The logic of NTP authentication, who can speak with whom (sec, non-sec ntp client, server)?

You can have both types of clients (with and without authentication) and they can speak with the same NTP server. For instance, if your server has an authentication enabled you can have also clients without authentication and they can still synchronize their clocks. The authentication doesn’t protect against unauthorized clients who are in the network but against false NTP servers. If you install unauthorized server with wrong or without password, clients with password won’t synchronize their clocks with the NTP server. So, it’s better to have clients with authentication enabled, they are protected against such attacks.

ntp server (no auth) <---->   ntp client (no auth)
ntp server (auth)    <---->   ntp client (auth)
ntp server (auth)    <---->   ntp client (no auth)
ntp server (auth)    <--X-->  ntp client (auth) different passwords
ntp server (no auth) <--X-->  ntp client (auth)
 
7
Kudos
 
7
Kudos

Now read this

ACS, tacacs+ and management access to router

I would like to test tacacs+ authentication on routers. R1#sh run aaa ! aaa authentication login ACS group tacacs+ aaa authentication enable default group tacacs+ ! ! ! ! ! ! tacacs-server host 192.168.157.100 key cisco aaa new-model aaa... Continue →