[ntp:questions] Re: Crypto iffpar
serge.bets at NOSPAM.laposte.invalid
Tue Dec 27 19:15:03 UTC 2005
On Tuesday, December 27, 2005 at 4:27:28 +0000, Steve Kostecke wrote:
> I don't see anything in the code _requiring_ the existence of a client
> sym-link to activate an Identity Scheme.
Thanks for Luking at the source. I downloaded ntp-dev-4.2.0b-20051225
to exactly follow you. And took Debian ntp_4.2.0a+stable-2sarge1 source
package as comparision. I believe your analysis is mostly OK, but you
stopped too early. 3 steps, 2 variants:
1) In crypto_setup() loading a ntpkey_iff_hostname at startup does set a
CRYPTO_FLAG_IFF in crypto_flags, which is the global var for host's
2) In crypto_recv() for the CRYPTO_ASSOC response (2nd step of the
dance), peer->crypto which is the assoc flags is initialised with:
- Stable: The server default flags.
- Dev: Host default flags AND server default flags. Binary AND. This
means assoc flags has only common schemes loaded at startup on both.
3) Later in the dance, in crypto_ident(), ntpkey_iff_issuer is loaded
only if (peer->crypto & CRYPTO_FLAG_IFF).
With stable, a client symlink is not necessary. With dev, it is. I don't
understand why your experience failed?
> I won't be pulled in to that Tiergrube.
What's that? Anyway my trick question's only interest was the embedded
Serge point Bets arobase laposte point net
More information about the questions