+* [Bug 2657] Document that "restrict nopeer" intereferes with "pool".
(4.2.7p476) 2014/10/08 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2503] SHT utility outdated
(4.2.7p475) 2014/09/11 Released by Harlan Stenn <stenn@ntp.org>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Access Control Commands and Options</title>
+<!-- Changed by: Harlan &, 13-Nov-2014 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
<img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>The skunk watches for intruders and sprays.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->15-Oct-2011 01:00<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->13-Nov-2014 03:00<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<dt><tt>lowpriotrap</tt></dt>
<dd>Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps.</dd>
<dt><tt>mssntp</tt></dt>
- <dd>Enable Microsoft Windows MS-SNTP authentication using Active Directory services. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></dd>
+ <dd>Enable Microsoft Windows MS-SNTP authentication using Active Directory services. <span class="style1"><b>Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</b></span></dd>
<dt><tt>nomodify</tt></dt>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.</dd>
<dt><tt>noquery</tt></dt>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not affected.</dd>
<dt><tt>nopeer</tt></dt>
- <dd>Deny packets that might mobilize an association unless authenticated. This includes broadcast, symmetric-active and manycast server packets when a configured association does not exist. Note that this flag does not apply to packets that do not attempt to mobilize an association. </dd>
+ <dd>Deny packets that might mobilize an association unless authenticated. This includes broadcast, symmetric-active and manycast server packets when a configured association does not exist. It also includes <tt>pool</tt> associations, so if you want to use servers from a <tt>pool</tt> directive and also want to use <tt>nopeer</tt> by default, you'll want a <tt>"restrict source ..."</tt> line as well that does <i>not</i> include the <tt>nopeer</tt> directive. Note that this flag does not apply to packets that do not attempt to mobilize an association. </dd>
<dt><tt>noserve</tt></dt>
<dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
<dt><tt>notrap</tt></dt>
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
-# It has been AutoGen-ed October 8, 2014 at 09:33:50 AM by AutoGen 5.18.5pre4
+# It has been AutoGen-ed November 12, 2014 at 06:22:25 AM by AutoGen 5.18.5pre4
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+@code{pool}
+associations, so if you want to use servers from a
+@code{pool}
+directive and also want to use
+@code{nopeer}
+by default, you'll want a
+@code{restrict source ...} @code{line} @code{as} @code{well} @code{that} @code{does}
+@item not
+include the
+@code{nopeer}
+directive.
@item @code{noserve}
Deny all packets except
@code{ntpq(1ntpqmdoc)}
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp.conf 5man "08 Oct 2014" "4.2.7p476" "File Formats"
+.TH ntp.conf 5man "12 Nov 2014" "4.2.7p476" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-YaaqkE/ag-.aaijE)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed October 8, 2014 at 09:33:37 AM by AutoGen 5.18.5pre4
+.\" It has been AutoGen-ed November 12, 2014 at 06:22:28 AM by AutoGen 5.18.5pre4
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+\f\*[B-Font]pool\f[]
+associations, so if you want to use servers from a
+\f\*[B-Font]pool\f[]
+directive and also want to use
+\f\*[B-Font]nopeer\f[]
+by default, you'll want a
+\f\*[B-Font]restrict source ...\f[] \f\*[B-Font]line\f[] \f\*[B-Font]as\f[] \f\*[B-Font]well\f[] \f\*[B-Font]that\f[] \f\*[B-Font]does\f[]
+.TP 7
+.NOP not
+include the
+\f\*[B-Font]nopeer\f[]
+directive.
.TP 7
.NOP \f\*[B-Font]noserve\f[]
Deny all packets except
-.Dd October 8 2014
+.Dd November 12 2014
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed October 8, 2014 at 09:33:57 AM by AutoGen 5.18.5pre4
+.\" It has been AutoGen-ed November 12, 2014 at 06:22:18 AM by AutoGen 5.18.5pre4
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+.Cm pool
+associations, so if you want to use servers from a
+.Cm pool
+directive and also want to use
+.Cm nopeer
+by default, you'll want a
+.Cm "restrict source ..." line as well that does
+.It not
+include the
+.Cm nopeer
+directive.
.It Cm noserve
Deny all packets except
.Xr ntpq 1ntpqmdoc
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+.Cm pool
+associations, so if you want to use servers from a
+.Cm pool
+directive and also want to use
+.Cm nopeer
+by default, you'll want a
+.Cm "restrict source ..." line as well that does
+.It not
+include the
+.Cm nopeer
+directive.
.It Cm noserve
Deny all packets except
.Xr ntpq 1ntpqmdoc
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp.conf 5 "08 Oct 2014" "4.2.7p476" "File Formats"
+.TH ntp.conf 5 "12 Nov 2014" "4.2.7p476" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-YaaqkE/ag-.aaijE)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed October 8, 2014 at 09:33:37 AM by AutoGen 5.18.5pre4
+.\" It has been AutoGen-ed November 12, 2014 at 06:22:28 AM by AutoGen 5.18.5pre4
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+\f\*[B-Font]pool\f[]
+associations, so if you want to use servers from a
+\f\*[B-Font]pool\f[]
+directive and also want to use
+\f\*[B-Font]nopeer\f[]
+by default, you'll want a
+\f\*[B-Font]restrict source ...\f[] \f\*[B-Font]line\f[] \f\*[B-Font]as\f[] \f\*[B-Font]well\f[] \f\*[B-Font]that\f[] \f\*[B-Font]does\f[]
+.TP 7
+.NOP not
+include the
+\f\*[B-Font]nopeer\f[]
+directive.
.TP 7
.NOP \f\*[B-Font]noserve\f[]
Deny all packets except
-.Dd October 8 2014
+.Dd November 12 2014
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed October 8, 2014 at 09:33:57 AM by AutoGen 5.18.5pre4
+.\" It has been AutoGen-ed November 12, 2014 at 06:22:18 AM by AutoGen 5.18.5pre4
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
This
includes broadcast and symmetric active packets when a configured
association does not exist.
+It also includes
+.Cm pool
+associations, so if you want to use servers from a
+.Cm pool
+directive and also want to use
+.Cm nopeer
+by default, you'll want a
+.Cm "restrict source ..." line as well that does
+.It not
+include the
+.Cm nopeer
+directive.
.It Cm noserve
Deny all packets except
.Xr ntpq @NTPQ_MS@
projects / thirdparty / ntp.git / commitdiff
