[ntp:questions] Secure NTP Server
Steve Kostecke
kostecke at ntp.isc.org
Mon Apr 23 20:36:26 UTC 2007
On 2007-04-23, R <srvedire at yahoo.com> wrote:
> This is probably a stupid question, which would take the experts a
> minute to answer.
>
> I'm planning to have a NTP daemon-A communicate with another NTP
> deamon-B using authentication/security enabled
NTP Authentication (e.g. AutoKey + an identity scheme) authenticates
the server to the client. NTP Authentication does not encrypt the
communication between the server and the client. NTP Authentication is
not intended to be a form of access control.
> and I also want other NTP daemons (configured as pure clients) to
> communicate with NTP deamon-A. Is this possible? In other words can
> you mix and match authentication and no-authentication?
Yes. The systems that need authenticated time service have to be
configured to require it. For example, in the daemon-B ntp.conf you
would specify:
# Poll daemon-A and use autokey:
server daemon-A iburst autokey
# Require authenticated packets from daemon-A:
restrict daemon-A notrust
There is more information about setting up AutoKey at
http://ntp.isc.org/Support/ConfiguringAutokey.
--
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
More information about the questions
mailing list