RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.7 SP1
Platform: SUSE Linux
O/S Version: Enterprise Server 15 Service Pack 3

With the implementation of Authentication Manager 8.7 SP1 and the upgrade to SUSE Linux Enterprise Server 15 Service Pack 3, a new implementation of Network Time Protocol (NTP) called chronyd has been introduced.

NTP is a mechanism to synchronizes system time over a network.

Prior to applying 8.7 SP1, RSA Authentication Manager retained system time over the networking using the NTP daemon (ntpd). Since 8.7 SP1 has a new operating system, SUSE Linux Enterprise Server 15 Service Pack 3, it introduces a new NTP package called chronyd. This article explains its configuration and how to use chronyd.

The configuration details are stored in the /etc/chrony.conf file. The NTP server should listed at the bottom of the file. For example,

server 192.168.26.100 iburst maxpoll 16

• Run the following command to check the status of chronyd: 

systemctl status chronyd

• Run the following command  to start, stop or restart the chronyd service:

systemctl [start|stop|restart] chronyd

Examples are shown here: 

am872-1:~ # systemctl restart chronyd
am872-1:~ # systemctl status chronyd
 chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2024-11-12 14:50:51 AEDT; 4s ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
    Process: 23594 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
    Process: 23597 ExecStartPost=/usr/lib/chrony/helper update-daemon (code=exited, status=0/SUCCESS)
   Main PID: 23596 (chronyd)
      Tasks: 1
     CGroup: /system.slice/chronyd.service
             └─23596 /usr/sbin/chronyd -u chrony -4 -r -s

Nov 12 14:50:51 am872-1 systemd[1]: Starting NTP client/server...
Nov 12 14:50:51 am872-1 chronyd[23596]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Nov 12 14:50:51 am872-1 chronyd[23596]: Frequency -4.324 +/- 3.402 ppm read from /var/lib/chrony/drift
Nov 12 14:50:51 am872-1 systemd[1]: Started NTP client/server.

• Query the time source:

chronyc -n sources -a

Sample output:

MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.26.100               15   6   377    49    +24us[  +72us] +/-   44ms

• Query the time source with verbose output:

chronyc -n sources -v

Sample output shown below:

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.26.100               15   6   377    54    +24us[  +72us] +/-   44ms

• Get NTP tracking details: 

chronyc -n tracking

Sample output:

Reference ID    : C0A81A64 (192.168.26.100)
Stratum         : 16
Ref time (UTC)  : Tue Nov 12 04:27:34 2024
System time     : 0.000007313 seconds fast of NTP time
Last offset     : +0.000011952 seconds
RMS offset      : 0.000042482 seconds
Frequency       : 2.760 ppm fast
Residual freq   : +0.036 ppm
Skew            : 0.571 ppm
Root delay      : 0.002121413 seconds
Root dispersion : 0.039128434 seconds
Update interval : 64.7 seconds
Leap status     : Normal