The network time protocol (NTP) is a really smart and useful protocol to synchronize the time of your systems, but even if we are in two-thousand-whatever there are reasons why you need to seek for alternatives...

You may now have some kind of »what the [cussword of your choice]« in mind, but I have just been in an ugly situation. All UDP traffic is dropped and I don't have permissions to adjust the firewall.. And you might have heard about the consequences of time differences between servers. Long story short, there is a good solution to sync the time via TCP, using the Time Protocol and a tool called `rdate` .

Time Master

First off all you need another server having a correct time (e.g. NTP sync'ed), which can be reached at port 37. Let's call this server `$MASTER` . To enable the Time Protocol on `$MASTER` you have to enable the time service in (x)inetd. For instance to enable the TCP service for a current `xinetd` you could create a file in `/etc/xinetd.d/time` with the following contents:

service time 
    disable     = no 
    type        = INTERNAL
    id          = time-stream
    socket_type = stream
    protocol    = tcp
    user        = root 
    wait        = no 

Such a file may already exist, so you just have to change the value of the `disable` -key to `no` . Still using inetd? I'm sure you'll find your way to enable the time server on your system :)

Time Slave

On the client, which is not allowed to use NTP (wtfh!?), you need to install `rdate` :

aptitude install rdate

Just call the following command to synchronize the time of the client with `$MASTER` :

rdate $MASTER

Since `rdate` immediately corrects the time of your system you need to be root to run this command.

Finally, to readjust the time periodically you might want to install a cronjob. Beeing root call `crontab -e` to edit root's crontab and append a line like the following:

# m     h       dom     mon     dow     command
0       */6     *       *       *       [ -x /usr/bin/rdate ] && /usr/bin/rdate $MASTER >> /dev/null

This will synchronize the time of your client with the time of `$MASTER` every six hours. (Don't forget to substitute `$MASTER` using your desired server IP or DNS.)


Last but not least I want you to be aware that this workaround just keeps the difference in time between both systems less than 0.5 secs. Beyond all doubt, looking at NTP that's very poor. Nevertheless, 0.5 secs delay is much better than several minutes or even hours!

If it is also not permitted to speak to port 37 you need to tunnel your connections or you have to tell the time server to listen to another, more common port (e.g. 80, 443, or 993), as long as they are not already allocated by other services..

Martin Scharm

stuff. just for the records.

Post a comment

read more about submitting comments