From owner-freebsd-stable@FreeBSD.ORG Tue Jun 22 03:08:56 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A007716A4CE for ; Tue, 22 Jun 2004 03:08:56 +0000 (GMT) Received: from harmony.village.org (rover.village.org [168.103.84.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4483643D45 for ; Tue, 22 Jun 2004 03:08:56 +0000 (GMT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.11/8.12.11) with ESMTP id i5M36YIU025989; Mon, 21 Jun 2004 21:06:35 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 21 Jun 2004 21:06:37 -0600 (MDT) Message-Id: <20040621.210637.122769519.imp@bsdimp.com> To: dmagda@ee.ryerson.ca From: "M. Warner Losh" In-Reply-To: <6CDBFD00-BFF1-11D8-AF71-000A95B96FF8@ee.ryerson.ca> References: <40CFFAF8.00000C.10717@colgate.yandex.ru> <6CDBFD00-BFF1-11D8-AF71-000A95B96FF8@ee.ryerson.ca> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-stable@freebsd.org Subject: Re: NTPD and SecureLevel X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jun 2004 03:08:56 -0000 In message: <6CDBFD00-BFF1-11D8-AF71-000A95B96FF8@ee.ryerson.ca> David Magda writes: : : On Jun 16, 2004, at 03:47, Pavel M. Rebrov wrote: : : > I've installed and configured ntpd daemon and was wondering if it : > going to work with SecureLevel higher than 1. SecureLevel 2 forbids : > changing the system date and, therefore, ntpdate and rdate won't work. : : Have ntpdate run before hand to get the time with in a close amount of : the 'real' time. There should be an rc.conf item for ntpdate. : : ntpd(8) doesn't actually change the time by making it 'jump' to the : correct time; it slows down or speeds up the rate at which the timer : runs at. only if you run it with -x, otherwise it will set the time if it is off by more than 128ms. -x Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option forces the time to be slewed in all cases. If the step threshold is set to zero, all offsets are stepped, regardless of value and regardless of the -x option. In general, this is not a good idea, as it bypasses the clock state machine which is designed to cope with large time and frequency errors Note: Since the slew rate is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment of many seconds can take hours or days to amortize. This option can be used with the -q option. Warner