[ntp:questions] Re: Crypto iffpar

Steve Kostecke kostecke at ntp.isc.org
Thu Dec 15 19:10:18 UTC 2005


On 2005-12-15, Serge Bets <serge.bets at NOSPAM.laposte.invalid> wrote:

> How to configure the strict client Client so it makes use of IFF
> scheme? Client has to have the good link(s) ntpkey_iff_Server(s)
> available, and what else?

http://ntp.isc.org/Support/ConfiguringAutokey

This is the client set-up for a unicast association with Autokey + IFF
Identity Scheme:

6.6.2.1. Create the NTP Keys directory

Create a directory for the NTP Keys (e.g. /etc/ntp.)

6.6.2.2. Edit ntp.conf

Add the following lines to ntp.conf:

crypto pw clientpassword
keysdir /etc/ntp

6.6.2.2.1. Unicast Autokey

Append autokey to the server line for the time-server that you want to
authenticate with Autokey in a unicast association:

server host.some.domain iburst autokey

6.6.2.3. Generate Client Parameters

Generate the client key / certificate with the following commands:

cd /etc/ntp
ntp-keygen -H -p clientpassword

6.6.2.4. Install Group/Client Keys

6.6.2.4.1. IFF Group Keys

Obtain the IFF group key, exported in 6.6.1.3.1. IFF Parameters via a
secure means (e.g. an SSL Web Form or encrypted e-mail), copy the key
file to the keysdir, and create the standard sym-link:

cd /etc/ntp
ln -s ntpkey_IFFkey_server.xxxxxxxxxx ntpkey_iff_server 

6.6.2.5. Restart ntpd

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list