[ntp:questions] NTP MD5

Eric Liu EricLiu at moxrd.com
Mon Sep 12 09:41:06 UTC 2005


Hi all:

Let's look into the source code of NTP package.
It is about file ntp-4.2.0/libntp/a_md5encrypt.c.
The function "MD5authdecrypt" works out different result under subtle conditions.

I am testing authentication with ntp-4.2.0. All configuration files, such as ntp.conf, ntp.key, are all ok. But the server always think the packet from client is not authenticated because function "MD5authdecrypt" always returns 0. One proof is the debug output from ntpd "receive: at 26 192.168.0.120<-192.168.0.47 mode 3 code 2 keyid 0000000a len 48 mac 20 auth 0". Attention, here "auth 0" means unauthenticated.

After 3 days hard work, I still get the same result. I am testing under Redhat Linux7.2. So I decide to use ntpd distributed with the OS. However, surprisingly, the authentication works very well with the old ntpd. Then I reuse ntpd-4.2.0. And I find it becomes to work well. It is because function "MD5authdecrypt" returns 1 indicating the packet from client is authenticated.

I am quite confused with the result. Really very very confused! Probably it is related to principle of MD5. Unfortunately, I know nothing about it.
I wish the coder of this function could see the post and find out what is wrong.

By the way, on page http://ntp.isc.org/bin/view/Main/SoftwareDownloads there is a link to obsolete versions of NTP. However,  neither the deprecated FTP nor the deprecated HTTP are available. Where can I get old version NTP package, such as the version that distributed with Red hat linux 7.2 ? I mean I can compare the source code of the two Ntp packages to find out something.

Thanks
Eric





More information about the questions mailing list