From: Bert Kellerman (bertke@xxxxxxxxxxx)
Date: Sat Sep 30 2000 - 19:27:28 GMT-3
Mark,
That definitely helped! I think the main concept to grasp here is the
client is the one vulnerable to attack and therefore should require a
password from the server. With the terminology of server and client,
you automatically think that the server will be authenticating the
client, but with ntp it is the exact opposite. When you specify 'ntp
server x.x.x.x' your client will adjust it's time without receiving a
password, which is dangerous. Correct me if I am wrong but I think I
understand now.
Thanks,
-- Bert (RTP on 11/29)Mark Lewis wrote: > > Hi, > > ntp authentication allows a ntp SERVER some security when it gets its clock > from the MASTER. Now of course you configure the ip address of the master to > get the clock from using the 'ntp server xxx' command. > > If you don't configure security on the server, it means that as long as the > ip address of the clock source (MASTER) conforms to the address supplied in > the above command, it will take the clock from the source. > That's a bit dangerous - another box could be pretending to be the real > master and supply an erronous clock. > > If you configure authentication on the SERVER, it means that the clock > source (MASTER) must now supply a password (well, md5 hash). The server can > now check the varacity of the clock source - it won't be fooled.... > > The upshot is that authentication is only effective if you configure it on > the server (as well as the master of course). If it's just on the master, > then it is ineffective. > > Did that help?!? > > Mark > > >From: "Feliz, Edgar" <Edgar.Feliz@BTNA.com> > >Reply-To: "Feliz, Edgar" <Edgar.Feliz@BTNA.com> > >To: micklegao@netease.com, ccielab@groupstudy.com > >Subject: RE: ntp auth > >Date: Sat, 30 Sep 2000 15:28:47 -0400 > > > >I do not believe that authentication is taking place if you do not have the > >key configured. > > > >EF > > > >-----Original Message----- > >From: micklegao@netease.com [mailto:micklegao@netease.com] > >Sent: Friday, September 29, 2000 9:53 PM > >To: ccielab@groupstudy.com > >Subject: ntp auth > > > > > >hi, > > > > i config ntp , and find that: > > if i use auth, use the command: ntp server x.x.x.x (without key x), > >it > >will sync with the master, though the two routers key are not the same. > > > > if use auth, use : ntp server x.x.x.x key x , if the key is not > >the > >same, the two routers will not syn. > > > > > > why??? > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:10 GMT-3