[ntp:questions] Re: symmetric-active mode (peer) and autokey

Steve Kostecke kostecke at ntp.isc.org
Thu Feb 9 14:41:32 UTC 2006


Peter Pramberger wrote:

> Steve Kostecke schrieb:
>
>>>... instead of running "ntp-keygen -T -I -p somepass" on all trusted
>>>servers peering with each other in the trust group I had to create
>>>the IFFpar only on one of them and just copy it to the other trusted
>>>servers, create the link, and then create their host certificates
>>>("ntp-keygen -T -q somepass").
>>
>>
>> I've tried that (a shared IFFpar) in that past and couldn't get it
>> to work. Both of my authenticated peers have their own unique IFFpar
>> file and have exchanged IFFkey files.
>
> Works here. And this way you only have to extract the client key from
> one of the servers.

I'll try that again here after tinkering a bit more with my current
authenticate peer configuration.

My authenticated peers have both been upgraded to the
ntp-dev-4.2.0b-20060201 snapshot and are both reporting flash=00 ok,
flags=0x87f23 for their authenticated peer associations.

BTW: I did have both peers synced to my local stratum-1 box ("ntp0", a
Soekris 4801 w/ a Garmin GPS18-LVC) and noticed that this caused both
peers to report flash=800 even though the flags were correct. After
removing ntp0 from one of the peers (and waiting for the poll intervals
to expire) the flash codes changed to "00 ok".

Here's the current 'ntpq -p' billboards:

steve at peer1:~$ ntpq -p
remote        refid         st t when poll reach  delay offset jitter
======================================================================
+peer2         65.86.xxx.yyy 3 u  939 1024  366   0.001 -2.048 0.705
+dumpster      68.0.14.76    3 u  728 1024  377   0.374  0.500 0.209
*ntp0          .GPS.         1 m   25   64  377   0.633  0.038 0.032

Note that peer1 is also a multicast client and, therefore, the member of
two trust groups.

steve at peer1:~$ ntpq -p peer2 
remote           refid      st t when poll reach  delay offset jitter
======================================================================
+peer1         192.168.19.4  2 u  938 1024  131   0.422  1.218 1.942
*65.86.xxx.yyy 66.92.68.246  2 u  809 1024  377  39.187  5.476 1.495
+dumpster      68.0.14.76    3 u  753 1024  377   0.530  3.285 1.746

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list