My personal feeling was that for most systems its better to not have the daemon running - i.e. the benefit of smaller more frequent clock adjustments does not outweigh the cost of another service running, especially as root or even as a jailed non-root user.
Well, present NTP drops to a nonroot user after it sets the time & proprer use of the very flexable ACL lists in your ntp.conf should help midigate non-local NTP exploits, ie, don't offer NTP service to the world or anyone else for that matter. I need better than one second resolution for syslog and other loging info to be useful in debugging problems across multiple hosts. -- James H. Edwards Routing and Security Administrator At the Santa Fe Office: Internet at Cyber Mesa jamesh@cybermesa.com noc@cybermesa.com (505) 795-7101