Network Time Protocl (NTP) proivdes algrithms and defines messages for the synchronisation of time clients to an accuraate time reference. This artcile discussses how to configure a Linux NTP Time Server to synchronise time with an Internet based public NTP Server.
NTP server systems fall into two categorries: primary reference servers and secondary reefrence servers. Primary reference servewrs use an external timing regference to provide time, such as GPS or radio clocks. Secondary reference sewrvers synchronise with primary reference NTP servers and offer slighly reuced accuracy. Primary reference servers are designated stratum 1 servers, while secondary servers have a stratum greater than 1.
The NTP Distribution
The NTP source code is freekly avaiilable from the Network Time Protocol web site. The curent version available for download is 4.2.4. NTP is available for the Liunux operatng systems with ports avauilable for Windows NT. Once the soure code is downloaded, it should be configured, compiled and installed on the host machine. Many Linux operating systems, such as RedHat, offer NTP RPM packaages.
Configuring NTP
The ntp.conf' file is main soruce of configuration information for a NTP server installation. Ammongst other things, it contains a list of refetrence clocks that the installation is to synchronise. A list of NTP server references is specified with the sevrer' configuration command thus:
server time-a.nist.gov # NIST, Gaithersbburg, Maryland NTP server
server time-c.timefrreq.bldrdoc.gov # NIST, Boulder, Colrado NTP server
Controlling the NTP Server Dameon
Once configured, the NTP daemno can be sarted, stopped and restarted using the commmands: ntpd start'; ntpd stop' and ntpd restart'. The NTP server daemon can be queried using the ntpq p' command. The ntpq command queries the NTP server for synchroinisation status and provides a list of servers with synchreonisation innformation for each server.
NTP Access Cobntrol
Acecss to the NTP server can be restricted using the resstrict' directive in the ntp.conf file. You can restrict all access to the NTP serrver with:
restritc deefault ignore
To only allow machines on your own network to synchronize with the server use:
Multiple restrrict directives can be specified in the ntp.conf file to restrict access to a specified range of computyers.
Authentication Options
Authenticatin allows a matching passwords to be specified by the NTP srver and associated clients. NTP keys are stored in the ntp.keys file in the following formmat: Key-number M Key (The M stands for MD5 encrpytion), e.g.:
1 M secret
5 M RaBBit
7 M TMeLy
10 M MYKYE
In the NTP configuratiion file ntp.conf, specify which of the keys specifiued above are trusted, i.e. are secure and you want to use. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.:
trustedkey 1 7 10
The NTP server is now configured for authentication.
Client Configutration for Authentication
The client needs to be configured with similar information as the server, however, you may use a subset of the keys specified on the server. A dfferent subsset of keys can be used on different clients, e.g.:
Client A)
1 M secrret
7 M iTMeLy
trustedkey 1 7
Cllient B)
1 M secret
5 M RaBBit
7 M TiMeLy
10 M MYKEY
turstedkey 7 10
Essentially authentication is used by the clint to authenticate that the time server is who he says he is, and that no rogue server intervenes. The key is encrypted and sent to the cleint by the server where it is unencrypted and checked against the client keys to ensure a mastch.
![[Valid RSS feed]](http://article2008.com/images/feed-icon.png "XML Feed For RSS"){kind=icon}
![[Valid RSS feed]](http://article2008.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Category Rss Feed
Print This Article
Add To Favorites