[ntp:questions] ntp and iff authentication

Giovanni Clemente giovanni.clemente at mail.ing.unibo.it
Fri Apr 8 13:20:00 UTC 2005


Hello,
I'm trying to configure an authenticated ntp service at my department,
but I can't figure out how to get IFF work.

Here is a graph of my expected configuration:

  host ien1                      host ien2    stratum 1 servers from
       ^  ^                         ^   ^   Italy's ref. time institute
       |  |                         |   |
       |  +-------------------------+   |
       |  |                             |
       +--|-----------------------------+
          |                             |
          |                             |
host timeserv1  <-- peers -->  host timeserv2   stratum 2 servers in
        |                               |        my dep. These will be
        |                               |        the roots of my group
        +-------------+---------+       |
        |             |         |       |
        v             v         v       |
                                        |
        +-------------+---------+-------+
        |             |         |
        v             v         v
      client1       client2    clientn           stratum 3 clients

I would let timeserv1 and timeserv2 be both trusted
hosts of a single group, using IFF identity scheme, and
be able to identify their clients with both client group
keys and server group keys (not trusted).

My problem is that I can't configure timeserv1 and timeserv2
to authenticate each other as peers, since I don't know how
ntpkey_IFFpar_ files should be deployed.

Any suggestion?

Thank you,
Giovanni
Italy





More information about the questions mailing list