From owner-freebsd-security Fri Aug 20 3: 4: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C062E14BF1 for ; Fri, 20 Aug 1999 03:04:06 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id EAA27567; Fri, 20 Aug 1999 04:03:48 -0600 (MDT) Message-Id: <4.2.0.58.19990820035954.04757b80@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 20 Aug 1999 04:03:42 -0600 To: Doug From: Brett Glass Subject: Re: Securelevel 3 ant setting time Cc: Archie Cobbs , Lowkrantz Goran , "'freebsd-security@FreeBSD.ORG'" In-Reply-To: References: <4.2.0.58.19990819161554.04790800@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:14 PM 8/19/99 -0700, Doug wrote: > If you're going to do this anyway, why not just use xntpd? It's >more reliable, has better mechanisms to resolve the skew between your >various times sources, and will keep your clock within the range of >adjustments that are allowable in securelevel 3. I looked at the man page for xntpd once, and walked away (well, VIRTUALLY walked away) scratching my head. It was totally opaque. There was no simple information about how to synchronize with the NIST every so often; also, it appeared that one needed to leave a large, expensive daemon running all the time. So, I went with ntpdate, which was simple and easy to understand (and which got out of the way after it adjusted the clock). The system with the worst clock drifts no more than 5 minutes every 12 hours -- and that, I suspect, is mainly due to busy-waits with interrupts off in the ATAPI driver. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message