Configuring Network Time Protocol (NTP) service

Authenticating NTP runtime reconfiguration

To turn on authentication of requests to use xntpdc(1Mtcp) to reconfigure the NTP daemon while it is running:

  1. Create one or more keys that will be used for authenticating reconfiguration requests. This key can be unique to each peer. The format of such keys is described in ``The NTP keys file''.

  2. On each host on which you want to configure authentication, add the following lines to the /etc/inet/ntp.conf file if not already present: 
    authenticate yes
keys /etc/inet/ntp.keys
    If the line currently defines authenticate as no, change the value to yes.

  3. Add the following line to /etc/inet/ntp.conf: 
    requestkey ID
    ID is the ID number of the key that will be used to authenticate reconfiguration requests.

  4. If it does not already exist, create a /etc/inet/ntp.keys file on each peer, and add the request key for the peer to this file.

  5. To have xntpd re-read its configuration file, stop xntpd by killing its process ID found using ps, then restart it using the command in.xntpd &.

The NTP keys file

The /etc/inet/ntp.keys file contains a list of numeric key IDs and key values. These IDs and values are used to verify that mode 6 and mode 7 NTP packets should be processed. For example, when running the xntpdc program, you must supply a valid key ID in response to the Keyid prompt and its associated key value in response to the Password prompt. See ``Examples of using ntpq and xntpdc'' for sample displays of this.

In addition to a key ID and its associated value, each entry also contains a one-letter code indicating the type of the key value. The format of an entry in the key file is:

key_ID key_type key_value

The three fields shown above are separated by any combination of blanks and tabs. Comments may appear on any line and must begin with the number sign (#).

The fields are:

key_ID
An arbitrary, unsigned 32-bit number, written in decimal. The range of possible values is zero through 4,294,967,295. Key IDs are specified by the requestkey and controlkey statements in the configuration file.

key_type
Identifies the authentication scheme. Only M for MD5 authentication is currently supported.

NOTE: DES authentication is not included in this release.

key_value
For MD5 authentication, this is a password consisting of a string of one to eight ASCII characters. If the string is longer than eight characters, only the first eight will be used.

NOTE: The NTP keys file contains sensitive data. Limit read permission to the owner root.

The following is a sample ntp.keys file: 

   4       M    DonTTelL
   6       M    hElloWorld
   22      M    ImASecret
© 1999 The Santa Cruz Operation, Inc. All rights reserved.
UnixWare 7 Release 7.1.1 - 5 November 1999