Adjusting time on a secured FreeBSD machine.
Kevin Oberman
oberman at es.net
Fri Feb 4 13:41:41 PST 2005
> Date: Fri, 4 Feb 2005 16:29:03 -0500
> From: Scott Robbins <scottro at nyc.rr.com>
> Sender: owner-freebsd-stable at freebsd.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, Feb 04, 2005 at 01:18:26PM -0800, Stan wrote:
> > Hmmm. My rc.conf has ntpd_enable-"YES", but not ntpdate_enable="YES".
> > Thanks!
>
> They do conflict with each other, I'm not sure what will happen if you
> have both in rc.conf. Hopefully ntpdate will run first, then ntpd. If
> ntpd is running then you will get an error message running ntpdate.
>
> On an unsecured box (the one that I mentioned, where ntpd choked because
> the BIOS clock was too far off, I simply stopped ntpd, ran ntpdate and
> then restarted ntpd.
They do not conflict if you use the flags in defaults/rc.conf.
ntpdate -b sets the time ONCE and is run before ntpd starts, the '-b'
option will cause it to to set the time absolutely no matter hao far off
the clock is at the time. This is exactly how ntpdate is intended to be
used.
That said, ntpdate is considered obsolete by the ntp folks and may
disappear at some time in the future. Their recommendation is to use
ntpd with the '-g' flag to force an unconditional clock set and to use
the 'iburst' option on your servers in /etc/ntp.conf. I find this works
well, but some have complained that it takes too long.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
More information about the freebsd-stable
mailing list