Erik wrote: > Hi Danny > > thanks for your input > > >>>I am looking for a (software) time servers (to run on Win2000) that >>>can send out broadcast messages together with (three) security keys >>>(for authoring) >> >>Well ntpd works on Windows though I'm not entirely sure what you mean by >>3 security keys or authoring. ntpd supports the autokey protocol details >>of which you can find in the documentation area of the >>website:http://www.ntp.org/ > > > what I mean is that the clients expect three keys in the broadcast > message to be sent along > These keys are defined in /etc/ntp/keys > For example > 1 M <key1> > 2 M <key2> > 15 M <key15> > else they will refuse to see the broadcast as one that can be trusted > and will not correct the time > This means that the prog sending out these broadcasts will have to > send along these keys
Ntpd uses only ONE of those keys at a time. ISTR that the client specifies the key to be used on the "server" statement. You are not, of course, limited to three keys; a server might have a different set of keys for every client. (Unwieldy but possible.) In a broadcast or multicast subnet, everybody would have to use the same key. These keys are generally NOT used over the internet! A different keying scheme is used to authenticate server to client. It works something like this: you ask the server for its "public" key but the server signs it's packets with its "private" key. Your client, using the public key, can determine that the packet was signed by a server holding the private key. Ntpd supports both these keying schemes. The private-public key scheme is used by public servers whose clients need to be able to prove that they are synchronized to a source traceable to NIST or some other "national standards laboratory". Keys can, of course, be used within a corporate or private network. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
