Carlos E. R. [17.03.2016 12:26]:
On 2016-03-17 10:59, Per Jessen wrote:
Carlos E. R. wrote:
This is the full config paragraph:
# Access control configuration; see # /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page # <http://support.ntp.org/bin/view/Support/AccessRestrictions> might # also be helpful. # # Note that "restrict" applies to both servers and clients, so a # configuration that might be intended to block requests from certain # clients could also end up blocking replies from your own upstream # servers.
# By default, exchange time with everybody, but don't allow # configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1
# Clients from this (example!) subnet have unlimited access, but only # if cryptographically authenticated. restrict 192.168.1.0 mask 255.255.255.0 notrust
I understand it allows access to clients :-?
If I read it correctly, it says that this client will only accept time information from 192.168.1.0 when it's authenticated. Authenticated = both server and client use the same key.
No, I understand it allows time exchange without authentication with anybody in the world, and admin access on the LAN with authentication.
Unless the rule:
restrict -4 default kod notrap nomodify nopeer noquery
is negated by the later rule:
restrict 192.168.1.0 mask 255.255.255.0 notrust
:-?
I'd remove the "restrict" line and check whether it works afterwards :) The default line says nothing about authentication. But, as you already quoted, "Clients from this (example!) subnet have unlimited access, but only if cryptographically authenticated.". Werner -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org