FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-31-2010, 01:57 PM
Niki Kovacs
 
Default Trying to get a grasp on NTP server/client access control options

Hi,

I'm currently sinking my teeth into NTP, to build a local time server.
So far, configuring a local NTP server and getting the clients to
connect to it works well. Now, I'm thinking about securing the whole
thing. BTW, I made a copy of the original ntp.conf file and started my
own from scratch.

Right now, I have five printed books opened on the corresponding
chapters (Carla Schroder's Linux Cookbook, RHEL 5 Unleashed, Foundations
of CentOS, etc.) plus the same amount of online tutorials.

Right now I'm having a bit of a hard time grasping the various access
control options. Here's a few lines from ntp's default configuration in
CentOS :

--8<------ /etc/ntp.conf -----------------------------------------------
...
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

...
restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
...
--8<--------------------------------------------------------------------

This means roughly : "use these three public NTP servers to synchronize,
but don't let them mess with your configuration".

Now, here's something from NTP's official documentation :

You may use either a hostname or IP address on the 'server' line. You
*must* use an IP address on the 'restrict' line.

Here's the according link to the documentation :

http://support.ntp.org/bin/view/Support/AccessRestrictions

Which leads me to the assumption that these three 'restrict' lines in
the default ntp.conf configuration in CentOS are useless, since they
specify hostnames, and not IP addresses. Correct me if I'm wrong.

Cheers,

Niki
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org