NTP authentication

Hello,

 

I have a NTP server a nd 2 clients I only want to authenticate 1 of them and not the other. can I only do it via the peer command ..?

 

cheers,

 

Dave

Comments

  • Hi!

    If you dont enable ntp authenticate on one of the clients that probably will end up in not getting the time? Havent worked with ntp a long time.

    Why do you wanna do this? Is one of the clients not able to do authentication?

     

    Regards!

    Markus.

  • I have a NTP server a nd 2 clients I only want to authenticate 1 of them and not the other. can I only do it via the peer command ..?

    Just a side note NTP client needs to authenticate NTP server not vice-versa.

  • Does this mean that when authentication is required/activated at the server that a client can get the time even without a key?

    Regards!

  • Markus,

    Typically the client is configured to only accept NTP updates from a trusted source. You may have many clients configured - you don't usually need to have the server authenticate the clients, but the client needs to authenticate the server so it can trust the updates.

    If you do have a case where mutual authentication is needed, ntp peer would probably be the answer, with authentication configured on both ends.

    Does this mean that when authentication is required/activated at the server that a client can get the time even without a key?

    Regards!


  • Does this mean that when authentication is required/activated at the server that a client can get the time even without a key?

    Server just need to supply a key when client asks for it (client authenticates the server) that meens if there are multiple clients and one of the client wants to authenticate server, that client needs to have authentication enabled if it gets the valid key from server then it accepts the updates from the server. While other clients which do not want to authenticate server need not to have authentication enabled so they will not ask for any key from the server therefore these clients will also get the updates. 

  • While other clients which do not want to authenticate server need not to have authentication enabled so they will not ask for any key from the server therefore these clients will also get the updates. 

     

    I agree. The server only responds with the configured trusted key when asked to supply it by the client.

  • The good thing with NTP is that the client authenticates the server, so you don't have to use peer. If mutual authentication is required, then you could consider using the peer command.

Sign In or Register to comment.