[ntp:questions] Problem using ntp autokey with the trusted ce rtificate identity s scheme

Bartholome, Alain alain.bartholome at eads.com
Wed Feb 11 10:04:17 UTC 2009

I am sorry, I miss something.

I have 3 systems, serverT1 which is trusted, server2 not trusted  connected
to serverT1 and server3 not trusted connected to server2.

I want to have one group with one trusted host serverT1.

Can you tell me  what makes "the OP to set up a chain of 2 trust groups"?

As I read in the release documentation, a secure group in a subnet  in which
the non trusted hosts derive synchronization directly or indirectly.
It seems that with the release version, with the trusted certificate the non
trusted hosts derive synchronization directly only. Is that right?

Best regards,


-----Message d'origine-----
De : questions-bounces+alain.bartholome=eads.com at lists.ntp.org
[mailto:questions-bounces+alain.bartholome=eads.com at lists.ntp.org] De la
part de Steve Kostecke
Envoyé : mardi 10 février 2009 05:14
À : questions at lists.ntp.org
Objet : Re: [ntp:questions] Problem using ntp autokey with the
trustedcertificate identity s cheme

On 2009-02-10, Danny Mayer <mayer at ntp.isc.org> wrote:
> Steve Kostecke wrote:
> [---=| Quote block shrinked by t-prot: 24 lines snipped |=---]
>>> server3 does not synchronize with server2
>> The problem here is that you want to operate _two_ trust groups:
>> server2 trusts serverT1
>> server3 trusts server2
>> Server3 needs to be able to trust server2. Try regenerating the
>> paramters on server2 using '-T'.
> My understanding from what Dave has said is that the newer versions of
> the development branch supports multiple trust groups.

You missed the point. The OP has set up a _chain_ of two trust groups.
This is not a problem with one ntpd serving multiple trust groups.

The server for the second trust group needs to have a trusted cert so
that it will be trused by its client.

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

questions mailing list
questions at lists.ntp.org

More information about the questions mailing list