[ntp:questions] Re: Security when using non windows sntp client with Windows SNTP server

Ry malayter at gmail.com
Fri May 5 13:25:49 UTC 2006


The SNTP service on Windows 2000 can drift by as much as a full second
in either direction, making it really unsuitable for anything but loose
synchronization service to other Windows client machines.

The NTP service in Windows Server 2003 SP1 and newer is significantly
better, keeping time to within about 16 ms, but it will only "sign"
timestamps to other Windows 2003 SP1 and newer Windows clients in the
same Active Directory domain.

THe best thing to do is to install the "real" NTP on Windows 2000 and
set up authentication within it and on your Linux client. The Meinberg
installer for NTPd on Windows is easy to use.

A less attractive option would be setting up IPsec in authentication
only mode between the Windows Server and your Linux client. This would
sign (and optionally encrypt) all IP packets between the machines. The
added latency would undoubtedly impair NTP performance, but if you're
relying on time from the Windows 2000 SNTP service, accuracy obviously
isn't very important.




More information about the questions mailing list