On 2005-12-15, Ben Fitzgerald <[EMAIL PROTECTED]> wrote: > On Thu, 15 Dec 2005 21:06:43 +0000, Harlan Stenn <[EMAIL PROTECTED]> > wrote: > >> Danny sez: >> >>> There is no way to find out whether it's been configured as a >>> multicast client unless it's actually receiving multicast packets >>> for the given multicast address. For that you need to go to the >>> configuration file. >> >> And it's possible that somebody added the multicast client via ntpdc >> at runtime, right? > > yes, this was my concern.
There is no ntpdc command for configuring multicastclient mode. Some of the ntpdc commands are: | addpeer addserver Intiates a unicast association with that host | addrefclock Brings up a refclock attached to your ntpd | broadcast Turns your ntpd in to a broadcast server There are commands for restrictions, traps, symmetric key authentication, status display (lots), enabling / disabling various features, etc. > I guess it cuts both ways. If you can only derive it from ntp.conf the > daemon could have been reconfigured post-invocation and if you derive > it from the runtime status it must match ntp.conf or the behaviour > will change after the next restart. > > It's a pity you cannot get this information from the daemon but if > that's the way it is... Don't configure your ntpd for remote configuration changes. Or, if you must, use a non-standard key-id and a good password and don't write this information on a post-it note. Remote configuration is not possible unless you configure symmetric key authentication in your ntpd.conf _OR_ deliberately disable authentication. You may use the 'nomodify' keyword on your restrict lines if you want to make absolutely, positively, sure that no one can remotely modify your ntpd. What's the real issue here? -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
