From owner-freebsd-stable@FreeBSD.ORG Thu Jun 17 08:53:08 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4213316A4CE for ; Thu, 17 Jun 2004 08:53:08 +0000 (GMT) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74D5243D58 for ; Thu, 17 Jun 2004 08:53:07 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (hkjofy@localhost [127.0.0.1]) by lurza.secnetix.de (8.12.11/8.12.11) with ESMTP id i5H8qDXx056512 for ; Thu, 17 Jun 2004 10:52:13 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.11/8.12.11/Submit) id i5H8qDf6056511; Thu, 17 Jun 2004 10:52:13 +0200 (CEST) (envelope-from olli) Date: Thu, 17 Jun 2004 10:52:13 +0200 (CEST) Message-Id: <200406170852.i5H8qDf6056511@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG In-Reply-To: <026c01c4540c$496bd180$021f1fac@ironchurch.com> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.10-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: NTPD and SecureLevel X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2004 08:53:08 -0000 Martin O'Nions wrote: > If your machine is going to be regularly powered down for a period, then an > ntpdate at startup seems reasonable. If it'll be running most of the time > though with ntpd active, it shouldn't be making anything more than very > minor slewed corrections, albeit on a frequent basis. Alternatively, start ntpd with the -g option. It enables it to perform an arbitrarily large jump, if necessary -- but only once at the beginning. After that, the normal rules apply. This mechanism is intended to replace the ntpdate program, which is obsolete and going to be retired (according to the docs). Regards Oliver PS: I have these "standard" lines in my /etc/rc.conf: xntpd_enable="YES" xntpd_flags="-g -p /var/run/ntpd.pid -f /var/db/ntp.drift" (Note that ntpdate does not have to be enabled with this setup.) -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "... there are two ways of constructing a software design: One way is to make it so simple that there are _obviously_ no deficiencies and the other way is to make it so complicated that there are no _obvious_ deficiencies." -- C.A.R. Hoare, ACM Turing Award Lecture, 1980