[ntp:questions] Re: Crypto iffpar

Steve Kostecke kostecke at ntp.isc.org
Thu Dec 15 19:10:18 UTC 2005

On 2005-12-15, Serge Bets <serge.bets at NOSPAM.laposte.invalid> wrote:

> How to configure the strict client Client so it makes use of IFF
> scheme? Client has to have the good link(s) ntpkey_iff_Server(s)
> available, and what else?


This is the client set-up for a unicast association with Autokey + IFF
Identity Scheme: Create the NTP Keys directory

Create a directory for the NTP Keys (e.g. /etc/ntp.) Edit ntp.conf

Add the following lines to ntp.conf:

crypto pw clientpassword
keysdir /etc/ntp Unicast Autokey

Append autokey to the server line for the time-server that you want to
authenticate with Autokey in a unicast association:

server host.some.domain iburst autokey Generate Client Parameters

Generate the client key / certificate with the following commands:

cd /etc/ntp
ntp-keygen -H -p clientpassword Install Group/Client Keys IFF Group Keys

Obtain the IFF group key, exported in IFF Parameters via a
secure means (e.g. an SSL Web Form or encrypted e-mail), copy the key
file to the keysdir, and create the standard sym-link:

cd /etc/ntp
ln -s ntpkey_IFFkey_server.xxxxxxxxxx ntpkey_iff_server Restart ntpd

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list