[ntp:bk-ntp-dev-send] BitKeeper patch

Harlan Stenn stenn at mail.eecis.udel.edu
Tue Nov 8 21:33:52 PST 2005


This BitKeeper patch contains the following changesets:
stenn at deacon.udel.edu|ChangeSet|20051109053254|20554

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# ID:	stenn at whimsy.udel.edu|ChangeSet|19990526004811|57482|8983e65c737bb465
# User:	stenn
# Host:	deacon.udel.edu
# Root:	/deacon/backroom/ntp-dev

#
#--- 1.36/html/authopt.html	2005-11-07 03:15:21 -05:00
#+++ 1.37/html/authopt.html	2005-11-09 00:32:40 -05:00
#@@ -13,7 +13,7 @@
# 		<h3>Authentication Options</h3>
# 		<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
# 		<p>Our resident cryptographer; now you see him, now you don't.</p>
#-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">04:49</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Saturday, November 05, 2005</csobj></p>
#+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">00:46</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="299">Tuesday, November 08, 2005</csobj></p>
# 		<br clear="left">
# 		<h4>Related Links</h4>
# 		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
#@@ -112,6 +112,7 @@
# 			<dd>Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt> programs. The authentication procedures require that both the local and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The <tt><i>key</i></tt> arguments are 32-bit unsigned integers with values from 1 to 65,534.
# 		</dl>
# 		<h4 id="err">Error Codes</h4>
#+		<p>Errors can occur due to mismatched configurations, unexpected restarts, expired certificates and unfriendly people. In most cases the protocol state machine recovers automatically by retransmission, timeout and restart, where necessary. Some errors are due to mismatched keys, digest schemes or identity schemes and must be corrected by installing the correct media and/or correcting the configuration file. One of the most common errrors is expired certificates, which must be regenerated and signed at least once per year using the <tt><a href="ntp-keygen.html">ntp-keygen</a></tt> program.</p>
# 		<p>The following error codes are reported via the NTP control and monitoring protocol trap mechanism.</p>
# 		<dl>
# 			<dt>101 (bad field format or length)
#@@ -124,24 +125,23 @@
# 			<dd>The public key is missing, has incorrect format or is an unsupported type.
# 			<dt>105 (unsupported digest type)
# 			<dd>The server requires an unsupported digest/signature scheme.
#-			<dt>106 (mismatched digest types)
#-			<dd>Not used.
#-			<dt>107 (bad signature length)
#+			<dt>106 (unsupported identity type)<dd>The client or server has requested an identity scheme the other does not support.<dt>107 (bad signature length)
# 			<dd>The signature length does not match the current public key.
# 			<dt>108 (signature not verified)
# 			<dd>The message fails the signature check. It could be bogus or signed by a different private key.
# 			<dt>109 (certificate not verified)
#-			<dd>The certificate is invalid or signed with the wrong key.
#-			<dt>110 (certificate not verified)
#-			<dd>The certificate is not yet valid or has expired or the signature could not be verified.
#-			<dt>111 (bad or missing cookie)
#+			<dd>The certificate is invalid or signed with the wrong key.<dt>110 (host certificate expired)<dd>The old server certificate has expired.<dt>111 (bad or missing cookie)
# 			<dd>The cookie is missing, corrupted or bogus.
# 			<dt>112 (bad or missing leapseconds table)
# 			<dd>The leapseconds table is missing, corrupted or bogus.
# 			<dt>113 (bad or missing certificate)
# 			<dd>The certificate is missing, corrupted or bogus.
#-			<dt>114 (bad or missing identity)
#-			<dd>The identity key is missing, corrupt or bogus.
#+			<dt>114 (bad or missing group key)<dd>The identity key is missing, corrupt or bogus.
#+		
#+			<dt>115 (protocol error)
#+			<dd>The protocol state machine has wedged due to unexpected restart
#+			<dt>116 (server certificate expired)
#+			<dd>The old server certificate has expired.
# 		</dl>
# 		<h4 id="file">Files</h4>
# 		<p>See the <a href="keygen.html"><tt>ntp-keygen</tt></a> page.</p>
#
#--- 1.7/html/keygen.html	2005-10-08 02:28:12 -04:00
#+++ 1.8/html/keygen.html	2005-11-09 00:32:40 -05:00
#@@ -13,7 +13,7 @@
# 		<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
# 		<img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
# 		<p>Alice holds the key.</p>
#-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">03:35</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="286">Friday, September 23, 2005</csobj></p>
#+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">22:32</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="294">Monday, November 07, 2005</csobj></p>
# 		<br clear="left">
# 		<h4>Related Links</h4>
# 		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
#@@ -27,7 +27,7 @@
# 			<li class="inline"><a href="#exam">Example</a>
# 			<li class="inline"><a href="#cmd">Command Line Options</a>
# 			<li class="inline"><a href="#rand">Random Seed File</a>
#-			<li class="inline"><a href="#fmt">Cryptographic Data FIles</a>
#+			<li class="inline"><a href="#fmt">Cryptographic Data Files</a>
# 			<li class="inline"><a href="#bug">Bugs</a>
# 		</ul>
# 		<hr>
#@@ -35,12 +35,12 @@
# 		<p id="intro"><tt>ntp-keygen [ -deGgHIMnPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -p <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ]</tt></p>
# 		<h4 id="descrip">Description</h4>
# 		<p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
#-		<p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. By default, files are not encrypted. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
#+		<p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
# 		<p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
#-		<p>File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is the owner name, usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
#+		<p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
# 		<p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
# 		<p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
#-		<p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same timestamp extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
#+		<p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
# 		<h4 id="run">Running the program</h4>
# 		<p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
# 		<p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
#

