Re: W32time - encrypted request to NTP server?
On Mar 20, 8:41 am, "BertieBigBol...@gmail.com"
<BertieBigBol...@gmail.com> wrote:
> Is this supported or possible in Windows 2000?
>
> I've managed to edit the registry to point at my local NTP server and
> this works fine. The NTP host supports MD5 authentication and,
> ideally, I'd like the Windows 2000 client to use this when requesting
> from the NTP server.
It doesn't seem to be supported. XP and newer Windows systems that
speak NTP to each other through w32time use Kerberos session keys to
do symmetric-key authentication of NTP packets. This is roughly the
same as using symmetric-key MD5 authentication in ntpd, but the keys
have already been exchanged through Windows Active Directory
credentials, so no further configuration is required.
However, there does not seem to be a way to get authenticated time
from an ntpd server into w32time unless a lower-layer protocol like
IPsec is used to wrap the NTP traffic.
See "NTP Security" section in the reference documentation from
MIcrosoft:
http://technet2.microsoft.com/windo...cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true
To get what you want on Windows 2000, I would install the Windows
version of ntpd from Meinberg, and use their Time Server Monitor
program to manage and congfigure it:
http://www.meinberg.de/english/sw/ntp.htm
---
RM