[ntp:questions] ntp-keygen problem in ntp-4.2.4p5

David L. Mills mills at udel.edu
Wed Sep 3 03:03:59 UTC 2008


I seriously dooubt anything autokey works properly in the p5 
(production) version. That version has been on a different maintainence 
track than the p127 (development) version for well over a year. The p5 
protocol and crypto modules date from December 2006 and the keygen 
module from August of this year. The configuration and key management 
procedures did change in the summer of 2007 to both simplify the 
procedures and provide nested, separately keyed secure groups. This is 
documented on the current web and in the development version.

I dispair that the production version lags so far behind the development 
version and especially when production maintenance results in 
incompatible module matches. My advice is to use the development 
version, which is in rather good shape.

By the way, I did verify the -H option does work in p127. The discussion 
on the Authentication Options and ntp-keygen pages has been rewritten 
and clarified. You should find things much simpler, more straightforward 
and with consistent defaults.


youpak2000 at yahoo.com wrote:
> Hi all,
> I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed that ntp-
> keygen doesn’t works as it used to work in previous versions. I tried
> to generate Autokey keys and certificates
> but it doesn’t work as you can see bellow. Is it a bug or I am missing
> something? Did they change the ntp-keygen without updating its
> documents?
> # ntp-keygen -H
> ntp-keygen: illegal option – H
> ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.4p5
> USAGE:  ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
>   Flg Arg Option-Name    Description
>    -d no  debug-level    Increase output debug message level
>    -D Str set-debug-level Set the output debug message level
>    -M no  md5key         generate MD5 keys
>    -v opt version        Output version information and exit
>    -? no  help           Display usage information and exit
>    -! no  more-help      Extended usage information passed thru pager
>    -> opt save-opts      Save the option state to a config file
>    -< Str load-opts      Load options from a config file
> Options are specified by doubled hyphens and their name
> or by a single hyphen and the flag character.
> please send bug reports to:  http://bugs.ntp.isc.org, bugs at ntp.org
> Regards
> Joe

More information about the questions mailing list