[ntp:hackers] Autokey and the pool

Kurt Roeckx kurt at roeckx.be
Wed Sep 12 18:56:24 UTC 2012


Someone basicly asked to change the default configuration in
Debian to do authentication using the pool.

So the first question I have is that this possible with the
current software or not, and what needs to change if it's not.

Looking a the documentation, I think the only option we have
for that is using IFF.  Are there other options?

We would need to collect all the public information (IFF
parameters) from pool servers that support it and distribute
that to the client.  I don't think this part should be a
big problem.

Trying to understand how everything works, I would expect
ntpd to currently look for the iff parameters based on what
is on the server line in the config file, but that doesn't
even seem to be the case.  So this will most likely fail
for the pool system?  Could this be worked around by doing
a reverse lookup or something?

Are their other things why this would not work?

One thing I've learned so far trying to set this up,
I need to set my "ident" to the one from the server,
else it's not reading the iffkey file.  Is this
expected behaviour?  Does that mean I can't be a client
in different "groups"?  Or that all severs from the
pool need to share the iffkeys, and have their
private key be assigned by someone else?

Anyway, I can't seem to get this working.


More information about the hackers mailing list