[ntp:questions] IFF identity scheme on an intermediate server

David Mills mills at udel.edu
Thu May 7 19:07:35 UTC 2009


Alain,

Was my message confusing? I understand you have a trusted host, an 
intermediate server and a client. You know how to configure the TH and 
client. Configure the intermediate server in the same way as the client. 
Then read my reply again.

Dave

Bartholome, Alain wrote:

>Hi,
>In the final configuration there is a third system  named client which ntp
>server is int_server.
>In the first step, I want to have iff working for trustedhost and
>int_server.
>
>Regards,
>Alain.
>
>
>-----Message d'origine-----
>De : questions-bounces+alain.bartholome=eads.com at lists.ntp.org
>[mailto:questions-bounces+alain.bartholome=eads.com at lists.ntp.org] De la
>part de David Mills
>Envoyé : jeudi 7 mai 2009 17:34
>À : 'questions at lists.ntp.org'
>Objet : Re: [ntp:questions] IFF identity scheme on an intermediate server
>
>Alain,
>
>In your terms an intermediate server is an ordinary client in the same 
>group as the TH. The only difference is that it has the server keys 
>generated by the TH with the -q option. See the ntp-keygen page.
>
>Dave
>
>Bartholome, Alain wrote:
>
>  
>
>>Hi,
>>
>>With my testing of iff, I get protocol_error.
>>
>>The following is extracted from the authentications options documentation:
>>
>>
>> 
>>
>>    
>>
>>>When an identity scheme is included, for example IFF, the TH generates
>>>      
>>>
>host
>  
>
>>>key, trusted certificate and private server identity files using the
>>>   
>>>
>>>      
>>>
>>ntp->keygen -T -I -i group command, where group is the group name. The
>> 
>>
>>    
>>
>>>reemaining group hosts use the same command as above. The client identity
>>>files are obtained separately. All hosts use the crypto ident group
>>>configuration command.
>>>   
>>>
>>>      
>>>
>>The intermediate server should use ntp->keygen -T -I -i group ?
>>
>>For the intermediate server I made the 2 following tests:
>>(Int_server is not trusted, so I dropped  the -T option)
>>
>>ntp-keygen -p little -i secgroup
>>ntp-keygen -I -p little -i secgroup
>>
>>I get protocol_error with both.
>>-------------------------------------------
>>Hereafter are the ntp.conf files and the ntp_keygen commands 
>>
>>On the trusted host trustedhost of the group  secgroup:
>>
>>The ntp.conf file:
>>
>>
>>keysdir "D:\appli\ntp\etc"
>>autokey  
>>crypto pw little ident secgroup
>>leapfile  "D:\appli\ntp\etc\ntpkey_leap" 
>>server 127.127.1.0  
>>fudge 127.127.1.0 stratum 7
>>
>>#end of file
>>
>>the following commands have been executed on trustedhost:
>>
>>ntp-keygen -T -I -p trusted -i secgroup
>>
>>ntp-keygen -e -p trusted -q little >ntpkey_iffpar_secgroup
>>this file is copied to the clients
>>
>>ntp-keygen   -p trusted -q little >ntpkey_iffkey_secgroup
>>this file uses ntpkey_iffkey_secgroup created by " ntp-keygen -T -I -p
>>trusted -i secgroup" and generates a new ntpkey_iffkey_secgroup copied to
>>int_server
>>
>>-------------------------
>>-------------------------
>>intermediate server int_server
>>
>>The ntp.conf file:
>>
>>keysdir "D:\appli\ntp\etc"
>>autokey  
>>crypto pw little ident secgroup
>>enable stats auth
>>server trustedhost autokey iburst
>> 
>>#end of file
>>
>>the following commands have been executed on int_server:
>>
>>ntp-keygen -p little -i secgroup
>>
>>ntpkey_iffkey_secgroup have been copied to int_server
>>
>>
>>Regards,
>>Alain.
>>
>>
>>-------------------------------------
>>
>>-----Message d'origine-----
>>De : questions-bounces+alain.bartholome=eads.com at lists.ntp.org
>>[mailto:questions-bounces+alain.bartholome=eads.com at lists.ntp.org] De la
>>part de David Mills
>>Envoyé : mercredi 6 mai 2009 18:44
>>À : 'questions at lists.ntp.org'
>>Objet : Re: [ntp:questions] IFF identity scheme on an intermediate server
>>
>>Alain,
>>
>>See the Authentication Options and ntp-keygen pages in the curtent 
>>online documentation. I've rewritten some of that text withexamples. 
>>Hosts with dependent clients need the keys file, while client need only 
>>the paramters file. The ntp-keygen page has examples showing how these 
>>files can be generated and distributed.
>>
>>Dave
>>
>>Bartholome, Alain wrote:
>>
>> 
>>
>>    
>>
>>>Hi,
>>>
>>>I am using NTP version 4.2.5p158 on windows sever 2003.
>>>
>>>I would like to know what iff files, in addition to the host key and the
>>>certificate  files,  must exist on an intermediate NTP server.
>>>According to what I have read, the documentation describes the
>>>   
>>>
>>>      
>>>
>>configuration
>> 
>>
>>    
>>
>>>on the trusted host server of the group and on the clients but not  for
>>>servers in between them.
>>>
>>>Regards,
>>>Alain.
>>>
>>>_______________________________________________
>>>questions mailing list
>>>questions at lists.ntp.org
>>>https://lists.ntp.org/mailman/listinfo/questions
>>>
>>>
>>>   
>>>
>>>      
>>>
>>_______________________________________________
>>questions mailing list
>>questions at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/questions
>>_______________________________________________
>>questions mailing list
>>questions at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/questions
>> 
>>
>>    
>>
>
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>





More information about the questions mailing list