Description of problem: ntp supports authentication of servers. The package could do something to make the setup easier: 1. create a keysdir, e.g. under /etc/ntp/crypto. Add this to ntp.conf as (a) 'keysdir /etc/ntp/crypto', or (b) configure it the default path (preferred); this path is currently /usr/local/etc (accordingly doc) 2. handle the '.rnd' file which is required for the crypto operation; this file must be read- and writable by ntpd. It is searched at $HOME/.rnd or $RANDFILE. Unfortunately, $HOME is /etc/ntp which is a really bad place for writable files, so: (a) define $RANDFILE in the initscripts, or (b) change the user's homedirectory, or (c) add 'crypto randfile <location>' to ntp.conf A good place for .rnd might be /var/lib/ntp or a subdirectory there (might be needed because of SELinux labeling). 3. Add | crypto to ntp.conf Users will have to create the keys himself, e.g. with | cd /etc/ntp/crypto && su ntpd -c 'ntp-keygen -T' on the server, and | cd /etc/ntp/crypto && su ntpd -c 'ntp-keygen' on the clients. There exist other methods for handling groups of server also. See 'keygen.html' in the ntp-docs for details. These change will require some SELinux changes also: * a new ntpd_keyfile_t and ntpd_rndfile_t type * a corresponding labeling of the crypto-dir and .rnd file * adapted permissions
Implemented in ntp-4.2.4p2-2.fc8. Thanks for the report.