On Tue, 06 Mar 2012 16:32:03 +0100, Alberto Fuentes wrote: > On 06/03/12 15:34, Camaleón wrote: >> On Mon, 05 Mar 2012 15:20:05 +0100, Alberto Fuentes wrote: >> >>> I think /usr/share/doc/ntp/README.Debian.gz is bad worded. Correct me >>> if im wrong but it says "[...]The default ntp.conf file is set up for >>> an NTP "client" that [...]" "[...]Extra configuration work will be >>> necessary to offer time service to other hosts. [...]" >>> >>> By default, it works as a server not just as a client. >> >> How is that? I mean, how did you reach that conclusion?
(...) > Well, the port opened in all my interfaces was not a very good sign. But > then I tried to set my computer as the only server of 2 other boxes on > my network. It worked flawesly :) This comes from "/etc/ntp.conf": # Note that "restrict" applies to both servers and clients, so a # configuration that might be intended to block requests from certain # clients could also end up blocking replies from your own upstream # servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 (ipv6 entries omitted) And after carefully reading this doc: http://support.ntp.org/bin/view/Support/AccessRestrictions It seems that "syncing" and allowing your local hosts "to connect" to ntp (that is, "exchange time") is not treated at the same hazard level than running a ntpd server. In brief, I think the default is a very limited setup. Let's not be paranoids :-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jj5f9g$ds9$1...@dough.gmane.org
