[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

Martin Burnicki martin.burnicki at meinberg.de
Tue Feb 10 09:17:01 UTC 2009

Steve Kostecke wrote:
> On 2009-02-10, Danny Mayer <mayer at ntp.isc.org> wrote:
>> Steve Kostecke wrote:
>> [---=| Quote block shrinked by t-prot: 24 lines snipped |=---]
>>>> server3 does not synchronize with server2
>>> The problem here is that you want to operate _two_ trust groups:
>>> server2 trusts serverT1
>>> server3 trusts server2
>>> Server3 needs to be able to trust server2. Try regenerating the
>>> paramters on server2 using '-T'.
>> My understanding from what Dave has said is that the newer versions of
>> the development branch supports multiple trust groups.
> You missed the point. The OP has set up a _chain_ of two trust groups.
> This is not a problem with one ntpd serving multiple trust groups.
> The server for the second trust group needs to have a trusted cert so
> that it will be trused by its client.

This is an interesting setup, but should not be very uncommon.

Has anyone *tried* to configure autokey so that a machine is a client which
uses one certificate for his upstream server, and additionally acts as a
server who provides its own certificate to its clients?

This setup should also be mentioned in 

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list