Re: ntpdate from cron -- DON'T DO THAT!
> If ntpd can be configured not to listen for connections on any port then
> maybe I would use it...
Well, chrony certainly can: the default is to allow no access. You can
configure it to allow or deny access from just about any combination of
hosts, IPs, and subnets. It is simple to set up a chrony server that is a
client of a stratum 2 server out on the Net and a server for the machines
on your LAN. The machines on the LAN can run client-only chronyds,
ntpdate, or whatever.
And chrony has never had a security "issue".
Dancing Horse Hill