FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
Matthew X. Economou
xenophon at irtnog.org
Fri Apr 29 15:55:51 UTC 2016
Roger Marquis writes:
>
> What are the reasons FreeBSD has not deprecated ntpd in favor of
> openntpd?
While I cannot speak for anyone other than myself, the two simply aren't
equivalent. As a conscious design choice, OpenNTPD trades off accuracy
for code simplicity. It lacks support for NTP authentication, access
controls, reference clocks, multicast/broadcast operation, or any kind
of monitoring/reporting. OpenNTPD is probably closer to rdate than ntpd
in terms of their relative capabilities. I'd rather we keep ntpd in
base as a consequence. The only change I'd suggest would be to alter
the default configuration such that all unauthorized access were blocked
(i.e., set "restrict default ignore" and "restrict -6 default ignore").
Best wishes,
Matthew
--
"The lyf so short, the craft so longe to lerne."
More information about the freebsd-security
mailing list