From owner-freebsd-stable@FreeBSD.ORG  Fri Feb  4 21:41:41 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A935A16A4CE
	for <freebsd-stable@freebsd.org>;
	Fri,  4 Feb 2005 21:41:41 +0000 (GMT)
Received: from postal3.es.net (postal3.es.net [198.128.3.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7172243D67
	for <freebsd-stable@freebsd.org>;
	Fri,  4 Feb 2005 21:41:41 +0000 (GMT)	(envelope-from oberman@es.net)
Received: from ptavv.es.net ([198.128.4.29])
        by postal3.es.net (Postal Node 3) with ESMTP (SSL) id IBA74465;
        Fri, 04 Feb 2005 13:41:41 -0800
Received: from ptavv (localhost [127.0.0.1])
	by ptavv.es.net (Tachyon Server) with ESMTP id 273335D07;
	Fri,  4 Feb 2005 13:41:40 -0800 (PST)
To: Scott Robbins <scottro@nyc.rr.com>
In-reply-to: Your message of "Fri, 04 Feb 2005 16:29:03 EST."
             <20050204212903.GA2610@uws1.starlofashions.com> 
Date: Fri, 04 Feb 2005 13:41:39 -0800
From: "Kevin Oberman" <oberman@es.net>
Message-Id: <20050204214140.273335D07@ptavv.es.net>
cc: freebsd-stable@freebsd.org
Subject: Re: Adjusting time on a secured FreeBSD machine. 
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2005 21:41:41 -0000

> Date: Fri, 4 Feb 2005 16:29:03 -0500
> From: Scott Robbins <scottro@nyc.rr.com>
> Sender: owner-freebsd-stable@freebsd.org
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Fri, Feb 04, 2005 at 01:18:26PM -0800, Stan wrote:
> > Hmmm.  My rc.conf has ntpd_enable-"YES", but not ntpdate_enable="YES".
> > Thanks!
> 
> They do conflict with each other, I'm not sure what will happen if you
> have both in rc.conf.  Hopefully ntpdate will run first, then ntpd.  If
> ntpd is running then you will get an error message running ntpdate.
> 
> On an unsecured box (the one that I mentioned, where ntpd choked because
> the BIOS clock was too far off, I simply stopped ntpd, ran ntpdate and
> then restarted ntpd.

They do not conflict if you use the flags in defaults/rc.conf.

ntpdate -b sets the time ONCE and is run before ntpd starts, the '-b'
option will cause it to to set the time absolutely no matter hao far off
the clock is at the time. This is exactly how ntpdate is intended to be
used.

That said, ntpdate is considered obsolete by the ntp folks and may
disappear at some time in the future. Their recommendation is to use
ntpd with the '-g' flag to force an unconditional clock set and to use
the 'iburst' option on your servers in /etc/ntp.conf. I find this works
well, but some have complained that it takes too long.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634