Re: ntpdate from cron -- DON'T DO THAT!

To: debian-user@lists.debian.org
Subject: Re: ntpdate from cron -- DON'T DO THAT!
From: John Hasler <john@dhh.gt.org>
Date: 21 Dec 2002 18:43:15 -0600
Message-id: <[🔎] 87y96ix4rg.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 49172.10.10.10.7.1040516135.squirrel@webmail.linuxpowered.net>
References: <[🔎] 4.3.2.7.2.20021221104326.02875d18@nothnbut.net> <[🔎] 20021221235124.GC11323@cise.ufl.edu> <[🔎] 49172.10.10.10.7.1040516135.squirrel@webmail.linuxpowered.net>

Nate writes:
> If ntpd can be configured not to listen for connections on any port then
> maybe I would use it...

Well, chrony certainly can: the default is to allow no access.  You can
configure it to allow or deny access from just about any combination of
hosts, IPs, and subnets.  It is simple to set up a chrony server that is a
client of a stratum 2 server out on the Net and a server for the machines
on your LAN.  The machines on the LAN can run client-only chronyds,
ntpdate, or whatever.

And chrony has never had a security "issue".
-- 
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin

Reply to:

Follow-Ups:
- Re: ntpdate from cron -- DON'T DO THAT!
  - From: "nate" <debian-user@aphroland.org>

References:
- ntpdate
  - From: Sonny Kupka <sonny@nothnbut.net>
- ntpdate from cron -- DON'T DO THAT!
  - From: "N. Thomas" <nthomas@cise.ufl.edu>
- Re: ntpdate from cron -- DON'T DO THAT!
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: ntpdate from cron -- DON'T DO THAT! - more
Next by Date: Re: ntpdate from cron -- DON'T DO THAT!
Previous by thread: Re: ntpdate from cron -- DON'T DO THAT!
Next by thread: Re: ntpdate from cron -- DON'T DO THAT!
Index(es):
- Date
- Thread