Bah...I did miss a press release
Wayne Pinette
Wpinette at tru.ca
Wed Apr 12 17:04:43 UTC 2006
Ok, my bad, more googling (less lazy googling) revealed the answer :
From:
http://ntp.isc.org/bin/view/Support/AccessRestrictions#Section_6.4.3.1.
Only use restrict notrust if you are using crypto. notrust probably
means something other than what you expect. See 6.4.3.2. Problems with
'notrust' option on a LAN for more information.
The behavior of notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for
time".
In 4.2 (and later) notrust means "Ignore all NTP packets that are not
cryptographically authenticated." This forces remote time servers to
authenticate themselves to your (client) ntpd. See ConfiguringAutokey
for information about configuring NTP Authentication.
Sorry for the bandwidth :-)
Wayner
More information about the redhat-list
mailing list