[ntp:questions] Re: autokey restriction

Richard B. Gilbert rgilbert88 at comcast.net
Sat Nov 12 03:07:24 UTC 2005


Kevin Golder wrote:

>I have configured a server and client using autokey w/ the IFF identity
>scheme.  I'm trying to prohibit my server from responding to any client
>that is not using autokey and part of my trusted group.  I have the
>following two "restrict" lines in my ntp.conf file of the server to try
>and do so.
> 
>restrict default ignore
>restrict 10.10.0.0 mask 255.255.0.0 autokey
> 
>my server IP is 10.10.128.2
>my client IP is 10.10.11.100
>I thought adding the autokey option to the above restrict line should do
>the trick but the server won't respond to any clients now whether
>they're in the trusted group or not.  Am I going about not responding to
>non-autokey clients correctly?
>
>Thanks,
>Kevin
>_______________________________________________
>questions mailing list
>questions at lists.ntp.isc.org
>https://lists.ntp.isc.org/mailman/listinfo/questions
>
>  
>
Authentication is intended to authenticate the server to the client; 
that is the server proves its identity by "signing" the packets it sends 
using the agreed upon encryption key.

If you only want to serve certain clients, you need to discriminate by 
IP address.  Like this:

restrict default noquery   # block all queries
restrict 192.168.1.0 mask  255.255.255.0   #allow queries from the local 
network.




More information about the questions mailing list