[ntp:questions] Re: Cannot synchronize to server with local clock

David L. Mills mills at udel.edu
Fri Jul 22 03:08:48 UTC 2005


Steve,

Let me rephrase. The notrust bit former behavior was to discard all 
packets; the current behavior is to discard all but correctly 
authenticated packets. This applies to both symmetric key and public key 
cryptography.

Dave

Steve Kostecke wrote:

> Tim said:
> 
> 
>>---------- server configuration file (minus default comments) -----------=
> 
> 
> <snip>
> 
>># the following line added by me:
>>restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> 
> 
> What version of NTP are you using on the server?
> 
> The behavior of notrust changed between versions 4.1 and 4.2.
> 
> * In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for
> time".
> 
> * In 4.2 (and later) notrust means "Ignore all NTP packets that are
> not cryptographically authenticated." This forces remote time servers
> to authenticate themselves to your (client) ntpd. And it will cause
> servers to discard unauthenticated NTP packets from clients. See
> http://ntp.isc.org/Support/ConfiguringAutokey for information about
> configuring NTP Authentication.
> 




More information about the questions mailing list