[ntp:questions] autokey IFF client setup
Victor Jesus Angus
shurvic at yahoo.com
Thu May 7 04:08:27 UTC 2009
NTP client was not able to detect the IFF config files because the crypto_flags in crypto_setup() shows the following line
crypto_setup: setup 0x80001 host myclient md5WithRSAEncryption
I'm using 4.2.5p158 and have the following configurations.
$ cat /etc/ntp.conf
server myserver.domain.com autokey
crypto pw myclientpass
crypto randfile /dev/urandom
$ ls /etc/ntp
ntpkey_cert_myclient -> ntpkey_RSA-MD5cert_myclient.3445412414
ntpkey_host_myclient -> ntpkey_RSAkey_myclient.3445412414
ntpkey_iff_myclient -> ntpkey_host_myclient
It was able to transmit the request though and receive a response from the server but not sure if it is really using the IFF scheme.
How to accurately verify this?
As for the flag, I checked the defines and bit 0x0020 should have been set during loading of key files, right?
In http://support.ntp.org/bin/view/Support/ConfiguringAutokey 6.7.2, there is a note, "Trusted ntp servers which also operate as clients of other ntp servers may need to 18.104.22.168. Install Group/Client Keys." If I have a client only setup, then I don't need to install the group keys?
What is really the purpose of the group keys? If the group keys are optional, what are the downside if it is not installed?
More information about the questions