NTP with authentication
Hedlind, Richard
richard.hedlind at hpe.com
Wed Mar 19 19:56:52 UTC 2025
I just recently joined the ntpsec users mailing list.
I don't know if you figured out the reason for the connection issue, but I had a similar issue and found a bug in ntpdig-1.2.2.
The underlying python library (packet.py) that ntpdig is using does not properly limit the MAC to 32 characters when assembling the request packet to the server and the server therefore ignores the packet. It was fixed in ntpdig-1.2.3.
--- ntpsec-1.2.2+dfsg1.orig/pylib/packet.py
+++ ntpsec-1.2.2+dfsg1/pylib/packet.py
@@ -1747,7 +1747,7 @@
if not ntp.ntpc.checkname(keytype):
return False
mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
- ntp.poly.polybytes(passwd), keytype)
+ ntp.poly.polybytes(passwd), keytype)[:20]
if not mac2 or len(mac2) == 0:
return b''
return struct.pack("!I", keyid) + mac2
@@ -1773,7 +1773,7 @@
if not ntp.ntpc.checkname(keytype):
return False
mac2 = ntp.ntpc.mac(ntp.poly.polybytes(payload),
- ntp.poly.polybytes(passwd), keytype)
+ ntp.poly.polybytes(passwd), keytype)[:20]
if not mac2:
return False
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20250319/63cef73d/attachment.htm>
More information about the users
mailing list