From: Mark Lewis (markl11@xxxxxxxxxxx)
Date: Sat Sep 30 2000 - 18:10:45 GMT-3
Hi,
ntp authentication allows a ntp SERVER some security when it gets its clock
from the MASTER. Now of course you configure the ip address of the master to
get the clock from using the 'ntp server xxx' command.
If you don't configure security on the server, it means that as long as the
ip address of the clock source (MASTER) conforms to the address supplied in
the above command, it will take the clock from the source.
That's a bit dangerous - another box could be pretending to be the real
master and supply an erronous clock.
If you configure authentication on the SERVER, it means that the clock
source (MASTER) must now supply a password (well, md5 hash). The server can
now check the varacity of the clock source - it won't be fooled....
The upshot is that authentication is only effective if you configure it on
the server (as well as the master of course). If it's just on the master,
then it is ineffective.
Did that help?!?
Mark
>From: "Feliz, Edgar" <Edgar.Feliz@BTNA.com>
>Reply-To: "Feliz, Edgar" <Edgar.Feliz@BTNA.com>
>To: micklegao@netease.com, ccielab@groupstudy.com
>Subject: RE: ntp auth
>Date: Sat, 30 Sep 2000 15:28:47 -0400
>
>I do not believe that authentication is taking place if you do not have the
>key configured.
>
>EF
>
>-----Original Message-----
>From: micklegao@netease.com [mailto:micklegao@netease.com]
>Sent: Friday, September 29, 2000 9:53 PM
>To: ccielab@groupstudy.com
>Subject: ntp auth
>
>
>hi,
>
> i config ntp , and find that:
> if i use auth, use the command: ntp server x.x.x.x (without key x),
>it
>will sync with the master, though the two routers key are not the same.
>
> if use auth, use : ntp server x.x.x.x key x , if the key is not
>the
>same, the two routers will not syn.
>
>
> why???
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:10 GMT-3