On Sat, 29 May 2004, Tom Diehl wrote: > When I wrote the above I was thinking about this, which is from the > dhcp-options man page: > > option ntp-servers ip-address [, ip-address... ]; interesting -- not in mine. does teh amn page for your dhcp client indicate it can catch what the DHCP server pitches? > > interested in tools to automate the generation of a well > > formed ntp.conf (and friends) based on information handed out > > from the DHCP server, but do not know of a mechanism for the > > dhcp server to do it. > > I think that if you have the ntp servers and TZ that should be enough info for > most installations. Am I missing something? for a client, probably not, except that there is the ability to do cryptograpgically secured time exchange, to avoid MitM attacks (kerberos replay comes to mind), which needs some configuring. For a local athoritative peer, aliased IP, or a multi-homed unit, sure -- netmasks to listen on, interfaces to listed on, and so on [herrold@ftp herrold]$ grep -v ^# /etc/ntp.conf | grep -v ^$ restrict 127.0.0.1 restrict 10.16.33.105 restrict 172.16.64.105 restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap restrict 172.16.64.0 mask 255.240.0.0 notrust nomodify notrap server 204.87.183.6 server 216.27.190.202 server 128.4.40.12 server 198.147.37.140 server 140.221.9.20 driftfile /var/lib/ntp/drift broadcastdelay 0.008 authenticate yes keys /etc/ntp/keys [herrold@ftp herrold]$ --- that kind of thing. -- Russ Herrold
