Another 11.1-RELEASE install minor annoyance (ntpd)
Kent Kuriyama
kent.kuriyama at gmail.com
Thu Oct 12 16:51:58 UTC 2017
The danger of enabling ntpdate (or configuring ntpd to accept large time
deltas) is that you are putting a great deal of trust in the ntp time
source. If the time source is off, in-correct time will be propagated to
your entire network.
This actually happened to a large Windows enterprise. The GPS linked ntp
server freaked out and advanced 17 years into the future. Because the
Windows domain controllers were configured to blindly accept the ntp server
time, everyone's clock was advanced 17 years. This caused all kinds of
problems since certificates were now considered expired.
Enabling ntpdate must be done knowing what the possible consequences are.
In my case I don't run a large enterprise ;-).
On Thu, Oct 12, 2017 at 6:20 AM, Ronald F. Guilmette <rfg at tristatelogic.com>
wrote:
>
> In message <CACArijC-urzJYRuA9TanUjan5EFRcStMr=rQ+
> gmcRD_KO6gzAA at mail.gmail.com>
> Kent Kuriyama <kent.kuriyama at gmail.com> wrote:
>
> >What is happening is that your system clock is so far off that ntpd starts
> >up and then shutdown because the time delta is too great.
> >
> >I just enable ntpdate. In /etc/rc.conf I have the lines:
> >
> >ntpdate_enable="YES"
> >ntpdate_flags="-b" # Causes ntpdate to step the time regardless of
> delta
> >
> >Reboot the system, this should fix your problem.
>
>
> Ah, yep. That certainly cleared up the problem. Thanks.
>
>
> P.S. One cannot help but wonder why ntpdate isn't enabled by default,
> since it is clearly so useful. Should I file a formal PR to make this
> suggestion?
>
--
Kent, kent.kuriyama at gmail.com
(858) 522 9582
More information about the freebsd-questions
mailing list