[ntp:questions] Venting steam: Autokey in 4.2.6/4.2.7
Steve Kostecke
kostecke at ntp.org
Tue Mar 29 14:04:32 UTC 2011
On 2011-03-29, Dave Hart <hart at ntp.org> wrote:
> On Tue, Mar 29, 2011 at 12:53 AM, David L. Mills <mills at udel.edu> wrote:
>
>> I sent you a message requesting to test this before deployment.
>>
>>
> I was referring to docs galore as I thrashed about earlier. I don't doubt
> each of your changes was an improvement, but each one also made Steve's
> 4.2.4 step-by-step guide less useful. I was looking at:
I've moved the legacy Autokey Configuration to
http://support.ntp.org/bin/view/Support/ConfiguringAutokeyFourTwoFour
http://support.ntp.org/bin/view/Support/ConfiguringAutokey is being
updated for the current Autokey configuration scheme. It currently
only covers IFF and it does not address any of the ident/group name
features.
At the moment I have ntp-dev-4.2.7p142 Autokey+IFF running between
psp-fb1 (trust group server) and psp-os1. Here's the view from the
client:
ntpq> rv &6
assID=29118 \
status=f63a reach, conf, auth, sel_sys.peer, 3 events, event_10,
srcadr=psp-fb1.ntp.org, srcport=123, dstadr=2001:4f8:fff7:1::26,
dstport=123, leap=00, stratum=2, precision=-20, rootdelay=0.626,
rootdisp=16.495, refid=209.81.9.7,
reftime=d13c56aa.cc4f74b3 Tue, Mar 29 2011 13:01:30.798,
rec=d13c588e.76244c5b Tue, Mar 29 2011 13:09:34.461, reach=377,
unreach=0, hmode=3, pmode=4, hpoll=6, ppoll=6, headway=176, flash=00 ok,
keyid=2472358740, offset=-1.346, delay=0.194, dispersion=5.554,
jitter=0.605, xleave=0.028,
filtdelay= 0.28 0.25 0.34 0.29 0.25 0.26 0.19 0.22,
filtoffset= -0.96 -0.85 -0.72 -0.69 -0.80 -0.97 -1.35 -0.39,
filtdisp= 0.00 1.02 2.04 3.03 4.05 5.06 6.06 7.05,
host="psp-fb1.ntp.org", flags=0x87f21, signature="md5WithRSAEncryption"
The flags decode as:
#define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */
#define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */
#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
#define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */
#define CRYPTO_FLAG_PROV 0x0400 /* signature verified */
#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
#define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */
#define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */
#define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */
I also have Autokey+IFF running between a 4.7.7p142 (amd64) client and a
4.2.6p2 (686) server on my home LAN.
I appreciate Dave Hart's patience with me on IRC while getting this up
and running.
--
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
More information about the questions
mailing list