[ntp:questions] Authentication problem

Serge Bets serge.bets at NOSPAM.laposte.invalid
Wed Feb 27 14:30:23 UTC 2008

Hello Harlan,

 On Wednesday, February 27, 2008 at 5:53:09 +0000, Harlan Stenn wrote:

> I suspect one of your command choices *requires* a key and for the
> other it is optional.  That's just a guess though...

Both "addserver" and "unconfig" require a keyid/password pair.

Some confusion may come from the fact that "addserver" can have to deal
with 2 different keyids, one to authenticate the sent ntpdc command, and
another to authenticate the added server.

 - In "addserver <ip> <keyid>", the keyid is to be used by the added
association. No prompt for a password, the remote client and its server
have identical ntp.keys values for this keyid, and they will use it in
usual mode 3 and 4 packets (client/server mode).

 - When you enter "keyid <keyid>", or reply to the "Keyid:" prompt, this
should be used only for the sent mode 7 commands. You are prompted for
a password, and the remote client you attempt to reconfigure has the
trusted-request-keyid/password in its ntp.keys.

This was the original design. However the patch in bug 401 messed-up
this clear separation. Solution: remove this harmful patch. And keep bug
401 open, waiting for its own rethinked solution. Removing the patch
will also automagically fix bug 1003, AFAICS.

Serge point Bets arobase laposte point net

More information about the questions mailing list