[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

Martin Burnicki martin.burnicki at meinberg.de
Tue Feb 10 09:17:01 UTC 2009


Steve Kostecke wrote:
> On 2009-02-10, Danny Mayer <mayer at ntp.isc.org> wrote:
>> Steve Kostecke wrote:
>> [---=| Quote block shrinked by t-prot: 24 lines snipped |=---]
>>
>>>> server3 does not synchronize with server2
>>> 
>>> The problem here is that you want to operate _two_ trust groups:
>>> 
>>> server2 trusts serverT1
>>> server3 trusts server2
>>> 
>>> Server3 needs to be able to trust server2. Try regenerating the
>>> paramters on server2 using '-T'.
>>
>> My understanding from what Dave has said is that the newer versions of
>> the development branch supports multiple trust groups.
> 
> You missed the point. The OP has set up a _chain_ of two trust groups.
> This is not a problem with one ntpd serving multiple trust groups.
> 
> The server for the second trust group needs to have a trusted cert so
> that it will be trused by its client.

This is an interesting setup, but should not be very uncommon.

Has anyone *tried* to configure autokey so that a machine is a client which
uses one certificate for his upstream server, and additionally acts as a
server who provides its own certificate to its clients?

This setup should also be mentioned in 
http://support.ntp.org/Support/ConfiguringAutokey

Martin
-- 
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany




More information about the questions mailing list