[ntp:questions] IFF autokey issue

David L. Mills mills at udel.edu
Mon May 7 20:58:10 UTC 2007


Steve,

The ntpkey_IFF_ file contains both the server and client keys; the 
ntpkey_IFFkey_ contains only the client key. Be sure to copy the correct 
one.

Dave

Steve Kostecke wrote:
> On 2007-05-07, Vladimir Smotlacha <vs at cesnet.cz> wrote:
> 
> 
>>I setup up an IFF identity scheme  at my labs NTP server and client.
>>I did it exactly according to available documentation and it worked O.K.
>>However, I tried it once more with new keys and certficates but without
>>copying IFF parameters to the client (i.e. the client did not know IFF
>>parameters). I expected that the authentication fails but it was
>>successful again.
> 
> 
> The Trusted Certificate (TC) Identity Scheme was being used because you
> generated trusted host parameters (with '-T') on the server,
> 
> 
>>It seems that the client acts the same way as in previous case.
> 
> 
> Because the authentication was successful.
> 
> 
>>Should there be observed a difference in client behavior in both
>>cases?
> 
> 
> The only difference that you will see is in the flags for that
> association on the client end.
> 
> 
>>What profit has client from knowledge of the IFF params and key?
> 
> 
> I'll let someone else answer that.
> 




More information about the questions mailing list