[ntp:questions] ntp-keygen problem in ntp-4.2.4p5

David L. Mills mills at udel.edu
Fri Sep 5 22:18:28 UTC 2008


Older versions are already in commercial products, but I would expect a 
firmware update to cope with the recent changes. I know wome folks are 
using it, but I suspect not many. I advise waiting for the specs to hit 
the streets before mounting a major advertising campaign.


youpak2000 at yahoo.com wrote:
> On Sep 2, 11:03 pm, "David L. Mills" <mi... at udel.edu> wrote:
>>I seriously dooubt anything autokey works properly in the p5
>>(production) version. That version has been on a different maintainence
>>track than the p127 (development) version for well over a year. The p5
>>protocol and crypto modules date from December 2006 and the keygen
>>module from August of this year. The configuration and key management
>>procedures did change in the summer of 2007 to both simplify the
>>procedures and provide nested, separately keyed secure groups. This is
>>documented on the current web and in the development version.
>>I dispair that the production version lags so far behind the development
>>version and especially when production maintenance results in
>>incompatible module matches. My advice is to use the development
>>version, which is in rather good shape.
>>By the way, I did verify the -H option does work in p127. The discussion
>>on the Authentication Options andntp-keygenpages has been rewritten
>>and clarified. You should find things much simpler, more straightforward
>>and with consistent defaults.
>>youpak2... at yahoo.com wrote:
>>>Hi all,
>>>I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed thatntp-> keygendoesn’t works as it used to work in previous versions. I tried
>>>to generate Autokey keys and certificates
>>>but it doesn’t work as you can see bellow. Is it a bug or I am missing
>>>something? Did they change thentp-keygenwithout updating its
>>>ntp-keygen: illegal option – H
>>>ntp-keygen(ntp) - Create a NTP host key - Ver. 4.2.4p5
>>>USAGE:  ntp-keygen[ -<flag> [<val>] | --<name>[{=| }<val>] ]...
>>>  Flg Arg Option-Name    Description
>>>   -d no  debug-level    Increase output debug message level
>>>   -D Str set-debug-level Set the output debug message level
>>>   -M no  md5key         generate MD5 keys
>>>   -v opt version        Output version information and exit
>>>   -? no  help           Display usage information and exit
>>>   -! no  more-help      Extended usage information passed thru pager
>>>   -> opt save-opts      Save the option state to a config file
>>>   -< Str load-opts      Load options from a config file
>>>Options are specified by doubled hyphens and their name
>>>or by a single hyphen and the flag character.
>>>please send bug reports to:  http://bugs.ntp.isc.org, b... at ntp.org
> Thank you Dr. Mills for your reply and suggestion to use the latest
> p127 dev version. I'm wondering if this dev version is stable enough
> to use it in a commercial product.
> As Harlan (thanks) correctly pointed out the reason ntp-keygen didn't
> work in my 4.2.4p5 build was that I didn't build it with crypto and
> openssl options. I rebuilt it with those options and ntp-keygen works
> as I expected.
> Thanks again.
> Joe

More information about the questions mailing list