[ntp:questions] ntp-keygen IFF

David Mills mills at udel.edu
Wed May 20 18:36:39 UTC 2009


Grzegorz,

On rereading your message I learn that you are using the release 
version. That versio has an incompatible mix of old and new files that 
are unlikely to work properly. The old files when used together and the 
new files when used together do work, but not a combination. Use the 
development version and the online/development documentation.

Dave

Grzegorz Daniluk wrote:

>Hi,
>Thank you for your answer.
>I understand what you wrote, and that is exactly what I'm trying to do 
>by using ntp-keygen. However, it does not work, I receive the log 
>message as described in the first e-mail.
>
>Am I doing something wrong ? Please advise.
>
>best regards,
>Grzegorz
>
>David Mills wrote:
>  
>
>>Grzegorz,
>>
>>With reference to the documentation, you act as a trusted agent (TA) to 
>>generate cryptographic media for a trusted host  (TH) whose name is 
>>specifiied in the -s option of ntp-keygen.
>>
>>Dave
>>
>>Grzegorz Daniluk wrote:
>>
>>  
>>    
>>
>>>Hi,
>>>did anybody try to generate keys and certificate for IFF scheme using 
>>>ntp-keygen, but outside the server that will use it ? or maybe it is not 
>>>possible ?
>>>E.g. I need to generate keys and signed certificate on my computer for 
>>>another server (lets say whose hostname is 'A'). Then I tried like this:
>>>
>>>ntp-keygen -T -I -s A -p serverpasswd
>>>and then exporting group key:
>>>ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
>>>
>>>after this I've sent created files (without group.key) to the server 'A' 
>>>and used ntp-keygen and group.key to create keys on client as described 
>>>on support.ntp.org
>>>
>>>however, after running ntp on those machines (both stable ntp-4.2.4p7) 
>>>with debugging (-d) option server A says:
>>>May 18 13:41:22 A ntpd[74185]: report_event: err 
>>>'bad_or_missing_certificate' (0x10d), no peer
>>>
>>>and of course client fails to query server A.
>>>
>>>When I've generated self-signed certificate and keys on the server A 
>>>(then running ntp-keygen without '-s' option) everything works fine.
>>>
>>>Thank you in advance,
>>>Best Regards,
>>>Grzegorz Daniluk
>>>
>>>_______________________________________________
>>>questions mailing list
>>>questions at lists.ntp.org
>>>https://lists.ntp.org/mailman/listinfo/questions
>>> 
>>>
>>>    
>>>      
>>>
>>_______________________________________________
>>questions mailing list
>>questions at lists.ntp.org
>>https://lists.ntp.org/mailman/listinfo/questions
>>
>>  
>>    
>>
>
>_______________________________________________
>questions mailing list
>questions at lists.ntp.org
>https://lists.ntp.org/mailman/listinfo/questions
>  
>




More information about the questions mailing list