NTPD and SecureLevel

Harlan Stenn Harlan.Stenn at pfcs.com
Wed Jun 16 19:13:13 GMT 2004


I think running ntpwait after starting ntpd and before bumping the
securelevel is safer and even better.

Also, be sure to us iburst for each server/peer, and use a driftfile.

This is somewhat discussed at http://twiki.ntp.org .  Feel free to make
improvements there.

H
--
> Pavel M. Rebrov wrote:
> > I've installed and configured ntpd daemon and was wondering if it going to
> > work with SecureLevel higher than 1. SecureLevel 2 forbids changing the sys
> tem
> > date and, therefore, ntpdate and rdate won't work.
> 
> You will want to "step" the system time at boot before the securelevel is set
> . 
>   Afterwards, ntpd will use another mechanism to "slew" the system time (the 
> adjtime() call) which ought to still be permitted by the securelevel.
> 
> -- 
> -Chuck
> 
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"


More information about the freebsd-stable mailing list