[ntp:questions] ntp: symmetric-active mode and autokey iff

[Bartholome, Alain]

Hello,

I am trying to use  symmetric-active mode  with autokey  and IFF  for 2
systems in the same secure group.

 

I am using 4.2.5p246-RC on windows.

 

I use 3 systems A, B, C.

 

B and C use autokey  with identity scheme IFF.  B is the trusted host.

 

1)With the client/server mode, the following configuration works:

       A

        |

       B

        |

       C

ntp.conf of B:

 

keysdir d:\appli\ntp\etc

crypto pw  pass1 ident group1

server  A

 

Contents of d:\appli\ntp\etc of B:

 

ntpkey_cert_B

ntpkey_host_B

ntpkey_iffkey_group1

ntpkey_iffpar_group1

 

ntp.conf of C:

 

keysdir d:\appli\ntp\etc

crypto pw  pass1 ident group1

server B autokey

 

 

Contents of d:\appli\ntp\etc of C:

 

ntpkey_cert_C

ntpkey_host_C

ntpkey_iffpar_group1

 

2)With the symmetric-active mode ( with the same key and security files than
with client/server mode)  , the following configuration does not work:

  

        A

       /   \

      B -C

 

ntp.conf of B:

 

keysdir d:\appli\ntp\etc

crypto pw  pass1 ident group1

server A

peer C autokey

 

ntp.conf of C:

 

keysdir d:\appli\ntp\etc

crypto pw  pass1 ident group1

server A

peer B autokey

 

In cryptostats file of B, there are "protocol_error" and
"unsupported_identity_type"  records.

 

In the example of the documentation, the systems using symmetric-active mode
(groups Blue and red) are in different groups. Is it an obligation?

 

Regards,

Alain.