OpenNTPD

From Wikipedia, the free encyclopedia

OpenNTPD

"Saving the world again... on time"
Developer: The OpenBSD Project
Latest release: 3.9 / May 11, 2006
OS: Multiplatform
Use: Time Synchronization
License: BSD
Website: http://www.openntpd.org

OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

OpenNTPD is primarily developed by Henning Brauer as part of the OpenBSD project. Its design goals include being secure (non-exploitable), easy to configure, accurate enough for most purposes and with source code that can be distributed under a BSD license. Its portable version, like that of OpenSSH, is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Darren Tucker.

Contents

[edit] History

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing.[1] OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6.[2] Its first release was announced on November 2, 2004.[3]

[edit] Goals

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to security audit, trivial to set up and administer, and has small memory requirement that synchronizes local clock on the computer with remote NTP server with reasonable accuracy. As such, the design goals for OpenNTPD are: security, ease of use, and performance.[4] Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through ntpd.conf configuration file.[5] A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

[edit] Criticism

OpenNTPD has been criticized[6] as being less accurate than the NTP daemon produced by the Network Time Protocol Project.[7] While the OpenNTPD project admits the plausibility of this claim, it notes this as a trade-off between microsecond precision and the benefits of simplicity and security OpenNTPD offers.

Shortly after the release of OpenNTPD 3.6, Brad Knowles wrote an article entitled OpenNTPd Considered Harmful[8] criticizing various aspects of OpenNTPD, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. Darren Tucker, the main developer on the portable branch of OpenNTPD, wrote a detailed response[9] to this article, discussing some of the issues addressed in the OpenNTPD 3.6.1 release and branding some of Knowles comments "quite misleading." Knowles' article also prompted the addition of a section to the OpenBSD networking FAQ[10] explaining and rebutting its claims.

[edit] References

  1. ^ OpenNTPD Goals
  2. ^ OpenBSD 3.6 release notes
  3. ^ OpenNTPD 3.6 release announcement
  4. ^ Brauer, Henning. OpenNTPD presentation: Page 3: OpenNTPD - Design Goals, September, 2004. Visited September 16, 2006.
  5. ^ OpenBSD Manual Pages: ntpd.conf(5), May 26, 2006. Visited September 16, 2006.
  6. ^ The OpenBSD Networking FAQ: 6.12.1 - "But OpenNTPD isn't as accurate as the ntp.org daemon!", August 21, 2006. Visited September 16, 2006.
  7. ^ Official web site of the Network Time Protocol Project
  8. ^ Knowles, Brad. OpenNTPd Considered Harmful, 2004. No longer available.
  9. ^ Tucker, Darren. Response to OpenNTPd Considered Harmful, December 12, 2004. Visited September 16, 2006.
  10. ^ The OpenBSD Networking FAQ: "Someone has claimed that OpenNTPD is 'harmful'!", August 21, 2006. Visited September 16, 2006.

[edit] External links

In other languages