[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

Richard B. Gilbert rgilbert88 at comcast.net
Mon Feb 9 15:57:06 UTC 2009


Martin Burnicki wrote:
> Dave,
> 
> David Mills wrote:
>> Alain,
>>
>> You are apparently using the release version of ntpd. That version,
>> while dated early this year, has a patchwork of old and new algorithms.
>> This means that, while the algorithms have been compatible as the
>> versions progress, various combinatinos of old and new algorithms, as in
>> the current release version, probably are not. The only version I can
>> help you with is the development version, which does have compatible
>> algorithms. I put a good deal of effort in the documentation for the
>> development version, including configuration and key generation
>> examples. However, note that the online dodumentation applies only to
>> the development version, not the release version. In any case, the
>> codumentation included in your version appllies specifcally to the
>> softeare of your version.
>>
>> If using the development version, pay close attention to the defaults,
>> especially the default host name and key. I suspect the defaults are not
>> what you expect.
> 
> Does this mean the current release version and the current ntp-dev version
> (which will be the next release version) will not cooperate properly if
> autokey has been enabled?
> 

Having been around the track a time or three, I wouldn't count on the 
two versions being able to interoperate using autokey!

If they do there should not be a problem.  If they do not, then the 
newer version will have to interogate each system it talks to and 
determine whether "newspeak" or "oldspeak"  should be used.  And this 
means that "newspeak" versions will have to recognize and respond to 
this query.

There is MUCH to be said for GETTING IT RIGHT THE *FIRST* time!




More information about the questions mailing list