[ntp:questions] Re: NTP server authentication

Steve Kostecke kostecke at ntp.isc.org
Fri May 20 19:26:52 UTC 2005


On 2005-05-20, Vladimir Smotlacha <vs at cesnet.cz> wrote:
> Steve Kostecke wrote:
>
>> This should be:
>>
>> ntp-keygen -e -q server_password -p client_password > output_file
>>
>
> Thank you for the suggestion. I tested this method of password change and it
> works. But it does not solve my problem as it requires to generate the key
> for every particular client password.

You can use something like https://ntp.isc.org/crypto.php to solve this
problem.

> I'd like to arrange authentication for public ntp server without taking care
> for each individual client.

A shared client key with a shared password forces all clients of your
time-server to use the same crypto password.

A shared client key without a password forces all clients of your
time-server to not use any crypto password.

Neither of these choices are good.

The best solution is to export the client keys on the fly using an SSL
web-page (see the URL shown above).

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/



More information about the questions mailing list