[ntp:questions] [help needed] ntp and iff authentication

Giovanni Clemente giovanni.clemente at mail.ing.unibo.it
Fri Apr 8 12:32:20 UTC 2005


Hello,
I'm trying to configure an authenticated ntp service at my department,
but I can't figure out how to get iff work.

Here is a graph of the status:

  host ien1                           host ien2        stratum 1 servers
from
       ^  ^                             ^   ^          Italy's ref. time
institute
       |  |                             |   |
       |  +-----------------------------+   |
       |  |                                 |
       +--|---------------------------------+
          |                                 |
          |                                 |
host timeserv1  <----- peers ------>  host timeserv2   stratum 2 servers
in my dep.
        |                                   |          these are the
roots of my
        |                                   |          derivative group
        +-------------+---------+           |
        |             |         |           |
        v             v         v           |
                                            |
        +-------------+---------+-----------+
        |             |         |
        v             v         v
      client1       client2    clientn                 stratum 3 clients and
                                                       auxiliary servers

I would let timeserv1 and timeserv2 be both trusted
hosts of a single group, using iff identity scheme, and
be able to identify their clients with both client group keys and server
group keys (not trusted).

My problem is that I can't configure timeserv1 and timeserv2 to
authenticate each other as peers, since I don't know how
ntpkey_IFFpar_ files should be deployed.

Any suggestion?

Thank you,
Giovanni
Italy




More information about the questions mailing list