[ntp:questions] Autokey configuration

Steve Kostecke kostecke at ntp.org
Tue Mar 30 13:22:15 UTC 2010

On 2010-03-30, jacek igalson <igalson at neptune.zit.tpnet.pl.cutthisout> wrote:

> My question concerns  Autokey configuration. I followed the instructions 
> contained in: http://psp2.ntp.org/bin/view/Support/ConfiguringAutokey

The configuration information in that document is only valid for NTP up
to version 4.2.4. This is clearly stated in the first sentence on that

What version are you using?

> I have chosen unicast association and identity scheme: IFF.
> I went through the installation and got the authentication status ok in the 
> column auth.

The auth column is a bit misleading. You must look at the flags for each

> My flags = 0x87f01 and differs from this which is in the Guide 
> ( 0x83f21 ). What does that mean?

The second bit (0x00*0) indicates the identity scheme in use. Since this
bit is clear you are using the default Trusted Certificate (TC) mode.
For IFF you would see 0x0020.

BTW The flags are decoded at the bottom of Support.ConfiguringAutokey

0x87f01 =~

#define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
#define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
#define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
#define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
#define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
#define CRYPTO_FLAG_LEAP  0x4000 /* leapseconds table verified */

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list