Date: Thu, 3 Feb 2005 12:48:45 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: Adjusting time on a secured FreeBSD machine. Message-ID: <200502031148.j13BmiTM034612@lurza.secnetix.de> In-Reply-To: <42014C9B.7090609@gopostal.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Eli K. Breen <eli@gopostal.ca> wrote: > I'm running in to an issue where I can't set the clock on a machine > because the secure level was bumped to 2 before the clock was set. > Unfortunately adjustments are now clamped to < 1s. Is there any way I > can force ntpd to adjust the clock by say, 1s every two seconds or at > least something more frequent than 0.128 ms / update? No. (It's 0.5 ms/s, not 0.128 ms/s, BTW.) The ntpd(8) manpage says: | The maximum slew rate possible is limited to 500 parts-per-million | (PPM) as a consequence of the correctness principles on which the | NTP protocol and algorithm design are based. As a result, the local | clock can take a long time to converge to an acceptable offset, about | 2,000 s for each second the clock is outside the acceptable range. | During this interval the local clock will not be consistent with any | other network clock and the system cannot be used for distributed | applications that require correctly synchronized network time. So your choices are to reboot, or to wait until the local clock is synchronized again. You didn't mention how far off your clock is, so I can't tell how long it will take. The maximum slew rate is 1.8 seconds per hour, so if your clock is off by half a minute, it will take about 17 hours to get back in sync. If you can't wait, you'll have to reboot. Best regards Oliver PS: You need to specify the -x option to ntpd, so it does not try to step the clock by more than 1 second. -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "C is quirky, flawed, and an enormous success." -- Dennis M. Ritchie.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502031148.j13BmiTM034612>