[ntp:questions] Venting steam: Autokey in 4.2.6/4.2.7

Dave Hart hart at ntp.org
Mon Mar 28 23:11:28 UTC 2011


For ntpd 4.2.4 and earlier, Steve Kostecke patiently worked out
step-by-step instructions, and refined them over time heping people to
use them, as seen on the page referenced above.

For 4.2.6 ntp-keygen and autokey got an overhaul which makes those
instructions useless.  To investigate http://bugs.ntp.org/1840 and
http://bugs.ntp.org/1864 filed by Rich Schmidt about ntpd 4.2.7
crashing when attempting to use Autokey, and to test a change to
remove a presumed unneeded line of code (ntp_crypto.c:2984) identified
through static analysis, I once again have tried to get a basic
Autokey setup working.

So far I have spent hours and achieved nothing but failure and
humiliation.  This is with Rich holding my hand telling me what to do.
 I'm so pissed off I want a baseball bat and an effigy.  Now, granted,
I'm not scratching an itch to secure my NTP, I'm scratching an itch to
reproduce a fault and fix it, so i'm not typical, but if i were trying
to secure my NTP, I'd use symmetric key.

Autokey is very clever in dealing with some unique challenges other
PKI OpenSSL client code doesn't have to.  Anyone attempting to
configure it should be on payroll, if not time and a half.

(insert series of profanities here)

Dave Hart

More information about the questions mailing list