OpenNTPD

From Wikipedia, the free encyclopedia
OpenNTPD

"Saving the world again... on time"
Developer(s) The OpenBSD Project
Stable release 4.6 / November 1, 2009
Operating system Multiplatform
Type Time Synchronization
License BSD
Website www.openntpd.org

OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

OpenNTPD is primarily developed by Henning Brauer as part of the OpenBSD project. Its design goals include being secure (non-exploitable), easy to configure, accurate enough for most purposes and with source code that can be distributed under a BSD license. Its portable version, like that of OpenSSH, is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Darren Tucker. The most recent portable version was released in 2006.

History

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing.[1] OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6.[2] Its first release was announced on November 2, 2004.[3]

Goals

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to security audit, trivial to set up and administer, and has small memory requirement that synchronizes local clock on the computer with remote NTP server with reasonable accuracy. As such, the design goals for OpenNTPD are: security, ease of use, and performance.[4] Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through ntpd.conf configuration file.[5] A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

Example

OpenNTPD gradually adjusts the system clock, as seen here in the example output of OpenNTPD running on a 64-bit Arch Linux system,

[root@nikolai karam]# more /var/log/daemon.log | grep ntp | grep adjusting | tail -20
Aug  4 02:58:21 nikolai ntpd[4784]: adjusting local clock by -2.134620s
Aug  4 03:02:38 nikolai ntpd[4784]: adjusting local clock by -1.983869s
Aug  4 03:06:53 nikolai ntpd[4784]: adjusting local clock by -1.884521s
Aug  4 03:08:28 nikolai ntpd[4784]: adjusting local clock by -1.819296s
Aug  4 03:12:46 nikolai ntpd[4784]: adjusting local clock by -1.712934s
Aug  4 03:15:48 nikolai ntpd[4784]: adjusting local clock by -1.607747s
Aug  4 03:19:31 nikolai ntpd[4784]: adjusting local clock by -1.535188s
Aug  4 03:21:05 nikolai ntpd[4784]: adjusting local clock by -1.439628s
Aug  4 03:24:56 nikolai ntpd[4784]: adjusting local clock by -1.376086s
Aug  4 03:29:12 nikolai ntpd[4784]: adjusting local clock by -1.271529s
Aug  4 03:32:20 nikolai ntpd[4784]: adjusting local clock by -1.162333s
Aug  4 03:36:08 nikolai ntpd[4784]: adjusting local clock by -1.023899s
Aug  4 03:40:02 nikolai ntpd[4784]: adjusting local clock by -0.902637s
Aug  4 03:43:43 nikolai ntpd[4784]: adjusting local clock by -0.789431s
Aug  4 03:47:35 nikolai ntpd[4784]: adjusting local clock by -0.679320s
Aug  4 03:50:45 nikolai ntpd[4784]: adjusting local clock by -0.605858s
Aug  4 03:53:31 nikolai ntpd[4784]: adjusting local clock by -0.529821s
Aug  4 03:56:33 nikolai ntpd[4784]: adjusting local clock by -0.429573s
Aug  4 03:59:46 nikolai ntpd[4784]: adjusting local clock by -0.312575s
Aug  4 04:03:14 nikolai ntpd[4784]: adjusting local clock by -0.232646s
[root@nikolai karam]#

Criticism

OpenNTPD has been criticized[6] as being less accurate than the NTP daemon produced by the Network Time Protocol Project.[7] While the OpenNTPD project admits the plausibility of this claim, it claims this as a trade-off between microsecond precision and the benefits of simplicity and security OpenNTPD offers.

OpenNTPD has also been criticised for violating the NTP protocol by omitting correct information on the accuracy of transmitted data: OpenNTPD servers claim to be infinitely accurate (earlier versions claimed to be in stratum 1; while this particular issue has been fixed,[8] OpenNTPD 3.9p1 still serves time with a zero dispersion[9]).

Shortly after the release of OpenNTPD 3.6, Brad Knowles wrote an article entitled OpenNTPd Considered Harmful[10] criticizing various aspects of OpenNTPD, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. Darren Tucker, the main developer on the portable branch of OpenNTPD, wrote a detailed response[11] to this article, discussing some of the issues addressed in the OpenNTPD 3.6.1 release and branding some of Knowles comments "quite misleading." Knowles' article also prompted the addition of a section to the OpenBSD networking FAQ[12] explaining and rebutting its claims.

References

  1. OpenNTPD Goals
  2. OpenBSD 3.6 release notes
  3. OpenNTPD 3.6 release announcement
  4. Brauer, Henning. OpenNTPD presentation: Page 3: OpenNTPD – Design Goals, September, 2004. Visited September 16, 2006.
  5. OpenBSD Manual Pages: ntpd.conf(5), May 26, 2006. Visited September 16, 2006.
  6. The OpenBSD Networking FAQ: 6.12.1 – "But OpenNTPD isn't as accurate as the ntp.org daemon!", August 21, 2006. Visited September 16, 2006.
  7. Official web site of the Network Time Protocol Project
  8. http://www.advogato.org/person/dtucker/diary.html?start=52
  9. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436995
  10. Knowles, Brad. OpenNTPd Considered Harmful, 2004.
  11. Tucker, Darren. Response to OpenNTPd Considered Harmful, December 12, 2004. Visited September 16, 2006.
  12. The OpenBSD Networking FAQ: "Someone has claimed that OpenNTPD is 'harmful'!", August 21, 2006. Visited September 16, 2006.

External links

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.