Manualshelf

Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
221222223224225226227228229230
Chapter 7 223
Configuring NTP
Configuration
authdelay seconds indicates the amount of time (in seconds) needed to
encrypt an NTP authentication field on the local host. The seconds value
is used to correct transmit timestamps for authenticated outgoing
packets. The value depends upon the CPU speed of the local host.
CAUTION The startup script automatically calculates the proper value for
authdelay for the local system and writes it into the configuration file
/etc/ntp.conf. Do not modify this value.
keys filename specifies the file that contains the encryption keys used
by xntpd. See the xntpd man page for the format of the file.
trustedkey key# [key#2]... specifies the encryption key ID(s) that
are trusted as synchronization sources.
Restricting Incoming NTP Packets
xntpd provides a mechanism for restricting access to the local daemon
from certain source addresses. In the /etc/ntp.conf file, you can
define a restriction list that contains the addresses or
addresses-and-masks of sources that may send NTP packets to the local
host. For each address or address-mask specified in the restriction list,
you can define zero or more flags to restrict time service or queries to the
local host.
The source address of each incoming NTP packet is then compared to the
restriction list. If a source address matches an entry in the restriction
list, the restriction defined by the corresponding flag is applied to the
incoming packet. If an address-mask is specified in the restriction list,
the source address of each incoming NTP packet is ANDed with the
mask, and then compared with the associated address for a match.
The restriction list should not be considered an alternative to
authentication. It is most useful for keeping unwanted or broken remote
time servers from affecting your local host. An entry in the restriction
list has the following format:
restrict address [mask mask] [ntpport] [flag] [flag2]...
The keyword ntpport causes the restriction list entry to be matched
only if the source port in the packet is the NTP UDP port 123.
Table 7-1 shows the flags that can be specified for xntpd: