Adjusting time on a secured FreeBSD machine.
Oliver Fromme
olli at lurza.secnetix.de
Thu Feb 3 03:48:47 PST 2005
Eli K. Breen <eli at gopostal.ca> wrote:
> I'm running in to an issue where I can't set the clock on a machine
> because the secure level was bumped to 2 before the clock was set.
> Unfortunately adjustments are now clamped to < 1s. Is there any way I
> can force ntpd to adjust the clock by say, 1s every two seconds or at
> least something more frequent than 0.128 ms / update?
No. (It's 0.5 ms/s, not 0.128 ms/s, BTW.)
The ntpd(8) manpage says:
| The maximum slew rate possible is limited to 500 parts-per-million
| (PPM) as a consequence of the correctness principles on which the
| NTP protocol and algorithm design are based. As a result, the local
| clock can take a long time to converge to an acceptable offset, about
| 2,000 s for each second the clock is outside the acceptable range.
| During this interval the local clock will not be consistent with any
| other network clock and the system cannot be used for distributed
| applications that require correctly synchronized network time.
So your choices are to reboot, or to wait until the local
clock is synchronized again. You didn't mention how far
off your clock is, so I can't tell how long it will take.
The maximum slew rate is 1.8 seconds per hour, so if your
clock is off by half a minute, it will take about 17 hours
to get back in sync. If you can't wait, you'll have to
reboot.
Best regards
Oliver
PS: You need to specify the -x option to ntpd, so it does
not try to step the clock by more than 1 second.
--
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"C is quirky, flawed, and an enormous success."
-- Dennis M. Ritchie.
More information about the freebsd-stable
mailing list