# Diff checksum=38feed70


# Patch vers:	1.3
# Patch type:	REGULAR

== ChangeSet ==
stenn at whimsy.udel.edu|ChangeSet|19990526004811|57482|8983e65c737bb465
stenn at deacon.udel.edu|ChangeSet|20051108031110|20546
D 1.1435 05/11/09 00:32:54-05:00 stenn at deacon.udel.edu +2 -0
B stenn at whimsy.udel.edu|ChangeSet|19990526004811|57482|8983e65c737bb465
C
c Documentation fixes from Dave Mills
K 20554
P ChangeSet
------------------------------------------------

0a0
> stenn at whimsy.udel.edu|html/authopt.htm|19990526004812|01635|3aed0663 stenn at deacon.udel.edu|html/authopt.html|20051109053240|63114
> stenn at whimsy.udel.edu|html/keygen.html|20030121222320|65478|fb3955eeef5baa19 stenn at deacon.udel.edu|html/keygen.html|20051109053240|19585

== html/authopt.html ==
stenn at whimsy.udel.edu|html/authopt.htm|19990526004812|01635|3aed0663
stenn at deacon.udel.edu|html/authopt.html|20051107081521|53692
D 1.37 05/11/09 00:32:40-05:00 stenn at deacon.udel.edu +10 -10
B stenn at whimsy.udel.edu|ChangeSet|19990526004811|57482|8983e65c737bb465
C
c Documentation fixes from Dave Mills
K 63114
O -rw-rw-r--
P html/authopt.html
------------------------------------------------

D16 1
I16 1
		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">00:46</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="299">Tuesday, November 08, 2005</csobj></p>
I114 1
		<p>Errors can occur due to mismatched configurations, unexpected restarts, expired certificates and unfriendly people. In most cases the protocol state machine recovers automatically by retransmission, timeout and restart, where necessary. Some errors are due to mismatched keys, digest schemes or identity schemes and must be corrected by installing the correct media and/or correcting the configuration file. One of the most common errrors is expired certificates, which must be regenerated and signed at least once per year using the <tt><a href="ntp-keygen.html">ntp-keygen</a></tt> program.</p>
D127 3
I129 1
			<dt>106 (unsupported identity type)<dd>The client or server has requested an identity scheme the other does not support.<dt>107 (bad signature length)
D134 4
I137 1
			<dd>The certificate is invalid or signed with the wrong key.<dt>110 (host certificate expired)<dd>The old server certificate has expired.<dt>111 (bad or missing cookie)
D143 2
I144 6
			<dt>114 (bad or missing group key)<dd>The identity key is missing, corrupt or bogus.
		
			<dt>115 (protocol error)
			<dd>The protocol state machine has wedged due to unexpected restart
			<dt>116 (server certificate expired)
			<dd>The old server certificate has expired.

== html/keygen.html ==
stenn at whimsy.udel.edu|html/keygen.html|20030121222320|65478|fb3955eeef5baa19
stenn at deacon.udel.edu|html/keygen.html|20051008062812|20031
D 1.8 05/11/09 00:32:40-05:00 stenn at deacon.udel.edu +5 -5
B stenn at whimsy.udel.edu|ChangeSet|19990526004811|57482|8983e65c737bb465
C
c Documentation fixes from Dave Mills
K 19585
O -rw-rw-r--
P html/keygen.html
------------------------------------------------

D16 1
I16 1
		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">22:32</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="294">Monday, November 07, 2005</csobj></p>
D30 1
I30 1
			<li class="inline"><a href="#fmt">Cryptographic Data Files</a>
D38 1
I38 1
		<p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
D40 1
I40 1
		<p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
D43 1
I43 1
		<p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>

# Patch checksum=5ed30d95


More information about the bk-ntp-dev-send mailing list