[ntp:questions] ntp-keygen IFF

Grzegorz Daniluk lin_g at o2.pl
Wed May 20 07:01:39 UTC 2009


Hi,
Thank you for your answer.
I understand what you wrote, and that is exactly what I'm trying to do 
by using ntp-keygen. However, it does not work, I receive the log 
message as described in the first e-mail.

Am I doing something wrong ? Please advise.

best regards,
Grzegorz

David Mills wrote:
> Grzegorz,
>
> With reference to the documentation, you act as a trusted agent (TA) to 
> generate cryptographic media for a trusted host  (TH) whose name is 
> specifiied in the -s option of ntp-keygen.
>
> Dave
>
> Grzegorz Daniluk wrote:
>
>   
>> Hi,
>> did anybody try to generate keys and certificate for IFF scheme using 
>> ntp-keygen, but outside the server that will use it ? or maybe it is not 
>> possible ?
>> E.g. I need to generate keys and signed certificate on my computer for 
>> another server (lets say whose hostname is 'A'). Then I tried like this:
>>
>> ntp-keygen -T -I -s A -p serverpasswd
>> and then exporting group key:
>> ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
>>
>> after this I've sent created files (without group.key) to the server 'A' 
>> and used ntp-keygen and group.key to create keys on client as described 
>> on support.ntp.org
>>
>> however, after running ntp on those machines (both stable ntp-4.2.4p7) 
>> with debugging (-d) option server A says:
>> May 18 13:41:22 A ntpd[74185]: report_event: err 
>> 'bad_or_missing_certificate' (0x10d), no peer
>>
>> and of course client fails to query server A.
>>
>> When I've generated self-signed certificate and keys on the server A 
>> (then running ntp-keygen without '-s' option) everything works fine.
>>
>> Thank you in advance,
>> Best Regards,
>> Grzegorz Daniluk
>>
>> _______________________________________________
>> questions mailing list
>> questions at lists.ntp.org
>> https://lists.ntp.org/mailman/listinfo/questions
>>  
>>
>>     
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/questions
>
>   




More information about the questions mailing list