1
Download Chapter 1 - Introduction
Transcript
notrust Deny access unless cryptographically authenticated (ver 4.2 onwards) nopeer Deny all packets that attempt to establish a peer association In NTP versions prior to 4.2, the notrust option meant not to trust a server/host for time. In NTP versions 4.2 and later, the notrust option means cryptographic authentication is required before believing the server/host. Unless using cryptography, do not use the notrust option, your client requests will fail. To allow full control to the localhost, add the following entry to the configuration. restrict 127.0.0.1 The NTP Pool servers have been listed as a time source already (ver 4.2 onwards), and they too need restrictions applied so the local server can synchronise from them. Ensure the access control parameters are strict enough that the remote servers can only be used for queries. restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery To allow all the workstations inside the internal private network to be able to query the time from your server, use the following access control rule (adjust subnet if needed). restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap Finally we need the following declarations in the /etc/ntp.conf file. server fudge driftfile broadcastdelay keys 127.127.1.0 # local clock 127.127.1.0 stratum 10 /var/lib/ntp/drift 0.008 /etc/ntp/keys The above configuration parameters are as follows: server Specifies that a server is running on the host (own local clock) fudge Passes additional information to the clock driver stratum 10 Manually sets the Stratum the server should operate at (1-15)
