NTPD and SecureLevel

Oliver Fromme olli at lurza.secnetix.de
Thu Jun 17 08:53:08 GMT 2004


Martin O'Nions <martin.o'nions at catch22.demon.co.uk> wrote:
 > If your machine is going to be regularly powered down for a period, then an
 > ntpdate at startup seems reasonable. If it'll be running most of the time
 > though with ntpd active, it shouldn't be making anything more than very
 > minor slewed corrections, albeit on a frequent basis.

Alternatively, start ntpd with the -g option.  It enables
it to perform an arbitrarily large jump, if necessary --
but only once at the beginning.  After that, the normal
rules apply.  This mechanism is intended to replace the
ntpdate program, which is obsolete and going to be retired
(according to the docs).

Regards
   Oliver

PS:  I have these "standard" lines in my /etc/rc.conf:

xntpd_enable="YES"
xntpd_flags="-g -p /var/run/ntpd.pid -f /var/db/ntp.drift"

(Note that ntpdate does not have to be enabled with this
setup.)

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"... there are two ways of constructing a software design:  One way
is to make it so simple that there are _obviously_ no deficiencies and
the other way is to make it so complicated that there are no _obvious_
deficiencies."        -- C.A.R. Hoare, ACM Turing Award Lecture, 1980


More information about the freebsd-stable mailing list