[ntp:questions] notrust alternative?
Richard B. Gilbert
rgilbert88 at comcast.net
Sun Nov 5 13:52:24 UTC 2006
David L. Mills wrote:
> You may have misunderstood what the enable/disable auth does. It has
> nothing to do with the autentication method or lack of it. If the switch
> is enabled (enable auth), then associations cannot be mobilized unless
> authentication parameters have been configured and the symmetric active
> or broadcast client is correctly authenticated.
I think I'm still missing something! I don't have disable auth nor
enable auth. Therefore it defaults to "enable auth".
Correct so far?
I have an NTP keys file with symmetric keys that I use only to access
the privileged functions of ntpq and ntpdc. I do not authenticate any
server! I am, apparently, able to mobilize associations! But if I
understand you, I should not be able to mobilize associations.
"sunblok" and "sunburn" are two servers on my local network. On
"sunblok" I can say "peer sunburn" and on "sunburn" I can say "peer
sunblok". It works!
Since I am behind a NAT router/firewall on an RFC-1918 private network,
my understanding is that your public key authentication scheme cannot be
used because the IP address of my machine is not the address seen
externally and the IP address of the machine is part of the
More information about the questions