[ntp:questions] Re: autokey setup with GQ Identity Scheme

Steve Kostecke kostecke at ntp.isc.org
Tue Jun 6 02:21:14 UTC 2006


On 2006-06-06, David L. Mills <mills at udel.edu> wrote:

>Dave Mills wrote:
>
>> Steve Kostecke wrote:
>>
>>> 3. Generate GQ parameters on each peer:
>>>
>>>     ntp-keygen -T -G -p common_password

<snip>

>>> 4. 'cross copy' the GQPar files between the systems which will be peers
>>> and create the sum-link. In a two peer trust group you would see the
>>> following in each peers' keys dir (in addition to the host parameters):
>>>
>>> ntpkey_GQpar_peer1.xxxxxxxxxx
>>> ntpkey_GQpar_peer2.xxxxxxxxxx
>>> ntpkey_gq_peer1 -> ntpkey_GQpar_peer1.xxxxxxxxxx
>>> ntpkey_gq_peer2 -> ntpkey_GQpar_peer2.xxxxxxxxxx
>>
>> This of course is the acid test for Autokey - symmetric modes and
>> something other than IFF.
>
> Further to my last: Remember, there must be a valid certificate
> trail from every dependent host to a host with trusted, self-signed
> certificate.

<snip>

> ... how about making all peers trusted and all have all the keys for.

That's what I did.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list