be
necessary to offer time service to other hosts. [...]"

By default, it works as a server not just as a client.

How is that? I mean, how did you reach that conclusion?

(...)

Well, the port opened in all my interfaces was not a very good sign. But
then I tried to set my computer as the only server of 2 other boxes on
my network. It worked flawesly :)

This comes from "/etc/ntp.conf":

# Note that "restrict" applies to both servers and clients, so a
# configuration that might be intended to block requests from certain
# clients could also end up blocking replies from your own upstream
# servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

(ipv6 entries omitted)

And after carefully reading this doc:

http://support.ntp.org/bin/view/Support/AccessRestrictions

It seems that "syncing" and allowing your local hosts "to connect" to ntp
(that is, "exchange time") is not treated at the same hazard level than
running a ntpd server.

In brief, I think the default is a very limited setup. Let's not be
paranoids :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/jj5f9g$ds9$17@xxxxxxxxxxxxxxx



Relevant Pages

  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: [SLE] SMTP authentication
    ... So eventhough my local SMTP server dials up to the internet with a certain username and password, that same username and password would not be used as authentication between my local SMTP server and the ISP's one, should it be used as a relay? ... either defer all outgoing mails until you connect to the internet, then flush out all the mails in the queue. ... Your local server would use an external program like fetchmail to poll the mailserver of your ISP, download the mails and feed them to Postfix. ... The test does NOT say "All clients must be in mynetworks, ...
    (SuSE)
  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Users Cant Access Documents on Server
    ... > then add my computer to the network on the server. ... Did you not see the computers in the Server Management taskpad section? ... The Mac clients can not communicate with the server box. ... >> Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)