Manualshelf

HP-UX Internet Services Administrator's Guide (August 2003)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
81828384858687888990
Configuring NTP
Advanced NTP Topics
Chapter 4 83
driftfile
driftfile
where, driftfile specifies the file name used to record the frequency offset
of the local clock oscillator. HP recommends the location
/etc/ntp.drift for storingthe driftfile. The following isan example ofa
driftfile statement:
driftfile /etc/ntp.drift
Configuring Authentication
Authentication is a mechanism used to prevent unauthorized access to
time servers. Authentication is enabled on a system-by-system basis.
Once enabled on a system, authentication applies to all NTP
relationships configured on the system. If you enable authentication on a
host, the host synchronizes time only with those time servers that send
messages encrypted with a configured key.
In an authenticated mode, each NTP packet transmitted by a host is
appended by akey number and anencrypted checksum of thepacket
contents. The key number is specified in the peer, server,orbroadcast
statement for the remote host. You specify use the Data Encryption
Standard (DES) or the Message Digest (MD5) algorithm to encrypt the
NTP packets.
Upon receipt of an encrypted NTP packet, the receiving host recomputes
the checksum and compares it with the checksum included in the packet.
Both, the sending and receiving systems must use the same encryption
key defined by the key number.
When authentication is enabled on a host, the host does not consider the
following time servers for synchronization:
Time servers that send unauthenticated NTP packets.
Time servers that send authenticated packets that the host is unable
to decrypt.
Time servers that send authenticated packets encrypted using a
non-trusted key.
An authentication key file is specified on the host and contains a list
of keys and their corresponding key numbers. Each key-key number pair
is further defined by a key format, which determines the encryption
method. For more information about the authentication key file, type man
1M xntpd at the HP-UX prompt. A sample key file is provided in