Configuring a LINUX based NTP Time Server
Summary: This article gives a step-by-step guide in configuring LINUX to act as an authoritative time server using NTP (Network Time Protocol).
Computer time synchronisation is highly important in modern computer networks, precision and time synchronization is critical in many applications, particularly time sensitive transactions. Just imagine buying an airline seat only to be told at the airport that the ticket was sold twice because it was purchased afterwards on a computer that had a slower clock!
Modern computers do have internal clocks called Real Time Clock chips (RTC) that provide time and date information. These chips are battery backed so that even during power outages, they can maintain time but personal computers are not designed to be perfect clocks. Their design has been optimized for mass production and low-cost rather than maintaining accurate time.
For many applications, this is can be quite adequate, although, quite often machines need time to be synchronised with other PC’s on a network and when computers are out of sync with each other problems can arise such as sharing network files or in some environments even fraud!
Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information along so that a precise time can be obtained. As NTP was originally written for LINUX many LINUX based operating systems already have a version of NTP installed. However the source code is free to download from the NTP website (ntp.org) the most recent version being v 4.2.4.
NTP (version 4) can maintain time over the public Internet to within 10 milliseconds (1/100th of a second) and can perform even better over LANs with accuracies of 200 microseconds (1/5000th of a second) under ideal conditions.
NTP works within the TCP/IP suite and relies on UDP, a less complex form of NTP exists called Simple Network Time Protocol (SNTP) that does not require the storing of information about previous communications, needed by NTP. It is used in some devices and applications where high accuracy timing is not as important.
The NTP background program is configured with the file ‘ntp.conf’. this may contain a list of public NTP server references that can be used to synchronise time. NTP time servers are specified using the ‘server’ command, any characters after the ‘#’ symbol are comments:
Example
server time-a.nist.gov # Public NTP server: Maryland
When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)
NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘ntp.keys’ file.
Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.
Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.