pfSense

Per discussions in #8794, PR #4658, and this forum discussion some improvements to authenticated NTP are needed.

• Multiple NTP keys
• NTP key assignments on a per server basis

Some general reworking of the NTPD service configuration is also needed, both in general and in order to support these changes:

• Reformat the config.xml's <timeservers> and <ntpd> sections to better handle per-server configurations
  • Likely Implementation: Remove the standalone <timeservers> section entirely, or at least disabled when the <ntpd> section is enabled
• Handle the distinction between NTP Client settings managed under System > General Setup and Services > NTP since these are not actually separate services, but both configure the same NTPD config file /var/etc/ntpd.conf
  • Likely Implementation: Replace the Timeservers field under System > General Setup when the NTP service is enabled with a note indicating such is the case and link to the NTP > Services page

Finally, for both security/separation of privileges reasons and for ease of use/implementation, the keys for Authenticated NTP should be split into a dedicated tab on the NTP services page with its own permission.