FreeBSD/doc 326454f (r53407) — en_US.ISO8859-1/books/handbook/network-servers chapter.xml
Update the NTP section of the handbook.
Ntpd has evolved considerably in recent years and the handbook has fallen
out of date. Notable updates include...
- The sample ntp.conf file in the handbook was a bad example that, if used,
would expose the user to potential network attacks or exploits by
allowing full query and control access to ntpd. The sample config now
contains the restrict options that are considered current best practices
for a public-facing ntpd daemon. The config would actually work (and be
safe) even if a user just blindly cut and pastes it.
- The new(-ish) ntp.conf 'pool' keyword is featured prominently in the
sample, and the existence of the FreeBSD project-sponsored pool is
documented.
- Separate subsections now exist for ntp.conf and the rc.conf variables
that affect how ntpd runs. The existence and effect of the un-obvious
ntpd_oomprotect rc variable is mentioned.
- A new subsection describes running ntpd as the unpriveleged ntpd user. It
details how certain configurations can prevent the rc.d script from
automatically running ntpd unpriveleged, and describes how to manually
configure unpriveleged operation in those cases.
- It now mentions the fact that firewalls need to be configured to pass udp
packets on port 123 for ntpd to operate.
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D21659
UnifiedSplitRaw