Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Solaris Operating System >> Solaris Essentials - General Technical Questions

NTP Authentication Problem

Dear All

I'm solaris user . I need to setup NTP authentication for my office server but I have some question for ntp setting up. I need to know if i set authen NTP the client that doesn't set for authen key can sync time from authen ntp server or not ? when i setup the authen at ntp server why the simple ntp can sync my authen time server ? Below is my config file

ntpserver

(ntp.conf)

server 127.127.1.0 prefer key 4

#fudge 127.127.XType.0 stratum 0

#broadcast 224.0.1.1 key 4 ttl 4

enable auth monitor

driftfile /var/ntp/ntp.drift

statsdir /var/ntp/ntpstats/

filegen peerstats file peerstats type day enable

filegen loopstats file loopstats type day enable

filegen clockstats file clockstats type day enable

keys /etc/inet/ntp.keys

trustedkey 4

#requestkey 0

#controlkey 0

(ntp.keys)

4 M DonTTelL

6 M hElloWorld

22 M ImASecret

ntpclient

(ntp.conf)

#driftfile /var/ntp/drift

server 192.168.109.11 prefer key 4

#multicastclient 224.0.1.1 key 4

keys /etc/inet/ntp.keys

trustedkey 4

(ntp.keys)

4 M DonTTelL

6 M hElloWorld

22 M ImASecret

more information below

this ntpq output of ntp client that set authen key

root@sol9_e250 # ntpq

ntpq> pe

remote refid st t when poll reach delay offset disp

==============================================================================

*sol9_11 LOCAL(0) 4 u 18 64 377 0.81 -8.976 2.09

ntpq> as

ind assID status conf reach auth condition last_event cnt

===========================================================

1 20676 f614 yes yes ok sys.peer reachable 1

And this is ntpq output from ntp client that's not set key authen

sol9_55(root):[/etc/init.d] # ntpq

ntpq> pe

remote refid st t when poll reach delay offset disp

==============================================================================

sol9_11 0.0.0.0 16 - - 64 0 0.00 0.000 16000.0

ntpq> as

ind assID status conf reach auth condition last_event cnt

===========================================================

1 16100 c000 yes no

But all of ntp client can sync time . I don't know why . My opinion it should be sync only ntp client that set key authen , isn't it ?

who has information or recommend please help me .

Thank

Sontas J.

(sorry about my english )

[2523 byte] By [sontas.j@g-able.com] at [2007-11-26 10:52:49]
«« How to run the code generator
»» Application is dropping core when there is an exception
# 1

> Dear All

>

> I'm solaris user . I need to setup NTP authentication

> for my office server but I have some question for ntp

> setting up. I need to know if i set authen NTP the

> client that doesn't set for authen key can sync time

> from authen ntp server or not ? when i setup the

> authen at ntp server why the simple ntp can sync my

> authen time server ? Below is my config file

Yes. You are thinking about authentication backwards.

In NTP, the keys are set up so the client knows it can trust the server, not the other way around. Unless the client has enabled authentication, the server doesn't care about the keys.

Clients don't access anything on the NTP server, so autheticating them to the server has no real purpose. What you don't want is someone pretending to be a trusted server and handing your client the wrong time. Key setup makes that scenario more difficult.

if you don't want a client to access the server, you'll want to set up restriction lists (or firewall them).

--

Darren

Darren_Dunham at 2007-7-7 3:05:44 > top of Java-index,Solaris Operating System,Solaris Essentials - General Technical Questions...
# 2

Thank for your help ,

I confuse about this config 2-3 days but now i'm clear . Can you guide me about restrict at ntp server . If i want only some server can access to my ntp server , how can i setup it.

Please make example to me about how to config restrict , I need to ignore all first and try to permit one by one server same like firewall policy.

Thank for advance

Sontas J.

sontasj@gablecom at 2007-7-7 3:05:44 > top of Java-index,Solaris Operating System,Solaris Essentials - General Technical Questions...
# 3
I've never tried to set up restrictions on NTP.Have you looked at the NTP faq? I believe there's one that's generally available on the web.-- Darren
Darren_Dunham at 2007-7-7 3:05:44 > top of Java-index,Solaris Operating System,Solaris Essentials - General Technical Questions...
Solaris Operating System
Solaris Essentials - General Technical Questions

Solaris Operating System New Topic

Solaris Operating System Hot Topic

Solaris Operating System

All Classified