Editing the md5 keys on the ntp client – Symmetricom Time Server User Manual

6000-100Ch4.fm Rev. D

TimeVault™ User’s Manual

4-71

Extended Function Commands

Chapter 4: Serial or Telnet I/O Functions

The NTP client “ntp.keys”

file is identical to the one on the NTP server. For the specific

keys used by the NTP server, the NTP client must have the identical line in its version of
the file. You’ll want to use your own hard-to-guess key names, using random letters. The
critical lines of the “ntp.keys” file are:

Id M Value
---- --- --------
1 M Symmetricom
2 M xyz123

where 1 and 2 are key identifiers.

The first column is the key identification number, which may range in whole positive
numbers from 1 to 65,535. The second column is the type of key, which is always set to
the letter M when using MD5 authentication. The third column is the private key that is
ASCII text from 1 to 32 characters in length.

Editing the MD5 keys on the NTP Client

For NTP client authentication, the line

trustedkey 1 2

in the “ntp.conf” file is required

to enable the private keys 1 and 2 from the “ntp.keys” file. The line

bclient

is required

for broadcast time packets to be processed by the NTP client. In this case, sample
information from a client “ntp.conf” file might look like:

trustedkey 1

2

bclient

Sample information in a client “ntp.keys” file might look like:

1

M

Symmetricom

2

M

longshot

When you invoke the NTP client at the command line, use the following options:

•

–b

to turn on broadcast reception

•

–k /etc/ntp.keys

to specify the name and location of the keys file

•

–d

for debugging.

An example command line might look like:

ntpd –d –d –d –b –k /etc/ntp.keys

After configuring all MD5 keys, carry out step 4 in the configuration procedure outlined
above.

For maximum security, use a unique combination of 32 letters and numbers for each key

identifier. For correct configuration, do not use zero as a key identifier. Zero means the key
identification will not be used.