W32time - encrypted request to NTP server?

[Guest BertieBigBollox@gmail.com]

Is this supported or possible in Windows 2000?

 

I've managed to edit the registry to point at my local NTP server and

this works fine. The NTP host supports MD5 authentication and,

ideally, I'd like the Windows 2000 client to use this when requesting

from the NTP server.

[Guest Ryan Malayter]

Re: W32time - encrypted request to NTP server?

 

On Mar 20, 8:41 am, "BertieBigBol...@gmail.com"

<BertieBigBol...@gmail.com> wrote:

> Is this supported or possible in Windows 2000?

>

> I've managed to edit the registry to point at my local NTP server and

> this works fine. The NTP host supports MD5 authentication and,

> ideally, I'd like the Windows 2000 client to use this when requesting

> from the NTP server.

 

It doesn't seem to be supported. XP and newer Windows systems that

speak NTP to each other through w32time use Kerberos session keys to

do symmetric-key authentication of NTP packets. This is roughly the

same as using symmetric-key MD5 authentication in ntpd, but the keys

have already been exchanged through Windows Active Directory

credentials, so no further configuration is required.

 

However, there does not seem to be a way to get authenticated time

from an ntpd server into w32time unless a lower-layer protocol like

IPsec is used to wrap the NTP traffic.

 

See "NTP Security" section in the reference documentation from

MIcrosoft:

http://technet2.microsoft.com/windowsserver/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

 

To get what you want on Windows 2000, I would install the Windows

version of ntpd from Meinberg, and use their Time Server Monitor

program to manage and congfigure it:

http://www.meinberg.de/english/sw/ntp.htm

 

---

RM