On Thu, May 20, 2004 at 06:37:23PM -0400, C. Jon Larsen wrote:
On Thu, 20 May 2004, Jared Mauch wrote:
I've found it useful on older machines (PCs with cheap clocks and oscilators) to cron ntpdate once an hour to prevent the clock from getting too far off by itself. I've found the daemon doesn't do good enough of a job to sync on it's own...
Isn't that a lot safer anyway than running a daemon (ntpd) as root ? I do this on my systems (run ntpdate from cron), even though the xntpd docs IIRC specifically advised against this hack. One less vulnerability waiting to be exploited ... is the way I see it.
well, it does help if your clock goes nicely (or poorly) askew. problem is any timestamps you may have on that host (radius, smtp, etc..) that you use to track down the (l)users on your network can cause a problem. all you have to be concerned with is "am i doing ntpdate from something that can be poisoned". that's amongst many reasons to have the "your clock is too far off, you must reset manually" log messages. - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.