[ntp:questions] Re: autokey restriction

Richard B. Gilbert rgilbert88 at comcast.net
Sat Nov 12 03:07:24 UTC 2005

Kevin Golder wrote:

>I have configured a server and client using autokey w/ the IFF identity
>scheme.  I'm trying to prohibit my server from responding to any client
>that is not using autokey and part of my trusted group.  I have the
>following two "restrict" lines in my ntp.conf file of the server to try
>and do so.
>restrict default ignore
>restrict mask autokey
>my server IP is
>my client IP is
>I thought adding the autokey option to the above restrict line should do
>the trick but the server won't respond to any clients now whether
>they're in the trusted group or not.  Am I going about not responding to
>non-autokey clients correctly?
>questions mailing list
>questions at lists.ntp.isc.org
Authentication is intended to authenticate the server to the client; 
that is the server proves its identity by "signing" the packets it sends 
using the agreed upon encryption key.

If you only want to serve certain clients, you need to discriminate by 
IP address.  Like this:

restrict default noquery   # block all queries
restrict mask   #allow queries from the local 

More information about the questions mailing list