Unauthenticated Broadcast Client Drops Authenticated Server Packets. - NTP

This is a discussion on Unauthenticated Broadcast Client Drops Authenticated Server Packets. - NTP ; Hi Experts, I have got a broadcast server that sends broadcast messages authenticated with MD5. There is a broadcast client that has no authentication enabled. The packets on the broadcast client is dropped due to authentication failure. Could you please ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Unauthenticated Broadcast Client Drops Authenticated Server Packets.

  1. Unauthenticated Broadcast Client Drops Authenticated Server Packets.

    Hi Experts,

    I have got a broadcast server that sends broadcast messages
    authenticated with MD5. There is a broadcast client that has no
    authentication enabled. The packets on the broadcast client is
    dropped due to authentication failure. Could you please let me know
    if this is the expected behaviour of the broadcast client in this
    scenario.

    Since the broadcast cleint is not interested in authentication, it
    could very well accept the packet from the server though the packet
    has MAC, right ?

    Please let me know if I miss anything here.

    Thanks,
    Arul Kumar C


  2. Re: Unauthenticated Broadcast Client Drops Authenticated Server Packets.

    >>> In article <1173964807.863035.296190@y66g2000hsf.googlegroups. com>, "Arul Kumar C" writes:

    Arul> Hi Experts, I have got a broadcast server that sends broadcast
    Arul> messages authenticated with MD5. There is a broadcast client that has
    Arul> no authentication enabled.

    This is different from having a client with authentication disabled.

    Arul> The packets on the broadcast client is
    Arul> dropped due to authentication failure. Could you please let me know
    Arul> if this is the expected behaviour of the broadcast client in this
    Arul> scenario.

    Yes, this is a feature and is exactly what should happen if your client does
    not have authentication properly configured. Again, disabling
    authentication is a different matter.

    Arul> Since the broadcast cleint is not interested in authentication, it
    Arul> could very well accept the packet from the server though the packet
    Arul> has MAC, right ?

    Yes, but only if you disable authentication on the client, and you should
    have a very clear idea of what the effects of this decision will be.

    Arul> Please let me know if I miss anything here.

    Please reconsider using authentication - is it really that difficult for
    your environment to have it set up properly?

    H

  3. Re: Unauthenticated Broadcast Client Drops Authenticated Server Packets.

    Arul Kumar C wrote:
    > Hi Experts,
    >
    > I have got a broadcast server that sends broadcast messages
    > authenticated with MD5. There is a broadcast client that has no
    > authentication enabled. The packets on the broadcast client is
    > dropped due to authentication failure. Could you please let me know
    > if this is the expected behaviour of the broadcast client in this
    > scenario.
    >
    > Since the broadcast cleint is not interested in authentication, it
    > could very well accept the packet from the server though the packet
    > has MAC, right ?
    >
    > Please let me know if I miss anything here.
    >
    > Thanks,
    > Arul Kumar C
    >


    Broadcast clients require authentication by default. So, yes, this is
    the expected behavior. If the client does not require an authenticated
    server, you can disable authentication. The reason is that ANYBODY with
    the proper software can broadcast NTP packets on your network. Those
    packets may have the correct time or they may not! If the time is not
    correct youf clients may be off by anything from seconds to years!



  4. Re: Unauthenticated Broadcast ClientDrops Authenticated Server Packets.

    Arul Kumar C wrote:
    > Hi Experts,
    >
    > I have got a broadcast server that sends broadcast messages
    > authenticated with MD5. There is a broadcast client that has no
    > authentication enabled. The packets on the broadcast client is
    > dropped due to authentication failure. Could you please let me know
    > if this is the expected behaviour of the broadcast client in this
    > scenario.
    >
    > Since the broadcast cleint is not interested in authentication, it
    > could very well accept the packet from the server though the packet
    > has MAC, right ?
    >

    Try using -A on the ntpd startup line to have it ignore authentication.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


+ Reply to Thread