[ntp:questions] How to verify Autokey Identity Schemes?
Joe Smithian
joe.smithian at gmail.com
Thu Dec 15 15:18:14 UTC 2011
Hi Steve,
Thank you for your comments. I tried ntpq -c "rv assID flags" command, it
shows the
Identity Scheme that the server supports regardless of what identity scheme
has been installed on the client.
Here are the result of my experiments:
Server Identity scheme | ntpq -c "rv assID flags"
-------------------------------------|----------------------------------
IFF | 0x417f21
GQ | 0x417f41
IFF and GQ | 0x417f61
"rv assID flags" returns the same value whether I install IFF parameters,
or GQ parameters or none on the client. So my question again is that how
can I verify that IFF or GQ schemes are actually working?
Association flag shows auth is 'ok' whether I install an Identity Scheme on
the client or not, so it's not an indication that IFF or GQ is actually
being used.
BTW, I found two problems in this document:
http://support.ntp.org/bin/view/Support/ConfiguringAutokey<http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4>
In sections 6.7.2.5 and 6.7.3.6:
ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf`
'-q' option for updatuing keys doesn't work, '-p'works; is this a
typo in the document?
[root at myserver]# ntp-keygen -T -q `awk '/crypto pw/ { print $3 }'
</etc/ntp.conf`
Using OpenSSL version 90802f
Using host myserver group myserver
Corrupt file ntpkey_host_myserver or wrong key myserver
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Regards
Joe
On Tue, Dec 13, 2011 at 10:55 AM, Steve Kostecke <kostecke at ntp.org> wrote:
> On 2011-12-12, Joe Smithian <joe.smithian at gmail.com> wrote:
>
> > I have configured my NTP server and client to use Autokey with IFF
> > Identity scheme and it's working, client synchronizes to my servers.
> > It synchronizes with and without copying the IFF parameter to the
> > client. So I'm wondering if IFF identity scheme is actually being
> > used; How can I verify that?
>
> By checking the association flags.
>
> Please see
> http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4.
>
> --
> Steve Kostecke <kostecke at ntp.org>
> NTP Public Services Project - http://support.ntp.org/
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
More information about the questions
mailing list