NTP Properties
The following NTP properties are available from Configuration: Services: NTP.
Table 3-33 NTP Properties
Property | Description | Examples |
---|---|---|
Discover NTP server via multicast address |
Enter a multicast address here for an NTP server to be located automatically |
|
Manually specify NTP server(s) |
Enter one or more NTP servers (and their corresponding authentication keys, if any) for the appliance to contact directly |
|
NTP Authentication Keys |
Enter one or more NTP authentication keys for the appliance to use when authenticating the validity of NTP servers. See the next table. |
|
Validation - If an invalid configuration is entered, a warning message is displayed and the configuration is not committed. This occurs when:
-
A multicast address is used but no NTP response is found.
-
An NTP server address is used, but that server does not respond properly to NTP.
Authentication - To prevent against NTP spoofing attacks from rogue servers, NTP has a private key encryption scheme whereby NTP servers are associated with a private key that is used by the client to verify their identity. These keys are not used to encrypt traffic, and they are not used to authenticate the client; they are only used by the NTP client (that is, Oracle ZFS Storage Appliance) to authenticate the NTP server. To associate a private key with an NTP server, the private key must first be specified. Each private key has a unique integer associated with it, along with a type and key. The type must be one of the types shown in the following table.
Table 3-34 NTP Private Keys and Integers
Type | Description | Example |
---|---|---|
DES |
64-bit hexadecimal number in DES format |
|
NTP |
64-bit hexadecimal number in NTP format |
|
ASCII |
1-to-8-character ASCII string |
|
MD5 |
1-to-8-character ASCII string, using the MD5 authentication scheme |
|
After the keys have been specified, an NTP server can be associated with a particular private key. For a given key, all of the key number, key type, and private key values must match between client and server for an NTP server to be authenticated.