Configuring the Network Time Protocol (NTP)

The NTP keys file

The keys file contains a list of numeric key IDs and key values. These IDs and values are used to verify that mode 6 and mode 7 NTP packets should be processed. For example, when running the ntpdc program, you must supply a valid key ID in response to the Keyid prompt and its associated key value in response to the Password prompt. See ``Further examples of NTP'' for sample displays of this.

In addition to a key ID and its associated value, each entry also contains a one-letter code indicating the type of the key value. The precise format of an entry in the key file is:

key_ID key_type key_value

The three fields shown above are separated by any combination of blanks and tabs. Comments may appear on any line and must begin with the number sign (#).

The fields are:

key ID, which is an arbitrary, unsigned 32-bit number, written in decimal. The range of possible values is zero through 4,294,967,295. Key IDs are specified by the requestkey and controlkey statements in the configuration file.
key type, which identifies the type of key_value. Only one key format, ``M'', is currently supported. This indicates that the MD5 authentication scheme is being used. In this case, the key is a one-to-eight-character ASCII string. The one-letter code for this type is ``M''.
key value, which is a 56-bit DES encryption key that is written as 8 octets. The key value always uses odd parity.

Note that you will find it easier to specify ASCII key values, particularly for keys that are used to verify ntpdc requests. Because this file contains authorization data, you are strongly urged to limit read permission for this file. In particular, you should remove read permission for other.

Below is a sample keys file:

   #
   #
   4       M    DonTTelL
   6       M    hElloWorld
   22      M    ImASecret