From owner-freebsd-security Fri Aug 20 20:48:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 7583314BE1 for ; Fri, 20 Aug 1999 20:48:16 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id UAA69386; Fri, 20 Aug 1999 20:46:10 -0700 (PDT) (envelope-from dillon) Date: Fri, 20 Aug 1999 20:46:10 -0700 (PDT) From: Matthew Dillon Message-Id: <199908210346.UAA69386@apollo.backplane.com> To: Karl Denninger Cc: Jon Hamilton , Greg Black , Will Andrews , Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: Securelevel 3 ant setting time References: <19990820214657.1605.qmail@alice.gba.oz.au> <19990821031948.09B2B1D@woodstock.monkey.net> <19990820222419.A83963@Denninger.Net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> Absolutely untrue. There's value in keeping a group of machines :> synchronized to _each other_, regardless of whether they're also :> synchronized to the correct time. It is true that _for some purposes_ :> xntpd isn't all that useful in an intermittently-connected scenario, :> but that doesn't render it completely devoid of any value. :> :> -- :> Jon Hamilton :> hamilton@pobox.com : :Its not at all difficult to wire a GPS to be the "master" upon which XNTPD :syncs. : :Without PPS output you won't be COMPLETELY accurate, but a few tens of :Karl Denninger (karl@denninger.net) Web: childrens-justice.org It's fairly easy to setup xntpd to use a local clock when it cannot find a remote clock. As long as the two don't get too-badly out of sync from each other xntpd can switch between them. I use this trick all the time for machines which are not always connected to the net. What you do is have one machine on your LAN be a stratum 8 time source. You also set it up to connect to a real time source on the internet. When you have internet connectivity the real time source wins. When you don't, the local stratum 8 time source wins. Simple! See /usr/src/usr.sbin/xntpd/doc/README.refclock and other documentation for more information. -Matt monitor no broadcastclient no broadcast (my LAN broadcast address) restrict 0.0.0.0 notrust nomodify server 127.127.1.0 fudge 127.127.1.0 stratum 8 restrict (someinternetip) ... server (sameinternetip) ... driftfile /var/run/ntp.drift To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message