The root cause of this problem is that 10.4 systems have an annoying tendency to lose synchronization with an NTP timesource (NTP being the typical protocol used by network time servers). This is a problem Apple has acknowledged, and has a service article on with an official remedy (essentially, to put iburst into /etc/ntp.conf). Unfortunately, this approach isn't a complete solution: while it does reduce initial negotiation time, systems like mine (and the user's) with long uptimes without sleep or shutdown will still eventually go out of sync.
UPDATE: There is apparently some argument over whether this was really fixed in 10.5. The good news is that the approach below should work for any version of Mac OS X with ntp.
As the Apple article points out, the first and easiest way to reestablish the connection is either by rebooting, or unchecking and then re-checking the time server checkbox in System Preferences. If your system is powered on and off regularly you may not have a need even to do this much, though you may want to make the iburst change to make any time change occur more quickly when your computer restarts. Similarly, if your computer is only intermittently connected to a network, you'll be reestablishing the connection periodically anyway. My iBook G4 falls into this category, so I left it alone.
On the other hand, my quad G5 and my Sawtooth G4 file server are always running and always connected to a network, and I have a local NTP timesource they should be syncing to. For these systems, I actually turned off syncing to a timeserver in System Preferences. Instead, in Terminal.app, I sudo tcsh and crontab -e. This opens a root shell (which sudo should ask you for a password for, right?) and edits the regularly scheduled cron task table. To the bottom of this file, add
2 * * * * /usr/sbin/ntpdate -s time.apple.com
Save the file in your editor (crontab should confirm that you changed root's cron job table). Every hour, at two minutes past the hour, this line will query the Apple time server and force your computer's clock to immediately sync to it. If you use a local timesource, substitute its hostname for time.apple.com. You might want to immediately ntpdate -s time.apple.com after editing the crontab to make the clock immediately correct.
Because it uses a "manual" method, this approach doesn't require a constantly open socket to the timeserver and makes changes instantaneous to boot. Checking even less frequently than hourly will probably work too, but you can experiment with that yourself.
Properly maintaining your computer's clock is a necessary component of security because SSL certificates and access tokens and credentials are always timelimited. Worse than having a clock set such that certificates appear expired is to have your clock set such that bogus expired and possibly previously exploited credentials appear valid. Make sure that Tiger time is the right time.
The G5 service article is next.
0 Comments