Date: Fri, 20 Aug 1999 09:26:47 -0700 From: Doug <Doug@gorean.org> To: Brett Glass <brett@lariat.org> Cc: Archie Cobbs <archie@whistle.com>, Lowkrantz Goran <Goran.Lowkrantz@infologigruppen.se>, "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: Re: Securelevel 3 ant setting time Message-ID: <37BD81C7.46F9F9E3@gorean.org> References: <4.2.0.58.19990819161554.04790800@localhost> <4.2.0.58.19990820035954.04757b80@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > > At 04:14 PM 8/19/99 -0700, Doug wrote: > > > If you're going to do this anyway, why not just use xntpd? It's > >more reliable, has better mechanisms to resolve the skew between your > >various times sources, and will keep your clock within the range of > >adjustments that are allowable in securelevel 3. > > I looked at the man page for xntpd once, and walked away (well, > VIRTUALLY walked away) scratching my head. It was totally opaque. Yeah, I admit it's pretty dense stuff. However once you get a feel for it IMO it's one of the more amazing pieces of software on the 'net. Take a look at http://www.eecis.udel.edu/~ntp/, and especially the list of public stratum 3 servers. It's generally considered rude to synch a workstation to a stratum 1 or 2 server, and you won't notice the few milliseconds difference anyway. Once you have a list of 4 or 5 servers that have good (and diverse) network topology to your site, put them in a ntp.conf file like this: server best.or.closest.site prefer server second.best.site server third.best.site server etc.... driftfile /etc/ntp.drift And you're done. Fire up xntpd and it will start synching your clock. In your /etc/rc.conf enable ntpdate and xntpd and put in the first server on your list as the flag argument to ntpdate. Overall you will probably find that the system load is less with xntpd because it does its job more slowly, and keeps the clock closer in synch. Here are some figures to contrast with on my P5 150 system that's been up for two weeks: UID PRI NI VSZ RSS TIME COMMAND 0 18 0 0 0 10:09.23 (syncer) 0 2 0 568 400 4:53.42 /sbin/natd -dynamic -n ep0 0 2 -12 1032 648 3:26.28 xntpd -p /var/run/xntpd.pid 0 2 0 1472 968 1:43.72 /usr/local/sbin/httpd 65534 99 0 816 488 12386:31.83 /usr/local/distributed.net/rc5des -quiet Hope this helps, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37BD81C7.46F9F9E3>