NTP Authentication

From: Ben Holko (ben.holko@datacom.com.au)
Date: Fri Jan 05 2007 - 22:05:48 ART

• Next message: Noel Debouver III: "Logging to NVRAM or to FLASH"
• Previous message: Bill.McKenzie@bisys.com: "Re: CCIE cert - cost cuttiuing? :-)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Have read the excellent whitepaper on NTP authentication on internetworkexpert.com, and it all make sense to me, but i have seen problems where you have multiple NTP servers configured on a client, and you only want to authenticate 1 of the servers.
 
something like this:
 
ntp authenticate
ntp authentication-key 1 md5 cisco
ntp trusted-key 1
ntp server 1.1.1.1 key 1
ntp server 2.2.2.2
 
from what I have done in the lab, it appears that the server 2.2.2.2 will not sync when the line "ntp trusted-key 1" or "ntp authenticate" is in place.
 
From the doc CD:
ntp authenticate

Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key global configuration command.

Based of the above statement, logic tells me that if you need authentication, then you have to use it on all servers

Have I missed something?

 
Ben Holko
CISSP (ISC)2
Networking Team Leader
Datacom Systems
Ph: +61 3 9626 9600
Fax: +61 3 9626 9699
ben.holko@datacom.com.au <mailto:ben.holko@datacom.com.au>

• Next message: Noel Debouver III: "Logging to NVRAM or to FLASH"
• Previous message: Bill.McKenzie@bisys.com: "Re: CCIE cert - cost cuttiuing? :-)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART