From: Jaroslaw Zak (jaroslawz@hotmail.com)
Date: Mon Dec 02 2002 - 13:15:31 GMT-3
Hunt,
My understanding is to configure auth between NTP peers you need to follow
certain steps and some of them can be optional, depending on ntp mode
configured (client or server).
In summary:
- you need to enable ntp authentication (always) - 1 command
- for server you need to configure set of passwords for router to respond
into various requests - 1 command.
- for client you need to configure set of passwords, select which one of
them are trusted (client will authenticate to the server if it responds with
trusted key only) and point which password use towards which server - 3
commands.
I believe idea behind that is: If someone wishes to synchronize with me all
I need is password he recognizes. If I want to synchronize to someone, he
must respond with a key I recognize AND trust.
I admit NTP authentication was explained poorly in books I have read, so
above "theory" is built upon my own observation. That means test yourself
before usage, and any comment are welcome :)).
HTH
Jarek
>From: Hunt Lee <ciscoforme3@yahoo.com.au>
>Reply-To: Hunt Lee <ciscoforme3@yahoo.com.au>
>To: ccielab@groupstudy.com
>Subject: NTP Authenciation
>Date: Tue, 3 Dec 2002 00:38:44 +1100 (EST)
>
>Can anyone please kindly explain to me what is the difference between "ntp
>trusted-key <x>" & "ntp server <y> key <x>"?? I have read TCP / IP Vol 2
>by Jeff
>Doyle over many times (between p.751 to p.755), and I have also checked the
>Command
>Reference on CCO. I understood that both commands are to be used on the
>router
>requesting NTP time sychronization, but as for the difference / functions
>between
>the two, I am still clueless.
>
>If someone can shed some light on this would be greatly appreciated.
>
>Thanks,
>H.
>
>http://www.yahoo.promo.com.au/hint/ - Yahoo! Hint Dropper
>- Avoid getting hideous gifts this Christmas with Yahoo! Hint Dropper!
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:38 GMT-3