[ntp:questions] Re: Crypto iffpar

Steve Kostecke kostecke at ntp.isc.org
Sun Dec 4 05:38:40 UTC 2005

On 2005-12-02, Kevin Golder <kgolder at spectracomcorp.com> wrote:

> I'm attempting to override the ntpkey_iff_hostname link using
> the iffpar option of the crypto command. I first setup a trusted
> authority and client using the iff identity scheme successfully. Then
> I configured the override of the ntpkey_iff_hostname on my trusted
> authority successfully. When I proceeded to do the same on the client,
> it then could never reach the server and with the debug turned on, the
> client kept reporting "no compatible identity scheme found."

If you wish to use a TA to distribute Identity Scheme Parameters for
time servers you will need to use the '-i' and, possibly, the '-s'
ntp-keygen options.

-i name
    Set the subject name to name. This is used as the subject field in
    certificates and in the file name for host and sign keys.

-s name
    Set the issuer name to name. This is used for the issuer field in
    certificates and in the file name for identity files. 

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list