[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

Danny Mayer mayer at ntp.isc.org
Tue Feb 10 03:28:03 UTC 2009

Steve Kostecke wrote:
> On 2009-02-04, Bartholome, Alain <alain.bartholome at eads.com> wrote:
>> I am currently trying to run the ntp autokey protocol with the Trusted
>> Certificate identity scheme.
> You may find the information at
> http://support.ntp.org/Support/ConfiguringAutokey to be helpful.
>> I use 3 systems (serverT1, server2,server3) all running ntp-4.2.4p6 on
>> windows 2003.
> This means that the debate about ntp-stable vs ntp-dev is not relevant
> to your case. Just remember that the documentaion at
> http://www.eecis.udel.edu/~mills/ntp/html/ is for ntp-dev; see
> http://doc.ntp.org/ or the ./html/ directory in the release tarball for
> your version for the documentation applicable to that version.
>> 1)The stratum 1 system , serverT1  is trusted.
>> 2) serveur server2 is not trusted , synchronization is successful with
>> serverT1
>> 3) server3 is not trusted and should synchronize with server2
>> server3 does not synchronize with server2
> The problem here is that you want to operate _two_ trust groups:
> server2 trusts serverT1
> server3 trusts server2
> Server3 needs to be able to trust server2. Try regenerating the
> paramters on server2 using '-T'.

My understanding from what Dave has said is that the newer versions of
the development branch supports multiple trust groups.


More information about the questions mailing list