[ntp:questions] Authentication problem

[Serge Bets]

Hello Harlan,

 On Wednesday, February 27, 2008 at 5:53:09 +0000, Harlan Stenn wrote:

> I suspect one of your command choices *requires* a key and for the
> other it is optional.  That's just a guess though...

Both "addserver" and "unconfig" require a keyid/password pair.

Some confusion may come from the fact that "addserver" can have to deal
with 2 different keyids, one to authenticate the sent ntpdc command, and
another to authenticate the added server.

 - In "addserver <ip> <keyid>", the keyid is to be used by the added
association. No prompt for a password, the remote client and its server
have identical ntp.keys values for this keyid, and they will use it in
usual mode 3 and 4 packets (client/server mode).

 - When you enter "keyid <keyid>", or reply to the "Keyid:" prompt, this
should be used only for the sent mode 7 commands. You are prompted for
a password, and the remote client you attempt to reconfigure has the
trusted-request-keyid/password in its ntp.keys.

This was the original design. However the patch in bug 401 messed-up
this clear separation. Solution: remove this harmful patch. And keep bug
401 open, waiting for its own rethinked solution. Removing the patch
will also automagically fix bug 1003, AFAICS.


Serge.
-- 
Serge point Bets arobase laposte point net