NTP server systems fall into two categories: primary reference servers and secondary reference servers. Primary reference servers use an external timing reference to provide time, such as GPS or radio clocks. Secondary reference servers synchronize with primary reference NTP servers and offer slightly less accuracy. Primary reference servers are designated stratum 1 servers, while secondary servers have a stratum greater than the first
NTP Distribution
NTP source code is freely available from the Network Time Protocol web site. The current version available for download is 4.2.4. NTP is available for Linux operating systems with ports available to Windows NT. When source code is downloaded, configured, compiled and installed on the host machine. Many Linux operating systems, such as RedHat, offers NTP RPM packages.
Configuring NTP
The 'ntp.conf' file is the main source of configuration information to an NTP server installation. Among other things, it contains a list of reference clocks that the installation is to synchronize. A list of NTP server references is specified with "server" configuration command as follows:
server time a.nist.gov # NIST,
server time c.timefreq.bldrdoc.gov # NIST,
Checking the NTP Server Daemon
Once configured, the NTP daemon can be started, stopped and restarted with the commands: 'ntpd start', 'ntpd stop' and 'ntpd restart ". NTP server daemon can be queried using the' ntpq-p command. The ntpq command queries NTP server to synchronize the status and provides a list of servers with synchronization information for each server.
NTP Access Control
Access to the NTP server can be restricted using the 'restrict' directive in the ntp.conf file. You can restrict all access to the NTP server:
restrict default ignore
To only allow machines on your network to synchronize with the server use:
restrict 192.168.1.0 mask 255255255.0 NoModify notrap
More restrict directives can be specified in the ntp.conf file to restrict access to a specified range of computers.
Authentication Options
Authentication provides a matching passwords to be specified by the NTP server and associated clients. NTP keys are stored in ntp.keys file in the following format: Key-number M Key (M stands for MD5 encryption), eg:
1 M secret
5 M rabbit
7 M Timely
10 M mykey
The NTP configuration file ntp.conf, specify which of the keys specified above are trusted, that is safe and you want to use. Any keys in the keys file but not trusted will not be used for authorization, for example:
trustedkey 1 7 10
NTP server is now configured for authentication.
Client Configuration for Authentication
The client must be configured with similar information as the server, but you can use a subset of keys displayed on the server. A second subset of keys can be used on different clients, for example:
Client A)
1 M secret
7 M Timely
trustedkey 1 7
Client B)
1 M secret
5 M rabbit
7 M Timely
10 M mykey
trustedkey 7 10
Essential authentication used by the client to authenticate the time server is who he says he is and that no rogue server intervenes. The key is encrypted and sent to the client by the server, where it is unencrypted and checked against the client keys to ensure a match.