From owner-freebsd-security Fri Aug 20 8:52:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from neptune.psn.net (neptune.psn.net [207.211.58.16]) by hub.freebsd.org (Postfix) with ESMTP id 3CC9C1534F for ; Fri, 20 Aug 1999 08:52:35 -0700 (PDT) (envelope-from will@shadow.blackdawn.com) Received: from 5042-243.008.popsite.net ([209.224.140.243] helo=shadow.blackdawn.com) by neptune.psn.net with esmtp (PSN Internet Service 2.12 #3) id 11Hqxd-0004Lp-00; Fri, 20 Aug 1999 08:52:10 -0700 Received: (from will@localhost) by shadow.blackdawn.com (8.9.3/8.9.2) id LAA08892; Fri, 20 Aug 1999 11:52:05 -0400 (EDT) (envelope-from will) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <4.2.0.58.19990820035954.04757b80@localhost> Date: Fri, 20 Aug 1999 11:52:04 -0400 (EDT) Reply-To: Will Andrews From: Will Andrews To: Brett Glass Subject: Re: Securelevel 3 ant setting time Cc: "freebsd-security@FreeBSD.ORG" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 20-Aug-99 Brett Glass wrote: > I looked at the man page for xntpd once, and walked away (well, > VIRTUALLY walked away) scratching my head. It was totally opaque. > There was no simple information about how to synchronize with the NIST > every so often; also, it appeared that one needed to leave a large, > expensive daemon running all the time. So, I went with ntpdate, which > was simple and easy to understand (and which got out of the way after > it adjusted the clock). The system with the worst clock drifts no more > than 5 minutes every 12 hours -- and that, I suspect, is mainly due to > busy-waits with interrupts off in the ATAPI driver. Simple xntpd: # echo "server time.nist.gov" > /etc/ntp.conf # echo "driftfile /etc/ntp.drift" >> /etc/ntp.conf # echo "xntpd_enable=\"YES\"" >> /etc/rc.conf # echo "xntpd_flags=\"-c /etc/ntp.conf -p /var/run/xntpd.pid\"" >> /etc/rc.conf # xntpd -c /etc/ntp.conf -p /var/run/xntpd.pid This will suit most people. However, you should also have ntp in your syslog.conf and /var/log/ntp.log should exist. See the syslog.conf(5) manpage, read about "facilities". Xntpd is not that difficult. Unlike ntpdate, it can update your system clock while also acting as a time server for your local network, reducing bandwidth costs (yes, minimal, if you have a very small network, but still worth time and money.) It is also more reliable and far more featureful than ntpdate (hey, encryption compensation!). As for "large, expensive daemon", that is incorrect. xntpd barely takes 1MB of total RAM on my machine, and usually close to zero CPU. -- Will Andrews To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message