Manualshelf

Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
301302303304305306307308309310
Chapter 7 307
Configuring the Network Time Protocol (NTP)
Advanced NTP Topics
In the example in Figure 7-5, authentication is enabled for both Penelope
and Golden. An NTP time request from Penelope to Golden will include
authentication fields—the key ID 10, and a checksum encrypted with the
key corresponding to the key ID 10, “tickle.” When Golden receives this
request, it recomputes the checksum using the packet’s key ID field (10)
to look up the key for ID 10 in its key file (“tickle”) and compares it to the
authentication field in the request.
Golden will send back time information with the key ID 10 and a
checksum encrypted using “tickle.”
In addition, Penelope will only accept time synchronizations that have
used the key ID 10 and the corresponding encryption key “tickle.
To enable authentication on the local host, include the following
statement in the /etc/ntp.conf configuration file:
authenticate yes
If the above statement is not specified, no authentication is used. When
authentication is enabled, the following keywords and parameters may
also be specified:
authdelay
seconds
indicates the amount of time (in seconds) needed to
encrypt an NTP authentication field on the local host. The
seconds
value
is used to correct transmit timestamps for authenticated outgoing
packets. The value depends upon the CPU speed of the local host.
CAUTION The startup script automatically calculates the proper value for
authdelay for the local system and writes it into the configuration file
/etc/ntp.conf. Do not modify this value.
keys
filename
specifies the file that contains the encryption keys used
by xntpd. See the xntpd man page for the format of the file.
trustedkey
key#
[
key#2
]... specifies the encryption key ID(s) that
are trusted as synchronization sources.
Restricting Incoming NTP Packets
xntpd provides a mechanism for restricting access to the local daemon
from certain source addresses. In the /etc/ntp.conf file, you can define
a restriction list that contains the addresses or addresses-and-masks of
sources that may send NTP packets to the local host. For each address or