[ntp:questions] Re: Cannot synchronize to server with local clock
David L. Mills
mills at udel.edu
Fri Jul 22 03:08:48 UTC 2005
Steve,
Let me rephrase. The notrust bit former behavior was to discard all
packets; the current behavior is to discard all but correctly
authenticated packets. This applies to both symmetric key and public key
cryptography.
Dave
Steve Kostecke wrote:
> Tim said:
>
>
>>---------- server configuration file (minus default comments) -----------=
>
>
> <snip>
>
>># the following line added by me:
>>restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
>
>
> What version of NTP are you using on the server?
>
> The behavior of notrust changed between versions 4.1 and 4.2.
>
> * In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for
> time".
>
> * In 4.2 (and later) notrust means "Ignore all NTP packets that are
> not cryptographically authenticated." This forces remote time servers
> to authenticate themselves to your (client) ntpd. And it will cause
> servers to discard unauthenticated NTP packets from clients. See
> http://ntp.isc.org/Support/ConfiguringAutokey for information about
> configuring NTP Authentication.
>
More information about the questions
mailing list