Alcatel Carrier Internetworking Solutions omniswitch manual Using Authentication

Using Authentication

Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be obtained from the server administrator. For more information on the authentication file, see “Authentica- tion” on page 3-7.)

Once both the client and server share a common MD5 encryption key, the MD5 key identification for the NTP server must be specified on and labeled as trusted on the client side.

Setting the Key ID for the NTP Server

Enabling authentication requires the following steps:

1Make sure the key file is located in the /networking directory of the switch. This file must contain the key for the server that provides the switch with its timestamp information.

2Make sure the key file with the NTP server’s MD5 key is loaded into the switch memory by issuing the ntp key load command, as shown:

-> ntp key load

3Set the server authentication key identification number using the ntp server command with the key keyword. This key identification number must be the one the server uses for MD5 encryption. For exam- ple, to specify key identification number 2 for an NTP server with an IP address of 1.1.1.1, enter:

-> ntp server 1.1.1.1 key 2

4Specify the key identification set above as trusted. A key that has been labeled as trusted is ready for use in the authentication process. To set a key identification to be trusted, enter the ntp key command with the key identification number and trusted keyword. For example, to set key ID 5 to trusted status, enter the following:

-> ntp key 5 trusted

Untrusted keys, even if they are in the switch memory and match an NTP server, will not authenticate NTP messages.

5A key can be set to untrusted status by using the ntp key command with the untrusted keyword. For example, to set key ID 5 to untrusted status, enter the following:

-> ntp key 5 untrusted