NTP: Difference between revisions

From Hackepedia
Jump to navigationJump to search
No edit summary
No edit summary
 
Line 1: Line 1:
== NTP ==
== NTP ==


The '''Network Time Protocol''' is used to keep system clocks in sync with the "correct" time.  The protocol uses UDP for all traffic, usually on [port] 123.   
The '''Network Time Protocol''' is used to keep system clocks in sync with the "correct" time.  The protocol uses UDP for all traffic, usually on [[ports|port]] 123.   


NTP has a concept of a "time server" and clients.  Each client and server is assigned a "stratum" that indicates how close it is to an authoritative time source.  Examples of authoritative sources are atomic clocks, GPS receivers (with outputs that can be read by the computer), and radio clocks.  These sources are assigned stratum 0.  A computer connected directly to a time source is assigned stratum 1; a client that speaks to a stratum 1 NTP server is assigned stratum 2; and so on...  There are 16 total strata.
NTP has a concept of a time server and clients.  Each client and server is assigned a stratum that indicates how close it is to an authoritative time source.  Examples of authoritative sources are atomic clocks, GPS receivers (with outputs that can be read by the computer), and radio clocks.  These sources are assigned stratum 0.  A computer connected directly to a time source is assigned stratum 1; a client that speaks to a stratum 1 NTP server is assigned stratum 2; and so on...  There are 16 total strata.


Using multiple servers, and on an uncongested network, NTP can be used to achive sub-millisecond accuracy.
Using multiple servers, and on an uncongested network, NTP can be used to achive sub-millisecond accuracy.
Line 12: Line 12:
  restrict default noquery notrust nomodify
  restrict default noquery notrust nomodify
  restrict 127.0.0.1
  restrict 127.0.0.1
  restrict 17.254.0.28
  restrict [[variables|17.254.0.28]]
  server 17.254.0.28
  server 17.254.0.28
   
   

Latest revision as of 15:45, 10 August 2007

NTP

The Network Time Protocol is used to keep system clocks in sync with the "correct" time. The protocol uses UDP for all traffic, usually on port 123.

NTP has a concept of a time server and clients. Each client and server is assigned a stratum that indicates how close it is to an authoritative time source. Examples of authoritative sources are atomic clocks, GPS receivers (with outputs that can be read by the computer), and radio clocks. These sources are assigned stratum 0. A computer connected directly to a time source is assigned stratum 1; a client that speaks to a stratum 1 NTP server is assigned stratum 2; and so on... There are 16 total strata.

Using multiple servers, and on an uncongested network, NTP can be used to achive sub-millisecond accuracy.

Configuration

Basic configuration is quite simple:

restrict default noquery notrust nomodify
restrict 127.0.0.1
restrict 17.254.0.28
server 17.254.0.28

logfile /var/log/ntp.log
driftfile /var/lib/ntp/ntp.drift

The first 4 lines define what computers are allowed to tell us who the time is. Specifcally, the first line says "everyone is not trusted." The second and third lines indicate that we trust ourselves (127.0.0.1), and 17.254.0.28 (this is one of the hosts in the "time.apple.com" DNS pool). The fourth line indicates that we should actually use 17.254.0.28 as a time server.

The last two lines add logging, and tell the NTP daemon to track the "drift" of the local system clock relative to the "correct" time.

If you aren't using it, or something that performs the same task, you should be.

Security

The ntpd daemon can run as a non-privildged user. It is suggested that you create an "ntp" user and group, and start the ntpd process with the options "-u ntp:ntp". The daemon must be started as root, but it will drop privileges afterward.

The NTP protocol also supports using cryptographic keys for distributing time information. Consider using them for any network that is not completely under your control.

The Linux "capabilities" security model is used, you may need to adjust your ntp.conf configuration a bit. See http://gentoo-wiki.com/HOWTO_NTP for details.

See Also

http://openntpd.org
http://ntp.org