[ntp:questions] Problem using ntp autokey with the trusted certificate identity s cheme

David Mills mills at udel.edu
Wed Feb 11 06:05:27 UTC 2009


Martin,

Yes, this scenario is included in the online documentation.

Dave

Martin Burnicki wrote:

>Steve Kostecke wrote:
>  
>
>>On 2009-02-10, Danny Mayer <mayer at ntp.isc.org> wrote:
>>    
>>
>>>Steve Kostecke wrote:
>>>[---=| Quote block shrinked by t-prot: 24 lines snipped |=---]
>>>
>>>      
>>>
>>>>>server3 does not synchronize with server2
>>>>>          
>>>>>
>>>>The problem here is that you want to operate _two_ trust groups:
>>>>
>>>>server2 trusts serverT1
>>>>server3 trusts server2
>>>>
>>>>Server3 needs to be able to trust server2. Try regenerating the
>>>>paramters on server2 using '-T'.
>>>>        
>>>>
>>>My understanding from what Dave has said is that the newer versions of
>>>the development branch supports multiple trust groups.
>>>      
>>>
>>You missed the point. The OP has set up a _chain_ of two trust groups.
>>This is not a problem with one ntpd serving multiple trust groups.
>>
>>The server for the second trust group needs to have a trusted cert so
>>that it will be trused by its client.
>>    
>>
>
>This is an interesting setup, but should not be very uncommon.
>
>Has anyone *tried* to configure autokey so that a machine is a client which
>uses one certificate for his upstream server, and additionally acts as a
>server who provides its own certificate to its clients?
>
>This setup should also be mentioned in 
>http://support.ntp.org/Support/ConfiguringAutokey
>
>Martin
>  
>




More information about the questions mailing list