[ntp:questions] Secure NTP Server

Richard B. Gilbert rgilbert88 at comcast.net
Mon Apr 23 22:31:06 UTC 2007


R wrote:
> This is probably a stupid question, which would take the experts a
> minute to answer.
> 
> I'm planning to have a NTP daemon-A communicate with another NTP
> deamon-B using authentication/security enabled and I also want other
> NTP daemons (configured as pure clients) to communicate with NTP
> deamon-A. Is this possible? In other words can you mix and match
> authentication and no-authentication?
> 
> Thanks in advance,
> SR.
> 


Yes, it's possible.  Authentication authenticates the server to the 
client.  It's done by cryptographicly "signing" the transmitted packet. 
NTP will work just fine without authentication.  You can use an 
authenticated packet without checking its authenticity if you wish. 
Normally this would happen only in a broadcast or multicast environment 
but you are at liberty to send packets with authentication and ignore it 
on the receiving end.

Authentication is only needed if you must be able to prove where your 
time came from or if you believe that somebody would bother to try to 
spoof a server that you intended to use and give you an incorrect time. 
  Some people REALLY need authentication but most don't.




More information about the questions mailing list