[ntp:questions] Problem using ntp autokey with the trusted ce rtificate identity s scheme

Steve Kostecke kostecke at ntp.org
Fri Feb 13 02:57:36 UTC 2009

On 2009-02-11, Bartholome, Alain <alain.bartholome at eads.com> wrote:

> I have 3 systems, serverT1 which is trusted, server2 not trusted
> connected to serverT1 and server3 not trusted connected to server2.
> I want to have one group with one trusted host serverT1.

A trust group consists of one server and its direct clients. So for you
to have one trust group server2 and server3 must be clients of serverT1.

> Can you tell me  what makes "the OP to set up a chain of 2 trust groups"?

Your current NTP architecture is two trust groups.

The first trust group has serverT1 as its server and server2 as its only
client member.

The second trust group has server2 as its server and server3 as its only
client member.

> As I read in the release documentation, a secure group in a subnet  in which
> the non trusted hosts derive synchronization directly or indirectly.
> It seems that with the release version, with the trusted certificate the non
> trusted hosts derive synchronization directly only. Is that right?

Not as I understand NTP Authentication (based on my reading of

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list