FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-06-2012, 01:05 PM
Mika Suomalainen
 
Default ntp package. Client by default?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You seem to be ignoring the third part of that email.



On 05.03.2012 23:35, Jon Dowland wrote:



- --
Mika Suomalainen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPVhlmAAoJEGL+ZoU5E8sD+bUIAJnsJgJa13 O5bL+AEqondOuE
f38/PQQiiTp71YxCOsOyRUNLHV7enpLsTH9jRyMKgaLvDYKOsowZqY AxW0CdU5i2
BbvUBlXdA7jjdzml/qPED9DCAhM/Vuk4wCZt0ZmjaHi3CP6V9KJ+mnYQAZ4k9/el
kLeq//wOo1iBGdKy7TGZiABriWgQGgETEZEaNFw0P8SwwEsxxbRnKAZ7 0LS36VE4
ZM9YUJs6ubXYiWgR6LaFEZQT/xCmE9Izsi96NIUJDfPxF7/0KMuWoqYWenhjDDqf
6v7X1tHqLZsn0fP5N4B4Cy3SHs+X/sqUDLNoKYqf1OD62hCVeWjPxyGTjGsiECA=
=+BUR
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4F56198F.3090804@gmail.com">http://lists.debian.org/4F56198F.3090804@gmail.com
 
Old 03-06-2012, 01:34 PM
Camaleón
 
Default ntp package. Client by default?

On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:

> I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me if
> im wrong but it says "[...]The default ntp.conf file is set up for an
> NTP "client" that [...]" "[...]Extra configuration work will be
> necessary to offer time service to other hosts. [...]"
>
> By default, it works as a server not just as a client.

How is that? I mean, how did you reach that conclusion?

> Also I think by default it should not act as a server as is
> superseeding ntpdate, and the most regular use case is to install ntp
> is to keep in sync the time of your local computer.
>
> Am i missing something?

Mmm... I don't see how the default setup allows another computers -other
than the localhost- to connect and sync against the ntpd daemon :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jj57ag$ds9$8@dough.gmane.org">http://lists.debian.org/jj57ag$ds9$8@dough.gmane.org
 
Old 03-06-2012, 02:32 PM
Alberto Fuentes
 
Default ntp package. Client by default?

On 06/03/12 15:34, Camaleón wrote:

On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:


I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me if
im wrong but it says "[...]The default ntp.conf file is set up for an
NTP "client" that [...]" "[...]Extra configuration work will be
necessary to offer time service to other hosts. [...]"

By default, it works as a server not just as a client.


How is that? I mean, how did you reach that conclusion?


Also I think by default it should not act as a server as is
superseeding ntpdate, and the most regular use case is to install ntp
is to keep in sync the time of your local computer.

Am i missing something?


Mmm... I don't see how the default setup allows another computers -other
than the localhost- to connect and sync against the ntpd daemon :-?

Greetings,



Well, the port opened in all my interfaces was not a very good sign. But
then I tried to set my computer as the only server of 2 other boxes on
my network. It worked flawesly


greets!
aL


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4F562DF3.3040207@qindel.com">http://lists.debian.org/4F562DF3.3040207@qindel.com
 
Old 03-06-2012, 03:50 PM
Camaleón
 
Default ntp package. Client by default?

On Tue, 06 Mar 2012 16:32:03 +0100, Alberto Fuentes wrote:

> On 06/03/12 15:34, Camaleón wrote:
>> On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote:
>>
>>> I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me
>>> if im wrong but it says "[...]The default ntp.conf file is set up for
>>> an NTP "client" that [...]" "[...]Extra configuration work will be
>>> necessary to offer time service to other hosts. [...]"
>>>
>>> By default, it works as a server not just as a client.
>>
>> How is that? I mean, how did you reach that conclusion?

(...)

> Well, the port opened in all my interfaces was not a very good sign. But
> then I tried to set my computer as the only server of 2 other boxes on
> my network. It worked flawesly

This comes from "/etc/ntp.conf":

# Note that "restrict" applies to both servers and clients, so a
# configuration that might be intended to block requests from certain
# clients could also end up blocking replies from your own upstream
# servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

(ipv6 entries omitted)

And after carefully reading this doc:

http://support.ntp.org/bin/view/Support/AccessRestrictions

It seems that "syncing" and allowing your local hosts "to connect" to ntp
(that is, "exchange time") is not treated at the same hazard level than
running a ntpd server.

In brief, I think the default is a very limited setup. Let's not be
paranoids :-)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jj5f9g$ds9$17@dough.gmane.org">http://lists.debian.org/jj5f9g$ds9$17@dough.gmane.org
 
Old 03-13-2012, 09:35 AM
Alberto Fuentes
 
Default ntp package. Client by default?

On 06/03/12 17:50, Camaleón wrote:

In brief, I think the default is a very limited setup. Let's not be
paranoids :-)


I dont think im being paranoid. I thought debian was about doing things
right, no matter the time it takes...


This is my follow-up to this topic:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662770#20

greets!
aL


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4F5F230A.5060900@qindel.com">http://lists.debian.org/4F5F230A.5060900@qindel.com
 
Old 03-13-2012, 12:07 PM
Camaleón
 
Default ntp package. Client by default?

On Tue, 13 Mar 2012 11:35:54 +0100, Alberto Fuentes wrote:

> On 06/03/12 17:50, Camaleón wrote:
>> In brief, I think the default is a very limited setup. Let's not be
>> paranoids :-)
>
> I dont think im being paranoid. I thought debian was about doing things
> right, no matter the time it takes...
>
> This is my follow-up to this topic:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662770#20

Nobody think you're crazy ;-)

For instance, I wouldn't see any objection in splitting the package in
the same way sshd is (there is a "client" and a "server" part) and set
the desired configuration (as server or client) for each of them.

