network time default, f23
Miroslav Lichvar
mlichvar at redhat.com
Mon Aug 31 16:09:28 UTC 2015
On Mon, Aug 31, 2015 at 11:02:21AM -0400, Stephen Gallagher wrote:
> On Mon, 2015-08-31 at 09:11 -0400, Stephen Gallagher wrote:
> > I'm looking into this right now. I think what we want to do is to
> > ship
> > with systemd-timesyncd.service enabled by default, but I'm running
> > some tests to figure out if this will cause issues with installing
> > FreeIPA (since it doesn't explicitly know to check for this case and
> > disable it when enabling ntpd).
> >
> > If it works cleanly, we should probably turn this on in our presets.
>
> Good news! It turns out that ipa-server-install does indeed stop-and-
> disable systemd-timesyncd. So I'm going to just go ahead and submit a
> pull-request to get that enabled in Fedora Server.
I'm not sure if enabling timesyncd is a good idea. It's just an SNTP
client and not a particularly good one. There would likely be a
regression in the timekeeping reliability, performance and there would
possibly be even some security implications as a client willing to
step the clock at any time is apparently useful in some MITM attacks.
Also, it's not integrated with NetworkManager, so it doesn't know
about servers from DHCP.
Why not install chrony as before? To save disk space? I may be biased,
but I think it's currently by far the best NTP client there is.
--
Miroslav Lichvar
More information about the server
mailing list