S100 User Guide – Rev. D – June 2005 103
2
5
3
Figure 5-47: Minimum Net NTP Configuration
Peers
Setting up a peer can be accomplished by adding the peer command to the ntp.conf file. The
configuration of a peer is basically the same as setting up a client: an address or host name
needs to be specified, along with a key and possibly the prefer keyword. Peers also have an
associated polling interval that can be set in the ntp.conf file. While a set of peers can use
different polling intervals, true peers use the same polling interval. The defaults should be
acceptable except when peers are connected by very slow links. Setting the polling range is
described in the ntpd man page. Generally, peer connections are used to improve the time
accuracy at the base of the NTP tree (low numbered strata), or provide additional
redundancy at the leaves of the NTP tree (high numbered strata). Using peer connections
allows both of these without resorting to creating a new level of hierarchy.
Security
NTP provides the capability for NTP clients and servers to authenticate each other. This is
accomplished with symmetric authentication keys and key identifiers. The term symmetric
means that the keys must be the same on both the client and the server. Because NTP keys
are stored outside of the ntp.conf file, the NTP keys file must be specified in the ntp.conf file
for any configuration that will use keys. This is accomplished using the keys keyword,
followed by the absolute path to the file.
With NTP version 3, authentication keys must be manually distributed to each of the client
systems (NTP version 4 can use an automatic public key distribution, which is fully described
in the NTP version 4 documentation). Caution must be exercised when transferring these
keys to each client system. Be sure to use a protocol that supports strong authentication and
encryption.
Establishing authenticated communication between a client and server requires configuration
on both the client and the server. In order for authentication to work, both the client and the
server must have a keys.conf file specified in ntp.conf that contains the same key with the
same key ID. In other words, both the client and the server should have a line in the
keys.conf file that is identical.
ACTS Interface: Dial-up
The Automated Computer Time Service (ACTS) is maintained by the U. S. National Institute
of Standards and Technology (NIST). More information is in the next section. In most of this
guide, the term dial-up is used instead.