diff --git a/ntp.h b/ntp.h
index d66c7c0..4e5ee92 100644
--- a/ntp.h
+++ b/ntp.h
@@ -112,10 +112,10 @@ typedef struct {
 
 /* Enumeration for authentication modes of NTP packets */
 typedef enum {
-  AUTH_NONE = 0,     /* No authentication */
-  AUTH_SYMMETRIC,    /* MAC using symmetric key (RFC 1305, RFC 5905) */
-  AUTH_MSSNTP,       /* MS-SNTP authenticator field */
-  AUTH_MSSNTP_EXT,   /* MS-SNTP extended authenticator field */
+  NTP_AUTH_NONE = 0,            /* No authentication */
+  NTP_AUTH_SYMMETRIC,           /* MAC using symmetric key (RFC 1305, RFC 5905) */
+  NTP_AUTH_MSSNTP,              /* MS-SNTP authenticator field */
+  NTP_AUTH_MSSNTP_EXT,          /* MS-SNTP extended authenticator field */
 } NTP_AuthMode;
 
 /* Structure describing an NTP packet */
diff --git a/ntp_auth.c b/ntp_auth.c
index d6a4959..9f20e84 100644
--- a/ntp_auth.c
+++ b/ntp_auth.c
@@ -96,11 +96,11 @@ static void
 adjust_timestamp(NTP_AuthMode mode, uint32_t key_id, struct timespec *ts)
 {
   switch (mode) {
-    case AUTH_SYMMETRIC:
+    case NTP_AUTH_SYMMETRIC:
       ts->tv_nsec += KEY_GetAuthDelay(key_id);
       UTI_NormaliseTimespec(ts);
       break;
-    case AUTH_MSSNTP:
+    case NTP_AUTH_MSSNTP:
       ts->tv_nsec += NSD_GetAuthDelay(key_id);
       UTI_NormaliseTimespec(ts);
     default:
@@ -142,7 +142,7 @@ create_instance(NTP_AuthMode mode)
 NAU_Instance
 NAU_CreateNoneInstance(void)
 {
-  return create_instance(AUTH_NONE);
+  return create_instance(NTP_AUTH_NONE);
 }
 
 /* ================================================== */
@@ -150,7 +150,7 @@ NAU_CreateNoneInstance(void)
 NAU_Instance
 NAU_CreateSymmetricInstance(uint32_t key_id)
 {
-  NAU_Instance instance = create_instance(AUTH_SYMMETRIC);
+  NAU_Instance instance = create_instance(NTP_AUTH_SYMMETRIC);
 
   instance->key_id = key_id;
 
@@ -175,7 +175,7 @@ NAU_DestroyInstance(NAU_Instance instance)
 int
 NAU_IsAuthEnabled(NAU_Instance instance)
 {
-  return instance->mode != AUTH_NONE;
+  return instance->mode != NTP_AUTH_NONE;
 }
 
 /* ================================================== */
@@ -185,7 +185,7 @@ NAU_GetSuggestedNtpVersion(NAU_Instance instance)
 {
   /* If the MAC in NTPv4 packets would be truncated, prefer NTPv3 for
      compatibility with older chronyd servers */
-  if (instance->mode == AUTH_SYMMETRIC &&
+  if (instance->mode == NTP_AUTH_SYMMETRIC &&
       KEY_GetAuthLength(instance->key_id) + sizeof (instance->key_id) > NTP_MAX_V4_MAC_LENGTH)
     return 3;
 
@@ -219,9 +219,9 @@ int
 NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request, NTP_PacketInfo *info)
 {
   switch (instance->mode) {
-    case AUTH_NONE:
+    case NTP_AUTH_NONE:
       break;
-    case AUTH_SYMMETRIC:
+    case NTP_AUTH_SYMMETRIC:
       if (!generate_symmetric_auth(instance->key_id, request, info))
         return 0;
       break;
@@ -253,7 +253,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
   /* In NTPv3 and older packets don't have extension fields.  Anything after
      the header is assumed to be a MAC. */
   if (info->version <= 3) {
-    info->auth.mode = AUTH_SYMMETRIC;
+    info->auth.mode = NTP_AUTH_SYMMETRIC;
     info->auth.mac.start = parsed;
     info->auth.mac.length = remainder;
     info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
@@ -262,9 +262,9 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
        field with zeroes as digest */
     if (info->version == 3 && info->auth.mac.key_id) {
       if (remainder == 20 && is_zero_data(data + parsed + 4, remainder - 4))
-        info->auth.mode = AUTH_MSSNTP;
+        info->auth.mode = NTP_AUTH_MSSNTP;
       else if (remainder == 72 && is_zero_data(data + parsed + 8, remainder - 8))
-        info->auth.mode = AUTH_MSSNTP_EXT;
+        info->auth.mode = NTP_AUTH_MSSNTP_EXT;
     }
 
