[CentOS] Trying to get a grasp on NTP server/client access control options
Niki Kovacs
contact at kikinovak.netSat Jul 31 13:57:24 UTC 2010
- Previous message: [CentOS] What is the best strategy for updating CentOS from 4 to 5?
- Next message: [CentOS] Trying to get a grasp on NTP server/client access control options
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, I'm currently sinking my teeth into NTP, to build a local time server. So far, configuring a local NTP server and getting the clients to connect to it works well. Now, I'm thinking about securing the whole thing. BTW, I made a copy of the original ntp.conf file and started my own from scratch. Right now, I have five printed books opened on the corresponding chapters (Carla Schroder's Linux Cookbook, RHEL 5 Unleashed, Foundations of CentOS, etc.) plus the same amount of online tutorials. Right now I'm having a bit of a hard time grasping the various access control options. Here's a few lines from ntp's default configuration in CentOS : --8<------ /etc/ntp.conf ----------------------------------------------- ... server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org ... restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery ... --8<-------------------------------------------------------------------- This means roughly : "use these three public NTP servers to synchronize, but don't let them mess with your configuration". Now, here's something from NTP's official documentation : You may use either a hostname or IP address on the 'server' line. You *must* use an IP address on the 'restrict' line. Here's the according link to the documentation : http://support.ntp.org/bin/view/Support/AccessRestrictions Which leads me to the assumption that these three 'restrict' lines in the default ntp.conf configuration in CentOS are useless, since they specify hostnames, and not IP addresses. Correct me if I'm wrong. Cheers, Niki
- Previous message: [CentOS] What is the best strategy for updating CentOS from 4 to 5?
- Next message: [CentOS] Trying to get a grasp on NTP server/client access control options
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list