[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

David Mills mills at udel.edu
Wed Feb 11 06:00:25 UTC 2009


Guys,

The current version does support multiple trusted groups, but see the 
online documenation. Every trusted group has a single tier of trusted 
hosts, but can be a client of other trusted groups. See the example in 
the documentation; it is simple to configure.

Dave

Danny Mayer wrote:

>Steve Kostecke wrote:
>  
>
>>On 2009-02-04, Bartholome, Alain <alain.bartholome at eads.com> wrote:
>>
>>    
>>
>>>I am currently trying to run the ntp autokey protocol with the Trusted
>>>Certificate identity scheme.
>>>      
>>>
>>You may find the information at
>>http://support.ntp.org/Support/ConfiguringAutokey to be helpful.
>>
>>    
>>
>>>I use 3 systems (serverT1, server2,server3) all running ntp-4.2.4p6 on
>>>windows 2003.
>>>      
>>>
>>This means that the debate about ntp-stable vs ntp-dev is not relevant
>>to your case. Just remember that the documentaion at
>>http://www.eecis.udel.edu/~mills/ntp/html/ is for ntp-dev; see
>>http://doc.ntp.org/ or the ./html/ directory in the release tarball for
>>your version for the documentation applicable to that version.
>>
>>    
>>
>>>1)The stratum 1 system , serverT1  is trusted.
>>>      
>>>
>>>2) serveur server2 is not trusted , synchronization is successful with
>>>serverT1
>>>      
>>>
>>>3) server3 is not trusted and should synchronize with server2
>>>      
>>>
>>>server3 does not synchronize with server2
>>>      
>>>
>>The problem here is that you want to operate _two_ trust groups:
>>
>>server2 trusts serverT1
>>server3 trusts server2
>>
>>Server3 needs to be able to trust server2. Try regenerating the
>>paramters on server2 using '-T'.
>>
>>    
>>
>
>My understanding from what Dave has said is that the newer versions of
>the development branch supports multiple trust groups.
>
>Danny
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list