Description of problem:

ntp supports authentication of servers. The package could do something
to make the setup easier:

1. create a keysdir, e.g. under /etc/ntp/crypto. Add this to ntp.conf
   as
   (a) 'keysdir /etc/ntp/crypto', or
   (b) configure it the default path (preferred); this path is currently
       /usr/local/etc (accordingly doc)

2. handle the '.rnd' file which is required for the crypto operation;
   this file must be read- and writable by ntpd. It is searched at
   $HOME/.rnd or $RANDFILE.  Unfortunately, $HOME is /etc/ntp which is
   a really bad place for writable files, so:
   (a) define $RANDFILE in the initscripts, or
   (b) change the user's homedirectory, or
   (c) add 'crypto randfile <location>' to ntp.conf

   A good place for .rnd might be /var/lib/ntp or a subdirectory there
   (might be needed because of SELinux labeling).

3. Add

   | crypto

   to ntp.conf



Users will have to create the keys himself, e.g. with

| cd /etc/ntp/crypto && su ntpd -c 'ntp-keygen -T'

on the server, and

| cd /etc/ntp/crypto && su ntpd -c 'ntp-keygen'

on the clients. There exist other methods for handling groups of
server also. See 'keygen.html' in the ntp-docs for details.



These change will require some SELinux changes also:

* a new ntpd_keyfile_t and ntpd_rndfile_t type
* a corresponding labeling of the crypto-dir and .rnd file
* adapted permissions