According to: http://tinyurl.com/ft435 and http://tinyurl.com/fh8uz
In Windows 2003 SP1 and later, a full NTPv3 implementation with NTPv4 algoritmic enhancements is used. Windows Time Service is apparently no longer just SNTP, at least on the servier side. However, it appears the only Windows servers in the same domain can share authenticated time (they use their existing Kerberos session keys as a shared secret). There does not seem to be a way to configure the Windows Time Service to use a specific pre-shared key with a manually-defined server. I base this on a the list of command-line switches and registry settings provided in the links above. There may be undocumented ways of accomplishing this with Windows Time. This omission appears to be "okay" as far as NTP standards are concerned, because authentication is an optional part of RFC-1305 and RFC-2030. Incidentally, I recently configured a Windows 2003 SP1 server with the same time sources as I use for ntpd, and set up monitoring. It seems to maintain accuracy within a couple of milliseconds relative to my NTP v4 box after a few hours. This surprises me. Perhaps Windows 2003 SP1 finally provides "real" NTP. I am planning on a more thorough test of Windows 2003's Time Service soon. I don't have a local refclock, so I will probably be doing a long term test comparing ntpd and Windows Time using the same set of Stratum-1 servers. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
