1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. NTP Configuration
  5. NTP Properties

NTP Properties

The following NTP properties are available from Configuration: Services: NTP.

Table 3-33 NTP Properties

Property Description Examples

Discover NTP server via multicast address

Enter a multicast address here for an NTP server to be located automatically

224.0.1.1

Manually specify NTP server(s)

Enter one or more NTP servers (and their corresponding authentication keys, if any) for the appliance to contact directly

0.pool.ntp.org

NTP Authentication Keys

Enter one or more NTP authentication keys for the appliance to use when authenticating the validity of NTP servers. See the next table.

Auth key: 10, Type: ASCII, Private Key: SUN7000

Validation - If an invalid configuration is entered, a warning message is displayed and the configuration is not committed. This occurs when:

  • A multicast address is used but no NTP response is found.

  • An NTP server address is used, but that server does not respond properly to NTP.

Authentication - To prevent against NTP spoofing attacks from rogue servers, NTP has a private key encryption scheme whereby NTP servers are associated with a private key that is used by the client to verify their identity. These keys are not used to encrypt traffic, and they are not used to authenticate the client; they are only used by the NTP client (that is, Oracle ZFS Storage Appliance) to authenticate the NTP server. To associate a private key with an NTP server, the private key must first be specified. Each private key has a unique integer associated with it, along with a type and key. The type must be one of the types shown in the following table.

Table 3-34 NTP Private Keys and Integers

Type Description Example

DES

64-bit hexadecimal number in DES format

0101010101010101

NTP

64-bit hexadecimal number in NTP format

8080808080808080

ASCII

1-to-8-character ASCII string

topsecret

MD5

1-to-8-character ASCII string, using the MD5 authentication scheme

md5secret

After the keys have been specified, an NTP server can be associated with a particular private key. For a given key, all of the key number, key type, and private key values must match between client and server for an NTP server to be authenticated.