From owner-freebsd-security  Fri Aug 20 15: 1: 5 1999
Delivered-To: freebsd-security@freebsd.org
Received: from maxim.gba.oz.au (gba.tmx.com.au [203.9.155.249])
	by hub.freebsd.org (Postfix) with SMTP id BAD4914D03
	for <freebsd-security@FreeBSD.ORG>; Fri, 20 Aug 1999 15:00:46 -0700 (PDT)
	(envelope-from gjb-freebsd@gba.oz.au)
Received: (qmail 20091 invoked from network); 21 Aug 1999 07:46:58 +1000
Received: from alice.gba.oz.au (192.168.1.11)
  by maxim.gba.oz.au with SMTP; 21 Aug 1999 07:46:58 +1000
Received: (qmail 1606 invoked by uid 1001); 21 Aug 1999 07:46:57 +1000
Message-ID: <19990820214657.1605.qmail@alice.gba.oz.au>
X-Posted-By: GBA-Post 1.03 20-Sep-1998
X-PGP-Fingerprint: 5A91 6942 8CEA 9DAB B95B  C249 1CE1 493B 2B5A CE30
Date: Sat, 21 Aug 1999 07:46:57 +1000
From: Greg Black <gjb-freebsd@gba.oz.au>
To: Will Andrews <andrews@TECHNOLOGIST.COM>
Cc: Brett Glass <brett@lariat.org>, freebsd-security@FreeBSD.ORG
Subject: Re: Securelevel 3 ant setting time 
References: <XFMail.990820115204.andrews@TECHNOLOGIST.COM> 
In-reply-to: <XFMail.990820115204.andrews@TECHNOLOGIST.COM> 
    of Fri, 20 Aug 1999 11:52:04 -0400
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Xntpd is not that difficult. Unlike ntpdate, it can update your system clock 
> while also acting as a time server for your local network, reducing bandwidth
> costs (yes, minimal, if you have a very small network, but still worth time and
> money.) It is also more reliable and far more featureful than ntpdate (hey,
> encryption compensation!).

Just as a bit of extra information, xntpd is useless for small
networks that don't have constant connectivity to time servers.
In the case of a network that connects to the Internet once or
twice a day for just a few minutes, a workable solution is to
run ntpdate (with three servers as arguments) on each connection
and to use timed on the LAN.  The machine that runs ntpdate runs
timed with the "-F myname" flag and the others use no flags.

If you happen to have a machine that needs its regular tweaks by
ntpdate to exceed half a second, then you can adjust the kernel
tick a few units either side of its default setting of 10000 so
that things stay relatively stable.

> As for "large, expensive daemon", that is incorrect. xntpd barely takes 1MB of
> total RAM on my machine, and usually close to zero CPU.

It may be worth noting that timed is much smaller and uses much
less CPU than xntpd.  On the other hand, if you do have the
connectivity, xntpd is probably the preferred solution.

-- 
Greg Black -- <gjb@acm.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message