[ntp:questions] autokey IFF client setup
mills at udel.edu
Fri May 8 20:15:37 UTC 2009
See the cryptotype table on the Authentication Options page. If a client
needs IFF identity, all it needs is the IFF parameters file; the rest is
Victor Jesus Angus wrote:
>Further reading Authentication Options and stime.pdf, is it safe to say that given the setup below and using the Schnorr/IFF scheme,
>1. the group name is not needed on the clients ?
>2. there's no need to send any server files/keys to the client and still IFF will work as designed ?
>Again how else do you know that the scheme is working other than being able to receive the time?
> client1 | client3 |
> client2 client4
>--- On Thu, 5/7/09, Victor Jesus Angus <shurvic at yahoo.com> wrote:
>>From: Victor Jesus Angus <shurvic at yahoo.com>
>>Subject: [ntp:questions] autokey IFF client setup
>>To: questions at lists.ntp.org
>>Date: Thursday, May 7, 2009, 12:08 PM
>>NTP client was not able to detect the IFF config files
>>because the crypto_flags in crypto_setup() shows the
>>crypto_setup: setup 0x80001 host myclient
>>I'm using 4.2.5p158 and have the following configurations.
>>$ cat /etc/ntp.conf
>>server myserver.domain.com autokey
>>crypto pw myclientpass
>>crypto randfile /dev/urandom
>>$ ls /etc/ntp
>>ntpkey_iff_myclient -> ntpkey_host_myclient
>>It was able to transmit the request though and receive a
>>response from the server but not sure if it is really using
>>the IFF scheme.
>>How to accurately verify this?
>>As for the flag, I checked the defines and bit 0x0020
>>should have been set during loading of key files, right?
>>6.7.2, there is a note, "Trusted ntp servers which also
>>operate as clients of other ntp servers may need to 126.96.36.199.
>>Install Group/Client Keys." If I have a client only setup,
>>then I don't need to install the group keys?
>>What is really the purpose of the group keys? If the group
>>keys are optional, what are the downside if it is not
>>questions mailing list
>>questions at lists.ntp.org
>questions mailing list
>questions at lists.ntp.org
More information about the questions