Configuring NTP Authentication Using the System Query Page (CTPView)
NTP authentication enables the CTP device, which functions as the NTP client, to verify that servers are known and trusted. Symmetric key authentication will be used to authenticate the packets. It is assumed that the shared secret key is already being communicated between client and server and it is the responsibility of the server to have the shared secret keys already configured in their configuration and keys files. The client then adds the required key id and shared secret key to their configuration and keys files through CTPView or through syscfg commands. The Key ID and Key Value fields must be left blank in CTPView to disable NTP authentication.
To configure NTP authentication using the System Query page of CTPView:
- In the side pane, select System > Query.
Alternatively, you can specify the key ID and key value for NTP authentication from the System Configuration page by selecting System > Configuration in the side pane.
- Click Node Settings tab.
The NTP Settings page is displayed. The hostname and IP address of the CTP device are displayed under the Device table, which is shown to the left of the NTP Settings table.
- Configure the parameters described in Table 1 and click Submit Settings.
- (Optional) Click System > Query > Node Settings to verify the NTP configuration details.
Table 1: NTP Server Authentication Settings on the System Query Page in CTPView
Specifies the IPv4 or IPV6 address of the NTP server.
Adds NTP servers to the server list (IP addresses or hostnames). You can configure a maximum of two NTP servers. NTP authentication is started from the first server in the list and if the first server fails or becomes unavailable, the second server in the list is used.
Enter the IPv4 or IPv6 address of the NTP server to be used for authentication.
Specifies the key ID to authenticate the NTP packets received from the server by the NTP client.
The servers and clients involved must agree on the key and key identifier to authenticate NTP packets. Keys and related information are specified in a key file. Key ID is used to prove authenticity of data received over the network. During the synchronization of time, the client requests the key ID with the “NTP Client” packet and server sends the response with the “NTP Server” packet. If the key ID differs in both the packets, then the time does not synchronize. The time is synchronized and modified for the client only when the two key IDs are the same. The IP address with the secret key is configured in the “/etc/ntp.conf” NTP configuration file on the CTP device.
The following is the example for the ntp.conf file:
‘server x.x.x.x key 123’
x.x.x.x is the NTP server IP address
Key is the secret key id which is shared by both the client and server.
Enter a 32-bit integer in the range of 1 through 65534.
Specifies the value of the NTP key used for NTP authentication between the NTP server and the NTP client.
NTP uses keys to implement authentication. This key is used while exchanging data between the client and server. The following three key types are present:
CTP devices support the M key (MD5) for NTP authentication. All the keys must be defined in the “/etc/ntp/keys” file.
The following is an example for the keys file:
‘123 M pass’
123 is the key id (range 1 to 65534)
M designates the key type (M means MD5 encryption)
Pass denotes the key itself
Enter the key value as a sequence of up to 31 ASCII characters.
Specifies whether you want to enable or disable the NTP process on the CTP device.