[Samba] Chrony (tested on Debian9/ubuntu 18.04)
L.P.H. van Belle
belle at bazuin.nl
Mon Jun 4 14:29:38 UTC 2018
> Yours looks very similar to mine and I agree that ntp on one
> and chrony
> on the other seems to work ok.
> It just seems that you don't have the fine security control that ntp
> does, unless I haven't found the right documentation yet ;-)
Yes, the security control for example is the the allow/deny part.
Chrony and ntp are processing the configs from top to bottem, so you can overrule other defaults if needed.
In the mean time i've lookup some things, some random comment you can find on the internet.
- Chrony also seems to work way better than ntpd in VMs (for some reason).
- Chrony supports KVM's paravirtualized PTP clock, which gives pretty good accuracy.
- he most obvious reasons chrony is more secure is its apparent simplicity, compared to the
legacy mess that is ntpd riddled with ancient landmines and old coding standards.
It is one of the reasons they mention security reasons to using chrony in the RHEL7 documentation:
^^ A must read ^^ shows some nice things there.
And the already know link:
Resume, a snap of the important parts.
Chrony is more secury, but does not broadcast to clients and has better VM support.
Ntp supports clustering, chrony not, but is well known.
Both work. ;-) if you check you OS for the chrony version before installing.
I suggest, choose what you want.
If you need clustering you must use ntp.
If you need broadcasting to clients, you must use ntp.
Anything other, you choose. Both work.
More information about the samba