| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gem at rellim.com (Gary E. Miller) Subject: Windows Time Synchronization - Best Practices -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Michael! On Fri, 22 Oct 2004, Micheal Espinola Jr wrote: > You can certainly have multiple time servers specified with Windows > Time Service (SNTP). RTM. It has the ability to failover through a > list. Yes you can have multiple time servers, but only one active at a time. With NTP your client polls a number of diverse servers. Routes can flap, servers can go wacko, but your time stays solid. > If you need the full features of NTP, by all means use a third party > daemon. However, in keeping my routers, RADIUS, and Kerberos sync'd > properly - I have yet to require anything that SNTP is unable to > provide. So I agree it is not always required, but when those devices support native SNTP why not use the best? A lot of services are dependent on linear time. NTP will usually slew the local host time to the correct value, SNTP will in usually jump time to the correct value. This can cause things like cron daemons to miss scheduled events. I have seen this cause problems. BTW, A Cisco router makes a dandy low-latency local NTP time server. > I've never heard of time.microsoft.com, and have never seen any > indication in any documentation to ever suggest using it. MS's docs > have always suggested US naval observatory sites (since the > documentation is US-based). Just read all the w32time KB articles and the only time server mentioned with a FQDN is time.miscrosoft.com. Even the usno NTP has gone bonkers. Not dead, bonkers. So failover never occured. Folks that synced to it and other servers with NTP had no issues. Those that used it solely were SOL. > I missed something. Why would the requester time sync to Seattle, WA > USA if they are in Brazil? That certainly goes against NTP RFC's, > regardless of any suggestions of the use of time.microsoft.com. Cause that is the only time server mentioned by FQDN in the M$ KB. > I have used 3rd party daemons as well as the built-in SNTP. Both work > equally well. The built-in tools can work just fine if you understand > the components and know how to properly use them. There is more > functionality available than what is simply represented by NET TIME. > Again, its a matter of RTM. Well, I RTM the SNTP RFC and it says only to use STNP on local nets at the end nodes. YMMV. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBfFtb8KZibdeR3qURAje4AKDM9zApW/whinZS1TXtMQxyUOUtIgCgzO0X ujUs6Je71jrYa/PmyTmvuTo= =88X7 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists