[ntp:questions] Trouble creating symmetric connection

Henning Makholm henning at makholm.net
Wed Mar 7 22:37:54 UTC 2007


Scripsit mills at udel.edu

> 'M' stands for MD5;

Of course. Typo on my part.

> the DES crypto code is no longer in the distribution.

Whoops. I worked from the NTP FAQ which uses DES keys freely in
section 6.2.2, and only mentions the absence of DES as an aside
in 6.1.3.3 (which is not even where one would expect to find
important caveats like that).

> Think of peer (symmetric mode) as each machine functioning
> simultaneously as a client and a server for the other machine. Time
> flows from the machine at the lower stratum to the other
> machine.

I gathered at much from the docmentation, but it was not clear to me
that it only works as described when the communication is
authentified. On reflection I can see that it does make excellent
sense to require authentification here, but it would have helped me
if, say, the description of the 'nopeers' restriction keyword and/or
the "peer" configuration command had included a short caveat that the
association will only really be bidirectional if authentified (or if
the auth flag is off).

> Usually, both peers are clients of different lower stratum
> servers and usually operate at the same stratum, so time doesn't flow
> between them.

Hmm, yes. Is there a way to specify that time should flow in the
direction of larger synchronization distance, even at the possible
expense of one of the servers operating on a higher stratum?
Or is that a situation that is just expected not to happen?

-- 
Henning Makholm                             "... and that Greek, Thucydides"




More information about the questions mailing list