Hello, I want to employ the AutoKey method of securing NTP.
Basically, I want one host that would act as an NTP client of an external NTP server, talking AutoKey. This NTP client is to become the NTP server for other hosts on the intranet. All these hosts are behind a corporate firewall and are very likely using NAT / IP masquerading as well. (I can tell NAT / IP masquerading is in use in our environment because all hosts report the same IP address at http://www.whatismyipaddress.com.) I ask this question because I ran into a circa 2004 link (http:// www.ecsirt.net/tools/crypto-ntp.html) that says, Be Aware! Before we start building ntpd, one important notice: NTP with Autokey does not work from a host that is behind a masquerading or NAT host! Is this a conceptual / fundamental limitation, or something related to NTP version? If latter, I'm hoping that it would probably have been fixed by now. If AutoKey and NAT don't go together conceptually, what would be my next best option of securing NTP? Though MD5 method is there but it is symmetric cryptography and prone to man-in-the-middle attacks... which is why btw I was hoping to be able to employ AutoKey. Many thanks, /HS _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions