[ntp:questions] Autokey configuration

[jacek igalson]

Hello Steve,
my ntpd is 4.2.6 for both client and server.
Regards. Jacek

Uzytkownik "Steve Kostecke" <kostecke at ntp.org> napisal w wiadomosci 
news:slrnhr3uo7.b63.kostecke at stasis.kostecke.net...
> On 2010-03-30, jacek igalson <igalson at neptune.zit.tpnet.pl.cutthisout> 
> wrote:
>
>> My question concerns  Autokey configuration. I followed the instructions
>> contained in: http://psp2.ntp.org/bin/view/Support/ConfiguringAutokey
>
> The configuration information in that document is only valid for NTP up
> to version 4.2.4. This is clearly stated in the first sentence on that
> page.
>
> What version are you using?
>
>> I have chosen unicast association and identity scheme: IFF.
>>
>> I went through the installation and got the authentication status ok in 
>> the
>> column auth.
>
> The auth column is a bit misleading. You must look at the flags for each
> association.
>
>> My flags = 0x87f01 and differs from this which is in the Guide
>> ( 0x83f21 ). What does that mean?
>
> The second bit (0x00*0) indicates the identity scheme in use. Since this
> bit is clear you are using the default Trusted Certificate (TC) mode.
> For IFF you would see 0x0020.
>
> BTW The flags are decoded at the bottom of Support.ConfiguringAutokey
>
> 0x87f01 =~
>
> #define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
> #define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
> #define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
> #define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
> #define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
> #define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
> #define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
> #define CRYPTO_FLAG_LEAP  0x4000 /* leapseconds table verified */
>
> -- 
> Steve Kostecke <kostecke at ntp.org>
> NTP Public Services Project - http://support.ntp.org/