Hi, at work we run a number of RedHat servers (version 5.x I think) but I think this is a more generic question.

The maintainers of our system wanted to make a change which removes the "-g" from the ntpd startup script. Removing "-g" forces ntpd to use the default "panic threshold" of 1000s rather than allowing any old time difference to be made.


This is not really something that bothers me but out of curiosity...why allow a time difference of such a huge amount? I can understand that there may be a time difference at startup or if someone manually changes the time. But the impression I got was that the time could change quite dramatically if, for example, our ntp server sent the wrong time.

I am curious if anyone could explain the rationale behind this threshold and when it would be used

Cheers

I am not sure why the default threshold is set at 1000s. The value can be changed or even disabled in the ntp.conf.

-g only removes the panic threshold when ntp first starts. Originally this option was not available so instead the startup script called ntpdate first to force time to be set to any value before ntp started.

One of the benefits to ntp is that time is only increments in small amounts. Once ntp is running if there is a large time offset it assumes something must be wrong and so quits.

One of the reasons for having a pool of servers is to keep time from breaking if a single server goes astray. ntp will switch servers or use its local clock (fudge) if so configured.

I do not see any real benefit from removing the -g option.

Hi Michael, the explanation provided internally was something like "crisis management". If the NTP server goes crazy and spits out a time hours/days different to the current time, then the -g option will accept this time.

At least if -g is removed then the hit will be limited to 1000s.