On 2016-03-17 10:59, Per Jessen wrote:
Carlos E. R. wrote:
This is the full config paragraph:
# Access control configuration; see # /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page # <http://support.ntp.org/bin/view/Support/AccessRestrictions> might # also be helpful. # # Note that "restrict" applies to both servers and clients, so a # configuration that might be intended to block requests from certain # clients could also end up blocking replies from your own upstream # servers.
# By default, exchange time with everybody, but don't allow # configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1
# Clients from this (example!) subnet have unlimited access, but only # if cryptographically authenticated. restrict 192.168.1.0 mask 255.255.255.0 notrust
I understand it allows access to clients :-?
If I read it correctly, it says that this client will only accept time information from 192.168.1.0 when it's authenticated. Authenticated = both server and client use the same key.
No, I understand it allows time exchange without authentication with anybody in the world, and admin access on the LAN with authentication. Unless the rule: restrict -4 default kod notrap nomodify nopeer noquery is negated by the later rule: restrict 192.168.1.0 mask 255.255.255.0 notrust :-? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)