[ntp:questions] Re: ntpd as broadcastclient - not working?

Steve Kostecke kostecke at ntp.isc.org
Wed Oct 6 23:30:34 UTC 2004


On 2004-10-06, W. D. <NewsGroups at US-Webmasters.com> wrote:

> Steve Kostecke wrote:
>
>> On 2004-10-06, W. D. <NewsGroups at US-Webmasters.com> wrote:
>>
>> > At 01:52 8/29/2004, Harlan Stenn, wrote:
>> >
>> >>It's pretty easy to set up authentication.
>> >
>> > Do you know of a short, step-by-step, HowTo for this?
>>
>> http://ntp.isc.org/Support/ConfiguringAutokey
>
> Thanks a bunch for this link. I am looking at a bunch of stuff up one
> directory: http://ntp.isc.org/bin/view/Support/

That's the http://ntp.isc.org/bin/view/Support/WebHome page. It's the index for
the Support Web. You need to be looking at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey

> However, I am lost concerning configuring authentication for
> 'broadcastclient'.

Autokey requires configuration on both the server and the client.

The first thing to do is choose which Autokey Identity Scheme you wish
to use. I suggest that you use IFF.

Follow the steps shown at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey#Section_5.6.1.
to configure your broadcast server to use Autokey. The instructions for
enabling Broadcast Autokey are shown at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey#Section_5.6.1.2.1.

> For each client, the ntp.conf only consists of:
>
> driftfile /etc/ntp.drif
> broadcastclient

Follow the steps shown at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey#Section_5.6.2.
to configure one of your client systems for Autokey. Once you have one
client working you can easily replicate the client configuration to
other systems.

> On the 'ConfiguringAutokey' page, I don't see any reference to
> 'broadcastclient'

In broadcast mode you enable Autokey in the server conf file as
explained at
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey#Section_5.6.1.2.1.

> and there are lots changes to lines that don't exist in my ntp.conf
> files.

Lots of changes? You only have to add TWO lines to your ntp.conf files
to set-up Autokey and modify one line in our broadcast server ntp.conf
file to use Autokey for your broadcast associations. 

> How do my clients make use of authentication?

If you properly configure Autokey on your broadcast server and your
broadcast clients it will just work.

> Also, is authentication really necessary on a local area network (LAN)
> that is hidden beyond a firewall, and users can be trusted?

If you don't use authentication one of your "trusted users" could bring
up a rogue broadcast server on your LAN.

> Another complication is that I have Windows computers that run K9.
> (http://www.kaska.demon.co.uk/k9.htm) As far as I know, K9 doesn't
> know how to authenticate. Would it still be able to set time properly
> if broadcast signals are being sent from an 'authenticated' NTP
> server?

No.

>> And feel free to stop by #ntp on irc.freenode.net if you have
>> questions.
>
> Thanks for the offer! Unfortunately, I don't have IRC setup.

There is nothing to set-up beyond installing an IRC client.

> Also, with the newsgroups, others can benefit from reading these
> archives.

IRC allows you to engage in a real-time discussion. Usenet does not.

-- 
Steve Kostecke <kostecke at ntp.isc.org>



More information about the questions mailing list