[ntp:questions] iff on depended server

David Mills mills at udel.edu
Tue Jun 23 20:25:38 UTC 2009


See the example on the Authentication Options page in the online 

You have something wrong; the last two hex digits of the status word 
should be 21 for IFF. Light up the cryptostats in the filegen function 
and note the steps, which should include an iff for the client. In the 
debug trace note the files that are loaded; the server should include 
your IFF keys file.


Carsten Rieck wrote:

>I wonder how to correctly configure dependent autokey servers.
>I am using 4.2.4p5 with linuxpps on the server and vanilla 4.2.4p5 on 
>the clients
>Even though a successful autokey+iff association should show flags=0x83f2,
>I think i have a working configuration for a single iff 
>server(st1)-client system:
>assID=8385 status=f614 reach, conf, auth, sel_sys.peer, 1 event, 
>If the above is a correctly configured/working association on the 
>client, what would be the correct way of configuring the same client to 
>be a dependent autokey server?
>Obviously the clients private key cannot be used to extract group 
>parameters. Creating server type parameters on the client brakes the 
>association to the server . Do dependent servers have to share the same 
>group parameters ?
>I seem lost and would be grateful for advice.
>with best regards
>Carsten Rieck

More information about the questions mailing list