[ntp:questions] Re: Crypto iffpar
David L. Mills
mills at udel.edu
Sat Dec 3 22:09:03 UTC 2005
The certificate hike by the client eventually loads the trusted
certificate, then attempt to load the iff file with the same name. You
can use a different name, but there must be a link from the trusted name
to whatever you choose. The crypto iffpar option is for the client
itself serving as a server for dependent clients. Ordinarily, it
attempts to load the iff file with its own name, but that can be changed
by the iffpar option as well. There are many combinations of links and
options, but the best is to use the original keys generated by the
ntp-keygen program and install links as required.
Kevin Golder wrote:
> I'm attempting to override the ntpkey_iff_hostname link using the iffpar
> option of the crypto command.
> I first setup a trusted authority and client using the iff identity
> scheme successfully.
> Then I configured the override of the ntpkey_iff_hostname on my trusted
> authority successfully.
> When I proceeded to do the same on the client, it then could never reach
> the server and with the debug turned on, the client kept reporting "no
> compatible identity scheme found."
> Has anyone else tried this and been successful/unsuccessful?
> questions mailing list
> questions at lists.ntp.isc.org
More information about the questions