[ntp:questions] ntp-keygen problem in ntp-4.2.4p5

youpak2000 at yahoo.com youpak2000 at yahoo.com
Fri Sep 5 14:01:44 UTC 2008

On Sep 2, 11:03 pm, "David L. Mills" <mi... at udel.edu> wrote:
> Joe,
> I seriously dooubt anything autokey works properly in the p5
> (production) version. That version has been on a different maintainence
> track than the p127 (development) version for well over a year. The p5
> protocol and crypto modules date from December 2006 and the keygen
> module from August of this year. The configuration and key management
> procedures did change in the summer of 2007 to both simplify the
> procedures and provide nested, separately keyed secure groups. This is
> documented on the current web and in the development version.
> I dispair that the production version lags so far behind the development
> version and especially when production maintenance results in
> incompatible module matches. My advice is to use the development
> version, which is in rather good shape.
> By the way, I did verify the -H option does work in p127. The discussion
> on the Authentication Options andntp-keygenpages has been rewritten
> and clarified. You should find things much simpler, more straightforward
> and with consistent defaults.
> Dave
> youpak2... at yahoo.com wrote:
> > Hi all,
> > I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed thatntp-> keygendoesn’t works as it used to work in previous versions. I tried
> > to generate Autokey keys and certificates
> > but it doesn’t work as you can see bellow. Is it a bug or I am missing
> > something? Did they change thentp-keygenwithout updating its
> > documents?
> > #ntp-keygen-H
> >ntp-keygen: illegal option – H
> >ntp-keygen(ntp) - Create a NTP host key - Ver. 4.2.4p5
> > USAGE:  ntp-keygen[ -<flag> [<val>] | --<name>[{=| }<val>] ]...
> >   Flg Arg Option-Name    Description
> >    -d no  debug-level    Increase output debug message level
> >    -D Str set-debug-level Set the output debug message level
> >    -M no  md5key         generate MD5 keys
> >    -v opt version        Output version information and exit
> >    -? no  help           Display usage information and exit
> >    -! no  more-help      Extended usage information passed thru pager
> >    -> opt save-opts      Save the option state to a config file
> >    -< Str load-opts      Load options from a config file
> > Options are specified by doubled hyphens and their name
> > or by a single hyphen and the flag character.
> > please send bug reports to:  http://bugs.ntp.isc.org, b... at ntp.org
> > Regards
> > Joe

Thank you Dr. Mills for your reply and suggestion to use the latest
p127 dev version. I'm wondering if this dev version is stable enough
to use it in a commercial product.

As Harlan (thanks) correctly pointed out the reason ntp-keygen didn't
work in my 4.2.4p5 build was that I didn't build it with crypto and
openssl options. I rebuilt it with those options and ntp-keygen works
as I expected.

Thanks again.


More information about the questions mailing list