NTP authentication using kerberos

Da Rock rock_on_the_web at comcen.com.au
Thu Sep 18 01:25:49 UTC 2008


This may be a stupid question, and/or a chicken and egg conundrum:

Is it possible to use kerberos in authentication with an ntp server?

Here is my reasoning for this (and please correct any wrong assumptions
I have here): In the handbook regarding kerberos (and nearly every other
reliable source) kerberos is all or nothing- every service needs to be
included or it is not as secure as it should be. On the other hand,
there are problems with using kerberos if the time is not synchronised,
so use ntp.

And so far I have only found simple key authentication similar to dhcp
and dns to authenticate ntp with. But if kerberos provides keys then
this could be simpler, yes?

Once I have worked through this, I'd like to multicast ntp, but I think
I've got that sewn up already, unless anybody has some advice on this?
I'll probably be using the 239 subnet rather than 224 if that is not an
issue.

One more thing- if ntp uses the same sort of authentication as dhcp and
dns, is there a way to extend this kerberos setup (if it is possible
with ntp) to dhcp and dns on my local network? Or am I just getting too
ambitious with everything here? :)

Cheers



More information about the freebsd-questions mailing list