[ntp:questions] IFF autokey issue

Vladimir Smotlacha vs at cesnet.cz
Mon May 7 16:43:51 UTC 2007


Hello,

I setup up an IFF identity scheme  at my labs NTP server and client.
I did it exactly according to available documentation and it worked O.K.
However, I tried it once more with new keys and certficates but without
copying IFF parameters to the client (i.e. the client did not know IFF
parameters). I expected that the authentication fails but it was
successful again. It seems that the client acts the same way as
in previous case. Should there be observed a difference in client
behavior in both cases?  What profit has client from knowledge of the
IFF params and key?

Thanks for help

          Vladimir

-------------------------------------------------------------
client site:

# ntpq -c as
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 58878  9014   yes   yes  none    reject   reachable  1
  2 58879  f614   yes   yes   ok   sys.peer   reachable  1

# ntpq -c pe
     remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
 LOCAL(0)        .LOCL.          10 l    7   64  377    0.000    0.000
0.001
*ntp1.cesnet.cz  .GPS.            1 u   19  128  377    0.216    0.316
0.019


# ntpq -c rl

assID=0 status=0664 leap_none, sync_ntp, 6 events, event_peer/strat_chg,
version="ntpd 4.2.4p0 at 1.1472-o Sun May  6 02:00:57 UTC 2007 (1)",
processor="i686", system="Linux/2.4.33.2-NANO", leap=00, stratum=2,
precision=-20, rootdelay=0.216, rootdispersion=9.781, peer=58879,
refid=195.113.144.204,
reftime=c9e9b133.f0aaf634  Mon, May  7 2007 16:07:47.940, poll=7,
clock=c9e9b175.b16c5f33  Mon, May  7 2007 16:08:53.693, state=4,
offset=0.316, frequency=-48.582, jitter=0.019, noise=0.072,
stability=0.003, hostname="solstice.cesnet.cz",
signature="md5WithRSAEncryption", flags=0x80001, update=200705071333,
tai=0, cert="ntp1.cesnet.cz ntp1.cesnet.cz 0x7", expire=200805061039,
cert="solstice.cesnet.cz solstice.cesnet.cz 0x2", expire=200805061036





server status:

# ntpq -c rl

assID=0 status=21a4 leap_none, sync_atomic/PPS, 10 events,
event_peer/strat_chg,
version="ntpd 4.2.4p0 at 1.1472-o Sun May  6 01:08:08 UTC 2007 (1)",
processor="i686", system="Linux/2.4.33.2-NANO", leap=00, stratum=1,
precision=-20, rootdelay=0.000, rootdispersion=188.388, peer=46622,
refid=GPS, reftime=c9e9b47f.3e298225  Mon, May  7 2007 16:21:51.242,
poll=6, clock=c9e9b480.7631295d  Mon, May  7 2007 16:21:52.461, state=4,
offset=0.001, frequency=-56.983, jitter=0.003, noise=0.000,
stability=0.013, hostname="ntp1.cesnet.cz",
signature="md5WithRSAEncryption", flags=0x80021, update=200705071415,
ident="ntpkey_iff_ntp1.cesnet.cz", tai=0,
cert="ntp1.cesnet.cz ntp1.cesnet.cz 0x1", expire=200805061412




More information about the questions mailing list