[ntp:questions] Re: Authentication using MV identity scheme
David L. Mills
mills at udel.edu
Wed Jun 15 01:49:57 UTC 2005
Abhijith,
Have you previously used the IFF and/or GQ schemes successfully? This
would be helpful to understand how they work and to gain confidence. The
MV scheme is rather exotic and fragile if you don't get the right server
key to the server and (one of) the client keys to the client. In any
case, you should see tracks in the cryptostats logging and trace,
assuming you have turned it on.
The MV scheme remains incomplete. Its strength is the ability to revoke
a client key without changing other client keys, but there is yet no
program to actually edit the server key to revoke a client key.
Dave
abhijit madhav wrote:
> Hi everybody,
>
> Following is the scenario being tried out by myself to
> establish an autokey(MV scheme) authenticated
> client-server association.
>
> In the server machine
> 1.ntp.conf in the server_machine
> crypto pw password
> keysdir ./
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
> server <primary_server> iburst prefer
>
> 2. I generate the required parameter files, keyfiles
> and certificates using
> /usr/sbin/ntp-keygen -V 3 -p password
>
> 3. Transfer one of the generated MVkey file
> ntpkey_MVkey1_server.3327641677 to the client.
>
> 4. Run
> /usr/sbin/ntpd -c ntp.conf -l log
> and wait until the server gets synchronised to the
> primary server and the server's stratum gets reduced
> to 2
>
> In the client machine
> 5. ntp.conf in the client
> crypto pw password
> keysdir ./
> server <server_machine> autokey iburst
>
> 6. Generate the required keyfiles using
> /usr/sbin/ntp-keygen -H -p password
> (The MVkey file of step 3 is earlier transferred
> to this machine)
>
> 7. Create a soft link to the parameter file
> ln -s ntpkey_MVkey1_server.3327641677
> ntpkey_mv_servername
>
> 8. Run
> /usr/sbin/ntpd -c ntp.conf -l log
>
> On Quering the status of the client ntpd the
> reachability register remains 0, and the client does
> not get synchronised to the server.
>
> Also the flash code displays
> flash 400 not_proventic
>
>
>
> My doubts are
> What is wrong with my configuration?
>
>
> Thanks in advance,
> Abhijith Madhav
>
>
>
>
>
>
> __________________________________________________________
> Free antispam, antivirus and 1GB to save all your messages
> Only in Yahoo! Mail: http://in.mail.yahoo.com
More information about the questions
mailing list