[ntp:questions] Re: Crypto iffpar
serge.bets at NOSPAM.laposte.invalid
Fri Dec 9 12:53:01 UTC 2005
On Thursday, December 8, 2005 at 18:51:39 +0000, Steve Kostecke wrote:
> Test Client: stasis With the following files in the client's /etc/ntp
I'm grateful for the data. And finally understood the mysterious factor
giving us different results. You *do* have a ntpkey_iff_stasis link:
| ntpkey_iff_stasis -> ntpkey_IFFpar_stasis.3342803910
And this symlink changes everything. Stasis is not a strict client.
Stasis is also a server, in another trusted group. You are not in the
conditions of section 6.6.2 "Client Set-Up" of ConfiguringAutokey. The
presence of this ntpkey_iff_stasis symlink is enough to trigger
agreement to use IFF with ntp0. And then during the autokey tango the
needed ntp0 ident file is loaded thru ntpkey_iff_ntp0 symlink.
> In one sense you're correct: it is _possible_ to use an
> ntpkey_iff_client symlink. But, is not _necessary_ to to so.
An ntpkey_iff_client symlink is absolutely necessary(1). It can point
either to its own IFFpar, or server's IFFkey, or even a third trust
> ntpd may belong to more than one Trust Group. Using an
> ntpkey_iff_client symlink (or file) breaks this feature.
No such feature breakage: These were cascaded exclusive "or"s.
Note (1): Symlink, or "crypto ident iff" ntp.conf statement.
More information about the questions