Contains key identifiers and keys controlling authentication of Network Time Protocol (NTP) transactions.
The ntp.keys file contains key identifiers and keys for encryption and decryption of authentication of NTP transactions.
The NTP standard specifies an extension allowing verification of the authenticity of received NTP packets, and to provide an indication of authenticity in outgoing packets. The xntpd daemon implements this by using the MD5 algorithm to compute a message-digest. The specification allows any one of possibly 4 billion keys, numbered with 32 bit key identifiers, to be used to authenticate an association. The servers involved in an association must agree on the key and key identifier used to authenticate their data, although they must each learn the key and key identifier independently.
The xntpd daemon reads its keys from a file specified with the -k flag or the keys statement in the configuration file. You cannot change key number 0 because the NTP standard fixes it as 64 zero bits.
The ntp.keys file uses the same comment conventions as the configuration file, ntp.conf. Key entries use the following format:
KeyNumber M Key
where,
Entry | Description |
---|---|
KeyNumber | A positive integer |
M | Specifies that Key is a 1-to-8 character ASCII string, using the MD5 authentication scheme. |
Key | The key itself. |
One of the keys may be chosen, by way of the ntp.conf configuration file requestkey statement, to authenticate run-time configuration requests made using the xntpdc command. The xntpdc command obtains the key from the terminal as a password, so it is generally appropriate to specify the key in ASCII format.
Item | Description |
---|---|
/etc/ntp.keys | Specifies the path to the file. |