[ntp:questions] Re: Crypto iffpar

Serge Bets serge.bets at NOSPAM.laposte.invalid
Sun Dec 4 20:20:01 UTC 2005


Hi Danny,

 On Sunday, December 4, 2005 at 3:01:17 +0000, Danny Mayer wrote:

> Serge Bets wrote:
>> "crypto iffpar some_filename" seems to work for the host's own
>> IFFpar, which will be read and used. But not for another host's
>> IFFpar
> Have you read this documentation:
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey

Well yes, very good and easy manual, but why do you suggest it here?
ConfiguringAutokey doesn't talk about "crypto iffpar" command. If it was
about the IFF activation bit, I am under the impression that there lacks
on Client side in section "6.6.2.4.1. IFF Group Keys" either one of:

| ln -s ntpkey_IFFkey_server.3301264563 ntpkey_iff_Client

in /etc/ntp keysdir, or:

| crypto ident iff

in ntp.conf, to activate IFF scheme, flags 0x80023. Otherwise Client
seems to negociate with the Server the TC scheme only, flags 0x80003.
Is it right?

Other docs talk about this "ntpkey_iff_Client" additional link as
mandatory, including Heiko's checklist in ConfiguringAutokeyDev. While
"crypto ident iff" seems to work equally well, without the link name
contradiction.


Serge.
-- 
Serge point Bets arobase laposte point net




More information about the questions mailing list