The Network Time Protocol (NTP) is an Internet protocol designed and developed

to synchronise network time clients to an accurate reference clock. NTP defines a

number of algorithms and specifies a message structure to pass accurate timing
information from a server reference to a client machine. This article describes how
to install the freely available public NTP server software distribution available
from 'ntp.org'. It shows how to configure NTP to synchronise time with a internet
based public time reference.

Internet based NTP time server systems fall into two categories: primary and
secondary reference servers. Primary reference servers utilise a highly accurate
external timing reference, such as GPS or radio clocks, to provide precise time.
Secondart reference servers synchronise their time with primary reference servers
and therefore offer slightly reduced accuracy. Primarty reference servers are
designated stratum 1, while other servers have a higher stratum, ie 2 or above.

The NTP source code is freely downloadable under the GNU public license from
the NTP web site at 'ntp.org'. NTP was originally developed for the LINUX
operating system, however, a port to Windows NT is also available. Once the
source code has been obtained, it should be installed, compiled and configured on
the host computer. This process is automated with the installation and
configuration scripts supplied in the distribution. Many Linux based operating
systems have the NTP package pre-installed. However, it may be wise to download
the most recent version, which is currently 4.2.4.

The NTP daemon is configured via a configuration file 'ntp.conf'. This

configuration file may contain a list of public NTP server references that can be
used by the host to synchronise time. Public NTP time servers are specified using
the 'server' command, any characters after the '#' symbol are comments:

server time-a.nist.gov # Public NTP server: NIST, Gaithersburg, Maryland server

time-c.timefreq.bldrdoc.gov # Public NTP Server: NIST, Boulder, Colorado

When the configuration file is complete the NTP daemon can be started using the
'ntpd start' script. Other scripts are vailable that can be used to control the
daemon: 'ntpd stop', 'ntpd restart'. There is also a query script available that
shows the current synchronisation status of the daemon: 'ntpq -p'.

The 'restrict' command can be used to control access premissions to the NTP
server. There are a number of permutations or the 'restrict' command; a few
examples are listed below.
restrict default ignore #Restrict all access to the time server restrict 192.168.1.0
mask 255.255.255.0 nomodify notrap # Only allow local computers access

Multiple commands can be specified to restrict or disallow access to a range of

computers.

NTP provides an additional level of security by utilising authentication codes. This

is a mechanism where matching key codes can be specified on a client and server
which are encrypted and passed between the server and client. This provides a
client with the ability to authenticate the source of a time reference. Authetication
keywords are specified in the 'ntp.keys' file. They are specified using a key
reference, encryption code and authentication key. Additionally, trusted
authentication keys can be specified using the 'trusted key' command is the
'ntpd.conf' configuration file.