[ntp:questions] NTP Autokey problem

Kommuri, Srikanth (STSD) srikanth.k at hp.com
Wed Jun 8 14:37:37 UTC 2005


Hi,


Following is the scenario being tried out by myself to establish an autokey (GQ scheme) authenticated  client-server association. 

In the server machine:

- ntp.conf in the server_machine
     crypto pw serverpassword
     keysdir ./
     server  127.127.1.0
     fudge   127.127.1.0 stratum 10
     server <primary_server> iburst prefer

- I generate the required parameter files, keyfiles and certificates using
    /usr/sbin/ntp-keygen -T -G -p serverpassword

- Transfer the generated GQ-parameter file ntpkey_GQpar_servername.3327213795 to the client.

- Run 
    /usr/sbin/ntpd -c ntp.conf -l log 
    and wait until the server gets synchronised to the primary server and the server's stratum gets reduced to 2


In the client machine:

- ntp.conf in the client
    crypto pw clientpassword
    keysdir ./
    server <server_machine> autokey iburst

- Generate the required keyfiles using
    /usr/sbin/ntp-keygen -H -p clientpassword
    (The GQ parameter file of step 3 is earlier transferred to this machine)

- Create a soft link to the parameter file
    ln -s ntpkey_GQpar_servername.332721379 ntpkey_gq_servername

- Run 
    /usr/sbin/ntpd -c ntp.conf -l log

On Quering the status of the client ntpd the reachability register remains 0 and I get an error message of the form 

8 Jun 16:59:33 ntpd[22234]: crypto_key error:06065064:digital envelope routines:EVP_DecryptFinal:baddecrypt
8 Jun 16:59:33 ntpd[22234]: crypto_ident: no compatible identity scheme found
8 Jun 16:59:33 ntpd[22234]: transmit: crypto error for <server_machine>

My doubts are 
1. What is wrong with my configuration?
2. Which exactly is the client key which is to be transferred to the client machine if not for ntpkey_GQpar_server.332721379 ?



Thanks in Advance,
-Srikanth K.



More information about the questions mailing list