Does ntpsec log authentication errors
Hal Murray
halmurray at sonic.net
Fri Mar 21 08:21:46 UTC 2025
> Is there a way to get ntpsec to log authentication errors?
No.
> even though ntpq shows that the connection failed
That's a bug in ntpd and/or ntpq. It should be saying "no" rather than
"bad".
If the client doesn't get a response, it can't tell if that's because the network lost a packet or the server didn't like the authentication.
It would be possible to log actual authentication errors. But then you have to add rate limiting so a bad guy doesn't fill up your disk. It all gets complicated.
How remote is the server? Are you debugging a new authentication setup or one that stopped working? There is lots of filtering of NTP packets going on, leftover from when monlist was used for a giant DDoS. Some of that filtering let's 48 byte NTP packets through but drops longer packets. So normal NTP works but not when authenticated.
--
These are my opinions. I hate spam.
More information about the users
mailing list