W32time - encrypted request to NTP server? - NTP

This is a discussion on W32time - encrypted request to NTP server? - NTP ; Is this supported or possible in Windows 2000? I've managed to edit the registry to point at my local NTP server and this works fine. The NTP host supports MD5 authentication and, ideally, I'd like the Windows 2000 client to ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: W32time - encrypted request to NTP server?

  1. W32time - encrypted request to NTP server?

    Is this supported or possible in Windows 2000?

    I've managed to edit the registry to point at my local NTP server and
    this works fine. The NTP host supports MD5 authentication and,
    ideally, I'd like the Windows 2000 client to use this when requesting
    from the NTP server.

  2. Re: W32time - encrypted request to NTP server?

    On Mar 20, 8:41*am, "BertieBigBol...@gmail.com"
    wrote:
    > Is this supported or possible in Windows 2000?
    >
    > I've managed to edit the registry to point at my local NTP server and
    > this works fine. The NTP host supports MD5 authentication and,
    > ideally, I'd like the Windows 2000 client to use this when requesting
    > from the NTP server.


    It doesn't seem to be supported. XP and newer Windows systems that
    speak NTP to each other through w32time use Kerberos session keys to
    do symmetric-key authentication of NTP packets. This is roughly the
    same as using symmetric-key MD5 authentication in ntpd, but the keys
    have already been exchanged through Windows Active Directory
    credentials, so no further configuration is required.

    However, there does not seem to be a way to get authenticated time
    from an ntpd server into w32time unless a lower-layer protocol like
    IPsec is used to wrap the NTP traffic.

    See "NTP Security" section in the reference documentation from
    MIcrosoft:
    http://technet2.microsoft.com/window....mspx?mfr=true

    To get what you want on Windows 2000, I would install the Windows
    version of ntpd from Meinberg, and use their Time Server Monitor
    program to manage and congfigure it:
    http://www.meinberg.de/english/sw/ntp.htm

    ---
    RM


  3. Re: W32time - encrypted request to NTP server?

    BertieBigBollox@gmail.com wrote:
    > Is this supported or possible in Windows 2000?
    >
    > I've managed to edit the registry to point at my local NTP server and
    > this works fine. The NTP host supports MD5 authentication and,
    > ideally, I'd like the Windows 2000 client to use this when requesting
    > from the NTP server.


    The question doesn't make much sense. Why would you want to encrypt the
    request? What are you trying to hide?

    Danny

  4. Re: W32time - encrypted request to NTP server?

    Danny Mayer wrote:
    > BertieBigBollox@gmail.com wrote:
    >
    >>Is this supported or possible in Windows 2000?
    >>
    >>I've managed to edit the registry to point at my local NTP server and
    >>this works fine. The NTP host supports MD5 authentication and,
    >>ideally, I'd like the Windows 2000 client to use this when requesting
    >>from the NTP server.

    >
    >
    > The question doesn't make much sense. Why would you want to encrypt the
    > request? What are you trying to hide?
    >
    > Danny


    Perhaps the OP meant that he would like the client to be able to
    ascertain that the server really is the server he configured. Isn't
    that, after all, the purpose of authentication?

    But perhaps this is too much to expect from Windows.


  5. Re: W32time - encrypted request to NTP server?

    On 2008-03-23, Richard B. Gilbert wrote:

    > Perhaps the OP meant that he would like the client to be able to
    > ascertain that the server really is the server he configured. Isn't
    > that, after all, the purpose of authentication?


    The OP asked about encryption (note the subject of this thread).

    authentication != encryption

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  6. Re: W32time - encrypted request to NTP server?

    Steve Kostecke wrote:
    > On 2008-03-23, Richard B. Gilbert wrote:
    >
    >
    >>Perhaps the OP meant that he would like the client to be able to
    >>ascertain that the server really is the server he configured. Isn't
    >>that, after all, the purpose of authentication?

    >
    >
    > The OP asked about encryption (note the subject of this thread).
    >
    > authentication != encryption
    >


    AS far as I know, the only purpose of encryption in NTP is to
    authenticate the server to the client! This is done by including an
    encrypted signature in the packet. There is nothing "secret" in an NTP
    packet that would require encryption for any other purpose.

    If he meant something else, he failed to make himself clear!


  7. Re: W32time - encrypted request to NTP server?

    Richard B. Gilbert wrote:
    > Danny Mayer wrote:
    >> BertieBigBollox@gmail.com wrote:
    >>
    >>> Is this supported or possible in Windows 2000?
    >>>
    >>> I've managed to edit the registry to point at my local NTP server and
    >>> this works fine. The NTP host supports MD5 authentication and,
    >>> ideally, I'd like the Windows 2000 client to use this when requesting
    >> >from the NTP server.

    >>
    >>
    >> The question doesn't make much sense. Why would you want to encrypt the
    >> request? What are you trying to hide?
    >>
    >> Danny

    >
    > Perhaps the OP meant that he would like the client to be able to
    > ascertain that the server really is the server he configured. Isn't
    > that, after all, the purpose of authentication?
    >


    Authentication, maybe. Encryption no. They are not related to each other.

    > But perhaps this is too much to expect from Windows.


    No. Windows can do both encryption (see the OpenSSL libraries as well as
    Microsoft's) and can do authentication (see Autokey).

    Danny

+ Reply to Thread