Manualshelf

Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
301302303304305306307308309310
Chapter 7 305
Configuring the Network Time Protocol (NTP)
Advanced NTP Topics
Configuring a Driftfile
xntpd computes the error in the frequency of the clock in the local host.
It usually takes xntpd a day or so after it is started to compute a good
estimate of the frequency error. The current value of the frequency error
may be stored in a driftfile. The driftfile allows a restarted xntpd to
reinitialize itself to the estimate stored in the driftfile, saving about a
day’s worth of time in recomputing a good frequency estimate. You
specify the path and name of the driftfile.
NOTE xntpd should be operated on a continuous basis. If it is necessary to stop
xntpd, the interval when it is not running should be kept to a minimum.
To specify the driftfile, define the keyword driftfile, followed by the
name of the file in which the frequency error value is to be stored. The
recommended location for the driftfile is /etc/ntp.drift. The following
is an example of a driftfile statement:
driftfile /etc/ntp.drift
Configuring Authentication
Authentication is a mechanism that helps protect against
unauthorized access to time servers. Authentication is enabled on a
system-by-system basis. Once enabled on a system, authentication
applies to all NTP relationships configured on the system. When
authentication is enabled on a host, only those time servers that send
messages encrypted with a configured key are considered as candidates
to which the host would be synchronized.
In authenticated mode, each NTP packet transmitted by a host has
appended to it a key number and an encrypted checksum of the
packet contents. The key number is specified in the peer, server, or
broadcast statement for the remote host. You specify either the Data
Encryption Standard (DES) or the Message Digest (MD5) algorithm to
be used for the encryption of NTP packets.
Upon receipt of an encrypted NTP packet, the receiving host recomputes
the checksum and compares it with the one included in the packet. Both
the sending and receiving systems must use the same encryption key,
defined by the key number.