[ntp:questions] iff on depended server
mills at udel.edu
Tue Jun 23 20:25:38 UTC 2009
See the example on the Authentication Options page in the online
You have something wrong; the last two hex digits of the status word
should be 21 for IFF. Light up the cryptostats in the filegen function
and note the steps, which should include an iff for the client. In the
debug trace note the files that are loaded; the server should include
your IFF keys file.
Carsten Rieck wrote:
>I wonder how to correctly configure dependent autokey servers.
>I am using 4.2.4p5 with linuxpps on the server and vanilla 4.2.4p5 on
>Even though a successful autokey+iff association should show flags=0x83f2,
>I think i have a working configuration for a single iff
>assID=8385 status=f614 reach, conf, auth, sel_sys.peer, 1 event,
>If the above is a correctly configured/working association on the
>client, what would be the correct way of configuring the same client to
>be a dependent autokey server?
>Obviously the clients private key cannot be used to extract group
>parameters. Creating server type parameters on the client brakes the
>association to the server . Do dependent servers have to share the same
>group parameters ?
>I seem lost and would be grateful for advice.
>with best regards
More information about the questions