The problem I see here is that it seems that ntpd itself is designed
kinda in a "monolithic" way and to make it acting as "server" or "client"
is somehow fuzzy and the same goes for its default configuration settings.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jjngqq$nbm$5@dough.gmane.org">http://lists.debian.org/jjngqq$nbm$5@dough.gmane.org
 
Old 03-13-2012, 01:40 PM
Jon Dowland
 
Default ntp package. Client by default?

On Tue, Mar 06, 2012 at 04:05:03PM +0200, Mika Suomalainen wrote:
> You seem to be ignoring the third part of that email.

I wasn't, that part missed the point, but since you've sent this
to -user 8 times so far I might as well bite and reply. (Please
stop!)

There's no need for ntpd to listen for incoming connections *at
all* if it's acting purely as an ntp *client*. Therefore the
LAN topology is irrelevant.

--
Jon Dowland


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120313144003.GE8794@debian">http://lists.debian.org/20120313144003.GE8794@debian
 
Old 03-13-2012, 01:42 PM
Jon Dowland
 
Default ntp package. Client by default?

On Tue, Mar 13, 2012 at 01:07:39PM +0000, Camaleón wrote:
> For instance, I wouldn't see any objection in splitting the package in
> the same way sshd is (there is a "client" and a "server" part) and set
> the desired configuration (as server or client) for each of them.

I would. The answer to people wanting different configurations is not always to
provide different packages. There's a lot of overhead in doing so and it's
rarely worth the cost IMHO. Rather the majority case be provided for by
default, and the exceptional case by tweaking /etc/default/FOO.

> The problem I see here is that it seems that ntpd itself is designed
> kinda in a "monolithic" way and to make it acting as "server" or "client"
> is somehow fuzzy and the same goes for its default configuration settings.

Yes.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120313144212.GF8794@debian">http://lists.debian.org/20120313144212.GF8794@debian
 
Old 03-13-2012, 02:07 PM
Camaleón
 
Default ntp package. Client by default?

On Tue, 13 Mar 2012 14:42:12 +0000, Jon Dowland wrote:

> On Tue, Mar 13, 2012 at 01:07:39PM +0000, Camaleón wrote:
>> For instance, I wouldn't see any objection in splitting the package in
>> the same way sshd is (there is a "client" and a "server" part) and set
>> the desired configuration (as server or client) for each of them.
>
> I would. The answer to people wanting different configurations is not
> always to provide different packages. There's a lot of overhead in doing
> so and it's rarely worth the cost IMHO. Rather the majority case be
> provided for by default, and the exceptional case by tweaking
> /etc/default/FOO.

(...)

I was thinking in alternatives that make all happy.

Okay, now you tell... how about a variable at "/etc/default/ntp" for
getting different behaviour (i.e., configuration settings) for ntpd in
just "one click"? Something like:

NTPD_ROLE="server"
NTPD_ROLE="client"
NTPD_ROLE="default" (as the default profile)

The "server" string will set relaxed restrictions parameters, "client"
enforces a most secure policy allowing ntpd daemon to contact external
servers but rejects anything from either local and remote hosts and
finally, "default" to keep the current state.

That way users will able to easily change between these pre-made profiles
and still make customized changes by manually editing the "/etc/ntp.conf"
file directly should they need fine adjustments.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jjnnsf$nbm$7@dough.gmane.org">http://lists.debian.org/jjnnsf$nbm$7@dough.gmane.org
 
Old 03-13-2012, 03:11 PM
Mika Suomalainen
 
Default ntp package. Client by default?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Him

I am sorry about that spamming. I apologized in separate thread (
http://lists.debian.org/debian-user/2012/03/msg00447.html ), but you
probably missed it.

On 13.03.2012 16:40, Jon Dowland wrote:
> On Tue, Mar 06, 2012 at 04:05:03PM +0200, Mika Suomalainen wrote:
>> You seem to be ignoring the third part of that email.
>
> I wasn't, that part missed the point, but since you've sent this to
> -user 8 times so far I might as well bite and reply. (Please
> stop!)
>
> There's no need for ntpd to listen for incoming connections *at
> all* if it's acting purely as an ntp *client*. Therefore the LAN
> topology is irrelevant.
>

- --
Mika Suomalainen
> gpg --keyserver keyserver.ubuntu.com --recv-keys 62FE66853913CB03
> Key fingerprint = ED5E 7C98 4489 7058 CDA9 9A55 62FE 6685 3913
> CB03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPX3HAAAoJEGL+ZoU5E8sDieUH/ivD7JCfE74F7koKhQFDG7GL
qy6Bs5CJrm3Plg/rLtPdNqi72gNOpwgUp/IMeR/g7MsIv8x7s3WWJLJYLNCMUuEF
dnbeEntx97sqfBmzFO0eno++ETx3vyY1MKdJYz97XbB0BbtrWk UnjEdI0ZiWken8
gH7YEpLSt3EmrOTzaqEKBpiX1dyENf77KQmXjRyqFI698z+N9w RHbU0iRASpv2ER
BZ6Z0BvNeYfdRUk1hYVbjzCqDXqeUgruZemKjrDdOmVFfPqYWh KCmM0p0CCcoffW
ZOcyVtwvDdMLjp8R7zoVn9gTWQnfhQ7mgYRYTWXvMbLibLQVR8 F0xzLxn1BMdqA=
=pG6z
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4F5F71C0.2090607@gmail.com">http://lists.debian.org/4F5F71C0.2090607@gmail.com
 

Thread Tools




All times are GMT. The time now is 03:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org