xntp is preset to use the local computer clock as a time reference. Using
the (BIOS) clock, however, only serves as a fallback for the case that no
time source of greater precision is available. YaST facilitates the
configuration of an NTP client. For a system that is not running a
firewall, use either the quick or advanced configuration. For a
firewall-protected system, the advanced configuration can open the
required ports in SuSEfirewall2.
24.1.1 Quick NTP Client Configuration
The quick NTP client configuration (Either of
pre-selected. Click if you do not want to use the pre-selected time
server. Alternatively ,click to access a
second dialog in which to select a suitable time server for your
consists of two dialogs. Set the start mode of xntpd and the server to
query in the first dialog. To start xntpd automatically when the system
is booted, click . Then specify the
Figure 24-1 YaST: NTP Configuration
In the pull-down
list, determine whether to
implement time synchronization using a time server from your local
network ( ) or an Internet-based time
server that takes care of your time zone ( ). For a local time server, click
to start an SLP query for available time
servers in your network. Select the most suitable time server from the
list of search results and exit the dialog with .
For a public time server, select your country (time zone) and a suitable
server from the list under then
exit the dialog with . In the main dialog, test the
availability of the selected server with and
quit the dialog with .
24.1.2 Advanced NTP Client Configuration
The advanced configuration of an NTP client can be accessed under
Figure 24-1, after selecting the start-up
mode as described in the quick configuration.
from the main dialog of the
module, shown in
Figure 24-2 Advanced NTP Configuration: General Settings
You can either configure the NTP client manually or automatically to get
a list of the NTP servers available in your network via DHCP. If you
, the manual
options explained below are not available.
The servers and other time sources for the client to query are listed in
the lower part of the
this list as needed with ,
, and . provides the possibility to view the log files of your
to add a new source of time information. In
the following dialog, select the type of source with which the time
synchronization should be made. The following options are available:
Another dialog enables you to select an NTP server (as described in
Section 24.1.1, Quick NTP Client Configuration). Activate to trigger the synchronization of
the time information between the server and the client when the
system is booted. allows you to specify
additional options for xntpd.
Using restrict clauses in
For example, nomodify notrap noquery disallows the
server to modify NTP settings of your computer and to use the trap
facility (a remote event logging feature) of your NTP daemon. Using
these restrictions is recommended for servers out of your control
(for example, on the Internet).
, you can restrict the
actions that the remote computer can perform with the daemon running
on your computer. This field is enabled only after checking
the tab. The options correspond
Refer to /usr/share/doc/packages/xntp-doc (part
of the xntp-doc package) for detailed
A peer is a machine to which a symmetric relationship is established:
it acts both as a time server and as a client. To use a peer in the
same network instead of a server, enter the address of the system.
The rest of the dialog is identical to the
- Radio Clock
To use a radio clock in your system for the time synchronization,
enter the clock type, unit number, device name, and other options in
this dialog. Click /usr/share/doc/packages/xntp-doc/refclock.html.
the driver. Detailed information about the operation of a local radio
clock is available in
- Outgoing Broadcast
Time information and queries can also be transmitted by broadcast in
the network. In this dialog, enter the address to which such
broadcasts should be sent. Do not activate broadcasting unless you
have a reliable time source like a radio controlled clock.
- Incoming Broadcast
If you want your client to receive its information via broadcast,
enter the address from which the respective packets should be
accepted in this fields.
Figure 24-3 Advanced NTP Configuration: Security Settings
tab, determine whether xntpd
should be started in a chroot jail. By default, is activated. This increases the security in
the event of an attack over xntpd, because it prevents the attacker from
compromising the entire system.
increases the security of your system by disallowing remote computers to
view and modify NTP settings of your computer and to use the trap
facility for remote event logging. Once enabled, these restrictions
apply to all remote computers, unless you override the access control
options for individual computers in the list of time sources in the
tab. For all other remote computers,
only querying for local time is allowed.
if SuSEfirewall2 is
active, which it is by default. If you leave the port closed, it is not
possible to establish a connection to the time server.