[ntp:questions] How can I mix authenticated and not authenticated clients in an ntp network?

Martin Burnicki martin.burnicki at meinberg.de
Tue Nov 20 16:16:32 UTC 2018

giovanni.razzetta at gmail.com wrote:
> Hello,
> I would like to configure ntpd as a server providing time.
>  I want to use symmetric key authentication.
>  In my network I have ntp clients configured for authentication and client configured with no authentication.
> How do I configure my ntpd server to supply time to both type of clients?
> Does ntpd as a time server respond to requests with authentication with authenticated packets and to requests without authentication without appending the hash?
> Thank you in advance for clarification

There's nothing special to do.

ntpd's approach of authentication in client/server packet exchange is to
let the client be able to verify that a reply it receives has indeed
been sent by the expected server, and not by some node that pretends to
be the server.

So if the ntpd server instance receives a client request with a
signature appended, it verifies the signature and send a signed packet
back to the client.

If it receives a request packet without signature then it simply sends a
response without signature.

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list