[ntp:questions] Problem using ntp autokey with the trusted ce rtificate identity s scheme

Bartholome, Alain alain.bartholome at eads.com
Mon Feb 16 09:03:32 UTC 2009


In my opinion, a trust group consists of direct and indirect clients.

I would like to get the correct definition.

Let met give you the two arguments on which I base my understanding:

In the ntp-keygen documentation, I read this sentence:

1)
--Trusted Hosts and Secure Groups
--As described on the Authentication Options page, an NTP secure group
--consists of one or more low-stratum THs as the root from which all other
--group hosts derive synchronization directly or indirectly.
 
2)
In the stime.pdf documentation , the Figure 13: Trusted certificate (TC)
scheme  on page 42 and the Appendix E3 would let me think that indirect
clients are permitted.

I would like to have your understanding.

Cordially

Alain BARTHOLOMÉ

 

-----Message d'origine-----
De : questions-bounces+alain.bartholome=eads.com at lists.ntp.org
[mailto:questions-bounces+alain.bartholome=eads.com at lists.ntp.org] De la
part de Steve Kostecke
Envoyé : vendredi 13 février 2009 03:58
À : questions at lists.ntp.org
Objet : Re: [ntp:questions]Problem using ntp autokey with the trusted ce
rtificate identity s scheme

On 2009-02-11, Bartholome, Alain <alain.bartholome at eads.com> wrote:

> I have 3 systems, serverT1 which is trusted, server2 not trusted
> connected to serverT1 and server3 not trusted connected to server2.
>
> I want to have one group with one trusted host serverT1.

A trust group consists of one server and its direct clients. So for you
to have one trust group server2 and server3 must be clients of serverT1.

> Can you tell me  what makes "the OP to set up a chain of 2 trust groups"?

Your current NTP architecture is two trust groups.

The first trust group has serverT1 as its server and server2 as its only
client member.

The second trust group has server2 as its server and server3 as its only
client member.

> As I read in the release documentation, a secure group in a subnet  in
which
> the non trusted hosts derive synchronization directly or indirectly.
> It seems that with the release version, with the trusted certificate the
non
> trusted hosts derive synchronization directly only. Is that right?

Not as I understand NTP Authentication (based on my reading of
stime.pdf).

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

_______________________________________________
questions mailing list
questions at lists.ntp.org
https://lists.ntp.org/mailman/listinfo/questions



More information about the questions mailing list