[ntp:questions] why does my unauthenticated peer still sync?

mlawdawg at yahoo.com mlawdawg at yahoo.com
Tue Mar 7 22:03:26 UTC 2006

I'm a developer porting NTP to vxWorks. I'm running NTP 4.2.0. I'm
seeing my unauthenticated peer (Host B) sync as a symmetric active peer
with Host A when I thought authentication failures would prevent it.

In my setup, Host A requires authentication (ie. sys_authenticate is
set to 1). Host A has no configuration for host B (ie. host A will
become symmetric passive with host B). Host B is configured to peer
with Host A (ie. host B will become symmetric active with host A). Host
B is configured to NOT use authentication (no key id specified).

Each packet sent by Host B results in Host A executing the "bad auth"
line in the code snippet below from ntp_proto.c's receive() rtn.
According to cmts, the code should send a "crypto-NAK".


		 * This is the first packet received from a symmetric
		 * active peer. First, make sure it is authentic and not
		 * restricted. If so, mobilize a passive association.
		 * If authentication fails send a crypto-NAK; otherwise,
		 * kiss the frog.
		if (restrict_mask & RES_DONTTRUST) {
		        return;			/* no trust */
		if (sys_authenticate && !is_authentic) {
THIS LINE ==========> fast_xmit(rbufp, MODE_PASSIVE, 0,
		        return;			/* bad auth */
		if ((peer = newpeer(&rbufp->recv_srcadr, rbufp->dstadr,
		    MODE_PASSIVE, PKT_VERSION(pkt->li_vn_mode),
		    skeyid)) == NULL)
			return;			/* system error */


I thought the "crypto-NAK" would result in Host B never sync'ing with
Host A. However, after 9 to 10 polls, Host B syncs with Host A.

Taking a look at fast_xmit(), I'm wondering if crypto-NAK's are really
being sent. My restrict_maks will NOT have either RES_DONTTRUST or
RES_LIMITED set, so fast_xmit() will create a non-authenticated (Host
A's pkt wasn't authenticated) response and send it.

Tx for any help you can provide.


More information about the questions mailing list