[CLUE-Tech] time server

Jed S. Baer thag at frii.com
Wed Sep 10 18:18:24 MDT 2003 

On 10 Sep 2003 13:24:26 -0400
Ed Hill <ed at eh3.com> wrote:

> On Wed, 2003-09-10 at 12:11, Casagrande, Steve wrote:
> > > Can someone tell me how to point a my linux box at a time server for
> > > the system date/time?
> > 
> > Check out www.ntp.org.  You can get the time from a public server if
> > you're on the internet, or perhaps set yourself up on a private net
> > and sync off a trusted machine.
> > 
> > Steve Casagrande
> 
> Steve's right -- ntp is incredibly useful.  And heres a sample ntp.conf
> file with the actual IP addresses hidden.

And, here's another one. Note that I'm using my ISP's time server as my
preferred server. You won't be able to use them, unless you're a FRII
customer. But your ISP might have an ntp server you can point to. The
other two are public tier-2 servers. The basic rule for choosing a time
server is to not use the tier-1 servers, unless you're running a tier-2
server (that's from my memory, I might have the terminology slightly
wrong, but you get the idea, I think).

Mine's not quite as complex as Ed's. I never did get into the key and
authentication stuff.

jed

 -- [begin /etc/ntp.conf] --
server  time.frii.com   prefer
server  ntp.drydog.com          # Tempe Arizona
server  utcnist.colorado.edu

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10  

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
#multicastclient                        # listen on default 224.0.1.1
broadcastdelay  0.008

#
# Authentication delay.  If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate no

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
#keys           /etc/ntp/keys

# try to not be anything other than a client

#restrict default noquery noserve nopeer
restrict 127.0.0.1


-- 
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

More information about the clue-tech mailing list