[ntp:questions] IFF autokey issue

Steve Kostecke kostecke at ntp.isc.org
Wed May 9 15:27:30 UTC 2007


On 2007-05-09, Vladimir Smotlacha <vs at cesnet.cz> wrote:

> Having still problem to setup IFF on client site, I discovered
> unexpected (and undocumented) behavior: the client of IFF group needs
> any  IFF parameter file with name "ntpkey_iff_<hostname>" although that
> parameters are never used (assuming right "ntpkey_iff_<server>" is
> present for each server). The only role of "ntpkey_iff_<hostname>" is to
> set the CRYPTO_FLAG_IFF in crypto_flags variable, otherwise the IFF
> authentication process does not start.

The IFF identity scheme will not be used if that sym-link does not point
to a file, or is not a file, containing the valid IFFkey (aka "group"
key) for that server.

Check the association flags.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list