Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software

221

222

223

224

225

226

227

228

229

230

222 Chapter 7

Conﬁguring NTP

Conﬁguration

servers that use a speciﬁed trusted key for encryption, and whose

authenticity is veriﬁed by successful decryption, are considered

synchronization candidates.

Figure 7-10 illustrates how authentication works.

Figure 7-10 Authentication Example

In the example in Figure 7-10, authentication is enabled for both

Penelope and Golden. An NTP time request from Penelope to Golden will

include authentication ﬁelds—the key ID 10, and a checksum encrypted

with the key corresponding to the key ID 10, “tickle.” When Golden

receives this request, it recomputes the checksum using the packet’s key

ID ﬁeld (10) to look up the key for ID 10 in its key ﬁle (“tickle”) and

compares it to the authentication ﬁeld in the request.

Golden will send back time information with the key ID 10 and a

checksum encrypted using “tickle.”

In addition, Penelope will only accept time synchronizations that have

used the key ID 10 and the corresponding encryption key “tickle.”

To enable authentication on the local host, include the following

statement in the /etc/ntp.conf conﬁguration ﬁle:

authenticate yes

If the above statement is not speciﬁed, no authentication is used. When

authentication is enabled, the following keywords and parameters may

also be speciﬁed:

Penelope

Golden

/etc/ntp.keys

authenticate yes

/etc/ntp.keys

authenticate yes

NTP Packet

Key Num. (10)

Encrypted

Checksum

server golden key 10

keys /etc/ntp.keys

server 127.127.1.1

key# Format Key

10 M tickle

key# Format Key

10 M tickle

trustedkey 10