[ntp:questions] W32time - encrypted request to NTP server?

Ryan Malayter malayter at gmail.com
Thu Mar 20 18:55:50 UTC 2008


On Mar 20, 8:41 am, "BertieBigBol... at gmail.com"
<BertieBigBol... at gmail.com> wrote:
> Is this supported or possible in Windows 2000?
>
> I've managed to edit the registry to point at my local NTP server and
> this works fine. The NTP host supports MD5 authentication and,
> ideally, I'd like the Windows 2000 client to use this when requesting
> from the NTP server.

It doesn't seem to be supported. XP and newer Windows systems that
speak NTP to each other through w32time use Kerberos session keys to
do symmetric-key authentication of NTP packets. This is roughly the
same as using symmetric-key MD5 authentication in ntpd, but the keys
have already been exchanged through Windows Active Directory
credentials, so no further configuration is required.

However, there does not seem to be a way to get authenticated time
from an ntpd server into w32time unless a lower-layer protocol like
IPsec is used to wrap the NTP traffic.

See "NTP Security" section in  the reference documentation from
MIcrosoft:
http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

To get what you want on Windows 2000, I would install the Windows
version of ntpd from Meinberg, and use their Time Server Monitor
program to manage and congfigure it:
http://www.meinberg.de/english/sw/ntp.htm

---
RM




More information about the questions mailing list