[ntp:questions] Re: Crypto iffpar

David L. Mills mills at udel.edu
Sat Dec 3 22:09:03 UTC 2005


Kevin,

The certificate hike by the client eventually loads the trusted 
certificate, then attempt to load the iff file with the same name. You 
can use a different name, but there must be a link from the trusted name 
to whatever you choose. The crypto iffpar option is for the client 
itself serving as a server for dependent clients. Ordinarily, it 
attempts to load the iff file with its own name, but that can be changed 
by the iffpar option as well. There are many combinations of links and 
options, but the best is to use the original keys generated by the 
ntp-keygen program and install links as required.

Dave

Kevin Golder wrote:
> I'm attempting to override the ntpkey_iff_hostname link using the iffpar
> option of the crypto command.
> I first setup a trusted authority and client using the iff identity
> scheme successfully.
> Then I configured the override of the ntpkey_iff_hostname on my trusted
> authority successfully.
> When I proceeded to do the same on the client, it then could never reach
> the server and with the debug turned on, the client kept reporting "no
> compatible identity scheme found."
>  
> Has anyone else tried this and been successful/unsuccessful?
>  
> Thanks,
> Kevin
>  
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 




More information about the questions mailing list