
NTP Broadcast Mode with MD5 Authentication | Appendix B: MD5 Authentication and NTP Broadcast Mode |
B.2 NTP Broadcast Mode with MD5 Authentication
An NTP broadcast timeserver with an NTP broadcast time client can be used for NTP version 4 with authentication.
The MD5 authentication protocol is optionally available for NTP versions 3 and 4. When a packet is received by NTP, it checks the key identification number in the packet against the private key in the “ntp.keys” file, then calculates the MD5 digest number and compares this number to the one sent in the packet. If the digest numbers do not agree, then the packet is ignored. Thus, only servers with trusted MD5 keys may send time to a client. The keys are known to both the NTP client and server through separate key files, usually named “ntp.keys” in the “/etc” directory. The name of the file and its location are determined by the
In actual practice, for normal NTP
Setting up an NTP broadcast server and NTP client using MD5 authentication requires modifications to the “ntp.keys” file.
Editing MD5 keys is covered in Chapter 4 (see the sections starting on page
TimeVault™ User’s Manual |