d237b6cb3b
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities CVE-2015-1798 "When ntpd is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not if there actually is any MAC included." CVE-2015-1799 "An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn't match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won't be able to synchronize to each other."
$OpenBSD: README,v 1.5 2012/04/22 11:41:55 ajacoutot Exp $
+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
Several steps need to be taken to properly configure the NTP daemon.
1. First, create or update the file ${SYSCONFDIR}/ntp.conf. Several
example configuration files can be found here:
${PREFIX}/share/examples/ntp
2. Now xntpd can be started with:
${RCDIR}/xntpd start
Or to start 'xntpd' at every boot, add it to pkg_scripts in
/etc/rc.conf.local.