[ntp:questions] Re: Crypto iffpar
Danny Mayer
mayer at gis.net
Sun Dec 4 03:01:17 UTC 2005
Serge Bets wrote:
> Hello Kevin,
>
> On Friday, December 2, 2005 at 19:11:09 +0000, Kevin Golder wrote:
>
>
>>I'm attempting to override the ntpkey_iff_hostname link using the
>>iffpar option of the crypto command.
>
>
> Same failing as you. "crypto iffpar some_filename" seems to work for
> the host's own IFFpar, which will be read and used. But not for another
> host's IFFpar: It will be read, will activate IFF scheme negociation
> (cryptostats flags 0x80023 where bit 0x20 means IFF), but will finally
> not be used (crypto_ident: no compatible identity scheme found).
>
> Note that if additionaly to some_filename, the Server's IFF parameters
> file exists on Client also under the standard name ntpkey_iff_Server,
> then it works.
>
> That's either a feature, or the intended "crypto iffpar" usage is not
> clear in our minds. Given that without "iffpar", renaming
> ntpkey_iff_Server to ntpkey_iff_Client does work (IFF is read,
> negociated, and used), I'd guess it's a feature. Or the contrary.
>
>
> Cordialement, Serge.
Have you read this documentation:
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey
Danny
More information about the questions
mailing list