The network time protocol (NTP) is a really smart and useful protocol to synchronize the time of your systems, but even if we are in two-thousand-whatever there are reasons why you need to seek for alternatives...

You may now have some kind of »what the [cussword of your choice]« in mind, but I have just been in an ugly situation. All UDP traffic is dropped and I don't have permissions to adjust the firewall.. And you might have heard about the consequences of time differences between servers. Long story short, there is a good solution to sync the time via TCP, using the Time Protocol and a tool called rdate .

## Time Master

First off all you need another server having a correct time (e.g. NTP sync'ed), which can be reached at port 37. Let's call this server $MASTER . To enable the Time Protocol on $MASTER you have to enable the time service in (x)inetd. For instance to enable the TCP service for a current xinetd you could create a file in /etc/xinetd.d/time with the following contents:

Such a file may already exist, so you just have to change the value of the disable -key to no . Still using inetd? I'm sure you'll find your way to enable the time server on your system :)

## Time Slave

On the client, which is not allowed to use NTP (wtfh!?), you need to install rdate :

Just call the following command to synchronize the time of the client with $MASTER : Since rdate immediately corrects the time of your system you need to be root to run this command. Finally, to readjust the time periodically you might want to install a cronjob. Beeing root call crontab -e to edit root's crontab and append a line like the following: This will synchronize the time of your client with the time of $MASTER every six hours. (Don't forget to substitute \$MASTER using your desired server IP or DNS.)

## Notes

Last but not least I want you to be aware that this workaround just keeps the difference in time between both systems less than 0.5 secs. Beyond all doubt, looking at NTP that's very poor. Nevertheless, 0.5 secs delay is much better than several minutes or even hours!

If it is also not permitted to speak to port 37 you need to tunnel your connections or you have to tell the time server to listen to another, more common port (e.g. 80, 443, or 993), as long as they are not already allocated by other services..