[ntp:questions] Re: Crypto iffpar

Danny Mayer mayer at gis.net
Sun Dec 4 03:01:17 UTC 2005


Serge Bets wrote:
> Hello Kevin,
> 
>  On Friday, December 2, 2005 at 19:11:09 +0000, Kevin Golder wrote:
> 
> 
>>I'm attempting to override the ntpkey_iff_hostname link using the
>>iffpar option of the crypto command.
> 
> 
> Same failing as you. "crypto iffpar some_filename" seems to work for
> the host's own IFFpar, which will be read and used. But not for another
> host's IFFpar: It will be read, will activate IFF scheme negociation
> (cryptostats flags 0x80023 where bit 0x20 means IFF), but will finally
> not be used (crypto_ident: no compatible identity scheme found).
> 
> Note that if additionaly to some_filename, the Server's IFF parameters
> file exists on Client also under the standard name ntpkey_iff_Server,
> then it works.
> 
> That's either a feature, or the intended "crypto iffpar" usage is not
> clear in our minds. Given that without "iffpar", renaming
> ntpkey_iff_Server to ntpkey_iff_Client does work (IFF is read,
> negociated, and used), I'd guess it's a feature. Or the contrary.
> 
> 
> Cordialement, Serge.

Have you read this documentation:

http://ntp.isc.org/bin/view/Support/ConfiguringAutokey

Danny



More information about the questions mailing list