[ntp:questions] Re: ntpd as broadcastclient - not working?

Steve Kostecke kostecke at ntp.isc.org
Wed Oct 6 23:30:34 UTC 2004

On 2004-10-06, W. D. <NewsGroups at US-Webmasters.com> wrote:

> Steve Kostecke wrote:
>> On 2004-10-06, W. D. <NewsGroups at US-Webmasters.com> wrote:
>> > At 01:52 8/29/2004, Harlan Stenn, wrote:
>> >
>> >>It's pretty easy to set up authentication.
>> >
>> > Do you know of a short, step-by-step, HowTo for this?
>> http://ntp.isc.org/Support/ConfiguringAutokey
> Thanks a bunch for this link. I am looking at a bunch of stuff up one
> directory: http://ntp.isc.org/bin/view/Support/

That's the http://ntp.isc.org/bin/view/Support/WebHome page. It's the index for
the Support Web. You need to be looking at

> However, I am lost concerning configuring authentication for
> 'broadcastclient'.

Autokey requires configuration on both the server and the client.

The first thing to do is choose which Autokey Identity Scheme you wish
to use. I suggest that you use IFF.

Follow the steps shown at
to configure your broadcast server to use Autokey. The instructions for
enabling Broadcast Autokey are shown at

> For each client, the ntp.conf only consists of:
> driftfile /etc/ntp.drif
> broadcastclient

Follow the steps shown at
to configure one of your client systems for Autokey. Once you have one
client working you can easily replicate the client configuration to
other systems.

> On the 'ConfiguringAutokey' page, I don't see any reference to
> 'broadcastclient'

In broadcast mode you enable Autokey in the server conf file as
explained at

> and there are lots changes to lines that don't exist in my ntp.conf
> files.

Lots of changes? You only have to add TWO lines to your ntp.conf files
to set-up Autokey and modify one line in our broadcast server ntp.conf
file to use Autokey for your broadcast associations. 

> How do my clients make use of authentication?

If you properly configure Autokey on your broadcast server and your
broadcast clients it will just work.

> Also, is authentication really necessary on a local area network (LAN)
> that is hidden beyond a firewall, and users can be trusted?

If you don't use authentication one of your "trusted users" could bring
up a rogue broadcast server on your LAN.

> Another complication is that I have Windows computers that run K9.
> (http://www.kaska.demon.co.uk/k9.htm) As far as I know, K9 doesn't
> know how to authenticate. Would it still be able to set time properly
> if broadcast signals are being sent from an 'authenticated' NTP
> server?


>> And feel free to stop by #ntp on irc.freenode.net if you have
>> questions.
> Thanks for the offer! Unfortunately, I don't have IRC setup.

There is nothing to set-up beyond installing an IRC client.

> Also, with the newsgroups, others can benefit from reading these
> archives.

IRC allows you to engage in a real-time discussion. Usenet does not.

Steve Kostecke <kostecke at ntp.isc.org>

More information about the questions mailing list