From: Jaeheon Yoo (kghost@xxxxxxxxxxxx)
Date: Sat Feb 09 2002 - 02:19:03 GMT-3
I think Jeff(actually, Jennifer for this part) is right.
What is important is the viewpoint.
In general, we are likely to think that those who get information must get admi
ssion from(or authenticated by) those who give information. Generally speaking,
this may be right.
But in NTP, who must get authenticated is NOT those who get time information an
d synchronize his time to it, BUT those who provide a time source.
As you know, correct time source is very important for the stable network opera
tion, so client has a right to choose a legitimate and trusted time source. Thi
s is why trusted-key is configured on client side.
In NTP, a client is like a very rich customer in business. What if any ill wish
ers would have no difficulty in changing my stably running time!
This is from Jeff, vol2, p.753
< Seattle - Server>
ntp authenticate
ntp authentication-key 10 md5 ntpkey
<Tacoma - Client>
ntp authenticate
ntp authentication-key 10 md5 ntpkey
ntp trusted-key 10
ntp server seattle key 10
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/
fcfprt3/fcf012.htm#xtocid9
Jaeheon.
----- Original Message -----
From: "tang bing" <tang_bing@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, February 09, 2002 1:03 PM
Subject: Solie has NTP trusted-key on server side , but Jeff has none , why ?
>
> Jeff vol2 says no need trusted-key on server side .
> but solie and all-in-one have it on server side ?
> who is right ?
>
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:16 GMT-3