W32time - encrypted request to NTP server?

  • Thread starter Thread starter BertieBigBollox
  • Start date Start date
B

BertieBigBollox

Is this supported or possible in Windows 2000?

I've managed to edit the registry to point at my local NTP server and
this works fine. The NTP host supports MD5 authentication and,
ideally, I'd like the Windows 2000 client to use this when requesting
from the NTP server.
 
Is this supported or possible in Windows 2000?

I've managed to edit the registry to point at my local NTP server and
this works fine. The NTP host supports MD5 authentication and,
ideally, I'd like the Windows 2000 client to use this when requesting
from the NTP server.

It doesn't seem to be supported. XP and newer Windows systems that
speak NTP to each other through w32time use Kerberos session keys to
do symmetric-key authentication of NTP packets. This is roughly the
same as using symmetric-key MD5 authentication in ntpd, but the keys
have already been exchanged through Windows Active Directory
credentials, so no further configuration is required.

However, there does not seem to be a way to get authenticated time
from an ntpd server into w32time unless a lower-layer protocol like
IPsec is used to wrap the NTP traffic.

See "NTP Security" section in the reference documentation from
MIcrosoft:
http://technet2.microsoft.com/windo...cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

To get what you want on Windows 2000, I would install the Windows
version of ntpd from Meinberg, and use their Time Server Monitor
program to manage and congfigure it:
http://www.meinberg.de/english/sw/ntp.htm
 
Back
Top