Symmetricom S100 manual Acts Interface Dial-up, Peers, Security

Figure 5-47:Minimum Net NTP Configuration

Peers

Setting up a peer can be accomplished by adding the peer command to the ntp.conf file. The configuration of a peer is basically the same as setting up a client: an address or host name needs to be specified, along with a key and possibly the prefer keyword. Peers also have an associated polling interval that can be set in the ntp.conf file. While a set of peers can use different polling intervals, true peers use the same polling interval. The defaults should be acceptable except when peers are connected by very slow links. Setting the polling range is described in the ntpd man page. Generally, peer connections are used to improve the time accuracy at the base of the NTP tree (low numbered strata), or provide additional redundancy at the leaves of the NTP tree (high numbered strata). Using peer connections allows both of these without resorting to creating a new level of hierarchy.

Security

NTP provides the capability for NTP clients and servers to authenticate each other. This is accomplished with symmetric authentication keys and key identifiers. The term symmetric means that the keys must be the same on both the client and the server. Because NTP keys are stored outside of the ntp.conf file, the NTP keys file must be specified in the ntp.conf file for any configuration that will use keys. This is accomplished using the keys keyword, followed by the absolute path to the file.

With NTP version 3, authentication keys must be manually distributed to each of the client systems (NTP version 4 can use an automatic public key distribution, which is fully described in the NTP version 4 documentation). Caution must be exercised when transferring these keys to each client system. Be sure to use a protocol that supports strong authentication and encryption.

Establishing authenticated communication between a client and server requires configuration on both the client and the server. In order for authentication to work, both the client and the server must have a keys.conf file specified in ntp.conf that contains the same key with the same key ID. In other words, both the client and the server should have a line in the keys.conf file that is identical.

ACTS Interface: Dial-up

The Automated Computer Time Service (ACTS) is maintained by the U. S. National Institute of Standards and Technology (NIST). More information is in the next section. In most of this guide, the term dial-upis used instead.