[ntp:questions] Re: Crypto iffpar

Serge Bets serge.bets at NOSPAM.laposte.invalid
Sat Dec 3 11:42:21 UTC 2005

Hello Kevin,

 On Friday, December 2, 2005 at 19:11:09 +0000, Kevin Golder wrote:

> I'm attempting to override the ntpkey_iff_hostname link using the
> iffpar option of the crypto command.

Same failing as you. "crypto iffpar some_filename" seems to work for
the host's own IFFpar, which will be read and used. But not for another
host's IFFpar: It will be read, will activate IFF scheme negociation
(cryptostats flags 0x80023 where bit 0x20 means IFF), but will finally
not be used (crypto_ident: no compatible identity scheme found).

Note that if additionaly to some_filename, the Server's IFF parameters
file exists on Client also under the standard name ntpkey_iff_Server,
then it works.

That's either a feature, or the intended "crypto iffpar" usage is not
clear in our minds. Given that without "iffpar", renaming
ntpkey_iff_Server to ntpkey_iff_Client does work (IFF is read,
negociated, and used), I'd guess it's a feature. Or the contrary.

Cordialement, Serge.
Serge point Bets arobase laposte point net

More information about the questions mailing list