[ntp:questions] ntp-keygen IFF
David Mills
mills at udel.edu
Mon May 18 18:49:35 UTC 2009
Grzegorz,
With reference to the documentation, you act as a trusted agent (TA) to
generate cryptographic media for a trusted host (TH) whose name is
specifiied in the -s option of ntp-keygen.
Dave
Grzegorz Daniluk wrote:
>Hi,
>did anybody try to generate keys and certificate for IFF scheme using
>ntp-keygen, but outside the server that will use it ? or maybe it is not
>possible ?
>E.g. I need to generate keys and signed certificate on my computer for
>another server (lets say whose hostname is 'A'). Then I tried like this:
>
>ntp-keygen -T -I -s A -p serverpasswd
>and then exporting group key:
>ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
>
>after this I've sent created files (without group.key) to the server 'A'
>and used ntp-keygen and group.key to create keys on client as described
>on support.ntp.org
>
>however, after running ntp on those machines (both stable ntp-4.2.4p7)
>with debugging (-d) option server A says:
>May 18 13:41:22 A ntpd[74185]: report_event: err
>'bad_or_missing_certificate' (0x10d), no peer
>
>and of course client fails to query server A.
>
>When I've generated self-signed certificate and keys on the server A
>(then running ntp-keygen without '-s' option) everything works fine.
>
>Thank you in advance,
>Best Regards,
>Grzegorz Daniluk
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>
>
More information about the questions
mailing list