NTPD and SecureLevel
M. Warner Losh
imp at bsdimp.com
Tue Jun 22 03:08:56 GMT 2004
In message: <6CDBFD00-BFF1-11D8-AF71-000A95B96FF8 at ee.ryerson.ca>
David Magda <dmagda at ee.ryerson.ca> writes:
: On Jun 16, 2004, at 03:47, Pavel M. Rebrov wrote:
: > I've installed and configured ntpd daemon and was wondering if it
: > going to work with SecureLevel higher than 1. SecureLevel 2 forbids
: > changing the system date and, therefore, ntpdate and rdate won't work.
: Have ntpdate run before hand to get the time with in a close amount of
: the 'real' time. There should be an rc.conf item for ntpdate.
: ntpd(8) doesn't actually change the time by making it 'jump' to the
: correct time; it slows down or speeds up the rate at which the timer
: runs at.
only if you run it with -x, otherwise it will set the time if it is
off by more than 128ms.
-x Normally, the time is slewed if the offset is less than the step
threshold, which is 128 ms by default, and stepped if above the
threshold. This option forces the time to be slewed in all
cases. If the step threshold is set to zero, all offsets are
stepped, regardless of value and regardless of the -x option. In
general, this is not a good idea, as it bypasses the clock state
machine which is designed to cope with large time and frequency
errors Note: Since the slew rate is limited to 0.5 ms/s, each
second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment of many seconds can take hours or days to
amortize. This option can be used with the -q option.
More information about the freebsd-stable