Re: ntp package. Client by default?
On Tue, 06 Mar 2012 16:32:03 +0100, Alberto Fuentes wrote:
> On 06/03/12 15:34, Camaleón wrote:
>> On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:
>>
>>> I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me
>>> if im wrong but it says "[...]The default ntp.conf file is set up for
>>> an NTP "client" that [...]" "[...]Extra configuration work will be
>>> necessary to offer time service to other hosts. [...]"
>>>
>>> By default, it works as a server not just as a client.
>>
>> How is that? I mean, how did you reach that conclusion?
(...)
> Well, the port opened in all my interfaces was not a very good sign. But
> then I tried to set my computer as the only server of 2 other boxes on
> my network. It worked flawesly :)
This comes from "/etc/ntp.conf":
# Note that "restrict" applies to both servers and clients, so a
# configuration that might be intended to block requests from certain
# clients could also end up blocking replies from your own upstream
# servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
(ipv6 entries omitted)
And after carefully reading this doc:
http://support.ntp.org/bin/view/Support/AccessRestrictions
It seems that "syncing" and allowing your local hosts "to connect" to ntp
(that is, "exchange time") is not treated at the same hazard level than
running a ntpd server.
In brief, I think the default is a very limited setup. Let's not be
paranoids :-)
Greetings,
--
Camaleón
Reply to: