From 551541d9c813d4fa3271cb30a36319806ceece4e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Fri, 21 Jun 2013 11:45:44 +0200 Subject: [PATCH] Update example config files more --- examples/chrony.conf.example2 | 9 ++++++++- examples/chrony.keys.example | 23 +++++++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2 index 6e64c03..4c9e40b 100644 --- a/examples/chrony.conf.example2 +++ b/examples/chrony.conf.example2 @@ -18,9 +18,13 @@ rtcsync # if the adjustment is larger than 100 seconds. makestep 100 3 -# Allow client access from local network. +# Allow NTP client access from local network. #allow 192.168/16 +# Listen for commands only on localhost. +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 + # Serve time even if not synchronized to any NTP server. #local stratum 10 @@ -29,6 +33,9 @@ keyfile /etc/chrony.keys # Specify the key used as password for chronyc. commandkey 1 +# Generate command key if missing. +generatecommandkey + # Disable logging of client accesses. noclientlog diff --git a/examples/chrony.keys.example b/examples/chrony.keys.example index d287f3d..1583174 100644 --- a/examples/chrony.keys.example +++ b/examples/chrony.keys.example @@ -9,21 +9,20 @@ # # Copyright 2002 Richard P. Curnow # -####################################################################### -# A valid key line looks like this +###################################################################### -#1 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC +# Examples of valid keys: -# The key should be random for maximum security. If you wanted to use the -# above line as your commandkey (i.e. chronyc password) you would put the -# following line into chrony.conf (remove the # from the start): +#1 ALongAndRandomPassword +#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC +#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C -# commandkey 1 - -# A secure command key can be generated and added to the keyfile automatically -# by adding the following directive to chrony.conf: - -# generatecommandkey +# The keys should be random for maximum security. If you wanted to use a key +# with ID 1 as your commandkey (i.e. chronyc password) you would put +# "commandkey 1" into chrony.conf. If no commandkey is present in the keys +# file and the generatecommandkey directive is specified in chrony.conf, +# a random commandkey will be generated and added to the keys file +# automatically on chronyd start. # You might want to define more keys if you use the authentication facility # in the network time protocol to authenticate request/response packets between