     return 1;
@@ -272,7 +272,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
 
   /* Check for a crypto NAK */
   if (remainder == 4 && ntohl(*(uint32_t *)(data + parsed)) == 0) {
-    info->auth.mode = AUTH_SYMMETRIC;
+    info->auth.mode = NTP_AUTH_SYMMETRIC;
     info->auth.mac.start = parsed;
     info->auth.mac.length = remainder;
     info->auth.mac.key_id = 0;
@@ -322,7 +322,7 @@ NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info)
     /* This is not 100% reliable as a MAC could fail to authenticate and could
        pass as an extension field, leaving reminder smaller than the minimum MAC
        length */
-    info->auth.mode = AUTH_SYMMETRIC;
+    info->auth.mode = NTP_AUTH_SYMMETRIC;
     info->auth.mac.start = parsed;
     info->auth.mac.length = remainder;
     info->auth.mac.key_id = ntohl(*(uint32_t *)(data + parsed));
@@ -339,13 +339,13 @@ int
 NAU_CheckRequestAuth(NTP_Packet *request, NTP_PacketInfo *info)
 {
   switch (info->auth.mode) {
-    case AUTH_NONE:
+    case NTP_AUTH_NONE:
       break;
-    case AUTH_SYMMETRIC:
+    case NTP_AUTH_SYMMETRIC:
       if (!check_symmetric_auth(request, info))
         return 0;
       break;
-    case AUTH_MSSNTP:
+    case NTP_AUTH_MSSNTP:
       /* MS-SNTP requests are not authenticated */
       break;
     default:
@@ -371,13 +371,13 @@ NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
                          NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr)
 {
   switch (request_info->auth.mode) {
-    case AUTH_NONE:
+    case NTP_AUTH_NONE:
       break;
-    case AUTH_SYMMETRIC:
+    case NTP_AUTH_SYMMETRIC:
       if (!generate_symmetric_auth(request_info->auth.mac.key_id, response, response_info))
         return 0;
       break;
-    case AUTH_MSSNTP:
+    case NTP_AUTH_MSSNTP:
       /* Sign the packet asynchronously by ntp_signd */
       if (!NSD_SignAndSendPacket(request_info->auth.mac.key_id, response, response_info,
                                  remote_addr, local_addr))
@@ -399,7 +399,7 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
 {
   /* If we don't expect the packet to be authenticated, ignore any
      authentication data in the packet */
-  if (instance->mode == AUTH_NONE)
+  if (instance->mode == NTP_AUTH_NONE)
     return 1;
 
   /* The authentication must match the expected mode */
@@ -407,9 +407,9 @@ NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInf
     return 0;
 
   switch (info->auth.mode) {
-    case AUTH_NONE:
+    case NTP_AUTH_NONE:
       break;
-    case AUTH_SYMMETRIC:
+    case NTP_AUTH_SYMMETRIC:
       /* Check if it is authenticated with the specified key */
       if (info->auth.mac.key_id != instance->key_id)
         return 0;
diff --git a/ntp_core.c b/ntp_core.c
index 9ce133a..38917ed 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1278,7 +1278,7 @@ parse_packet(NTP_Packet *packet, int length, NTP_PacketInfo *info)
   info->version = NTP_LVM_TO_VERSION(packet->lvm);
   info->mode = NTP_LVM_TO_MODE(packet->lvm);
   info->ext_fields = 0;
-  info->auth.mode = AUTH_NONE;
+  info->auth.mode = NTP_AUTH_NONE;
 
   if (info->version < NTP_MIN_COMPAT_VERSION || info->version > NTP_MAX_COMPAT_VERSION) {
     DEBUG_LOG("NTP packet has invalid version %d", info->version);
@@ -2075,7 +2075,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
   /* If it is an NTPv4 packet with a long MAC and no extension fields,
      respond with a NTPv3 packet to avoid breaking RFC 7822 and keep
      the length symmetric.  Otherwise, respond with the same version. */
-  if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == AUTH_SYMMETRIC &&
+  if (info.version == 4 && info.ext_fields == 0 && info.auth.mode == NTP_AUTH_SYMMETRIC &&
       info.auth.mac.length > NTP_MAX_V4_MAC_LENGTH)
     version = 3;
   else