[ntp:questions] (Software) timeserver for windows being broadcast-able incl. keys

Richard B. gilbert rgilbert88 at comcast.net
Sun Feb 25 15:46:22 UTC 2007


Erik wrote:
> Hi Danny
> 
> thanks for your input
> 
> 
>>>I am looking for a (software) time servers (to run on Win2000) that
>>>can send out broadcast messages together with (three) security keys
>>>(for authoring)
>>
>>Well ntpd works on Windows though I'm not entirely sure what you mean by
>>3 security keys or authoring. ntpd supports the autokey protocol details
>>of which you can find in the documentation area of the website:http://www.ntp.org/
> 
> 
> what I mean is that the clients expect three keys in the broadcast
> message to be sent along
> These keys are defined in  /etc/ntp/keys
> For example
> 1     M       <key1>
> 2     M       <key2>
> 15   M       <key15>
> else they will refuse to see the broadcast as one that can be trusted
> and will not correct the time
> This means that the prog sending out these broadcasts will have to
> send along these keys

Ntpd uses only ONE of those keys at a time.  ISTR that the client 
specifies the key to be used on the "server" statement.  You are not, of 
course, limited to three keys; a server might have a different set of 
keys for every client.  (Unwieldy but possible.)  In a broadcast or 
multicast subnet, everybody would have to use the same key.

These keys are generally NOT used over the internet!  A different keying 
scheme is used to authenticate server to client.  It works something 
like this: you ask the server for its "public" key but the server signs 
it's packets with its "private" key.  Your client, using the public key, 
can determine that the packet was signed by a server holding the private 
key.

Ntpd supports both these keying schemes.  The private-public key scheme 
is used by public servers whose clients need to be able to prove that 
they are synchronized to a source traceable to NIST or some other 
"national standards laboratory".  Keys can, of course, be used within a 
corporate or private network.




More information about the questions mailing list