HTTP/HTTPS
W
EB
GUI
–
W
EB
B
ROWSER
C
ONFIGURATION
I
NTERFACE
8029HEPTA-V2/GPS GPS - NTP Time Server with LAN Interface - V08.00
77 / 130
hopf
Elektronik GmbH
Nottebohmstr. 41
• D-58511 Lüdenscheid • Tel.: +49 (0)2351 9386-86 • Fax: +49 (0)2351 9386-93 • Internet: http://www.hopf.com • E-Mail: [email protected]
8.3.3.7.6 Access Control Options
The official documentation concerning the current implementation of the restriction instructions
can be found on the “Access Control Options” page at
Numerous access control options are used. The most important of these are described in detail
here.
nomodify
– "Do not allow this host/sub-network to modify the NTPD settings unless it has the
correct key.“
Default Settings
:
Always active. Can't be modified by the user.
As standard, NTP requires authentication with a symmetric key in order to carry out
modifications with NTPDC. If a symmetric key is not configured for the NTP service, or if this
is kept in a safe place, it is not necessary to use the nomodify option unless the authentication
procedure appears to be unsafe.
noserver
– "Do not transmit time to this host/sub-network."
This option is used if a host/sub-network is only allowed access to the NTP service in order to
monitor or remotely configure the service.
notrust
– "Ignore all NTP packets which are not encrypted.“
This option tells the NTP service that all NTP packets which are not encrypted should be
ignored (it should be noted that this is a change from ntp-4.1.x). The notrust option MUST NOT
be used unless NTP Crypto (e.g. symmetric key or Autokey) has been correctly configured on
both sides of the NTP connection (e.g. NTP service and remote time server, NTP service and
client).
noquery
– "Do not allow this host/sub-network to request the NTP service status."
The ntpd status request function, provided by ntpd/ntpdc, declassifies certain information over
the running ntpd Base System (e.g. operating system version, ntpd version) which under
certain circumstances ought not to be made known to others. It must be decided whether it is
more important to hide this information or to give clients the possibility of seeing
synchronization information over ntpd.
ignore
– "In this case ALL packets are refused, including ntpq and ntpdc requests".
kod
– "A kiss-o'-death (KoD) packet is transmitted if this option is enabled in the case of an
access error." KoD packets are limited. They cannot be transmitted more frequently than once
per second. Any KoD packet which occurs within one second from the last packet is removed.
notrap
– "Denies support for the mode 6 control message trap service in order to equalize
hosts." The trap service is a sub-system of the ntpq control message protocols. This service
logs remote events in programmes.
version
– "Denies packets which do not correspond to the current NTP version."
Changes in data do not take effect immediately after clicking on the
“Apply” symbol. The NTP service MUST also be restarted (see
Chapter
).