[ntp:questions] Venting steam: Autokey in 4.2.6/4.2.7

Steve Kostecke kostecke at ntp.org
Tue Mar 29 14:04:32 UTC 2011


On 2011-03-29, Dave Hart <hart at ntp.org> wrote:

> On Tue, Mar 29, 2011 at 12:53 AM, David L. Mills <mills at udel.edu> wrote:
>
>> I sent you a message requesting to test this before deployment.
>>
>>
> I was referring to docs galore as I thrashed about earlier.  I don't doubt
> each of your changes was an improvement, but each one also made Steve's
> 4.2.4 step-by-step guide less useful.  I was looking at:

I've moved the legacy Autokey Configuration to
http://support.ntp.org/bin/view/Support/ConfiguringAutokeyFourTwoFour

http://support.ntp.org/bin/view/Support/ConfiguringAutokey is being
updated for the current Autokey configuration scheme. It currently
only covers IFF and it does not address any of the ident/group name
features.

At the moment I have ntp-dev-4.2.7p142 Autokey+IFF running between
psp-fb1 (trust group server) and psp-os1. Here's the view from the
client:

ntpq> rv &6
assID=29118 \
status=f63a reach, conf, auth, sel_sys.peer, 3 events, event_10,
srcadr=psp-fb1.ntp.org, srcport=123, dstadr=2001:4f8:fff7:1::26,
dstport=123, leap=00, stratum=2, precision=-20, rootdelay=0.626,
rootdisp=16.495, refid=209.81.9.7,
reftime=d13c56aa.cc4f74b3  Tue, Mar 29 2011 13:01:30.798,
rec=d13c588e.76244c5b  Tue, Mar 29 2011 13:09:34.461, reach=377,
unreach=0, hmode=3, pmode=4, hpoll=6, ppoll=6, headway=176, flash=00 ok,
keyid=2472358740, offset=-1.346, delay=0.194, dispersion=5.554,
jitter=0.605, xleave=0.028,
filtdelay=    0.28   0.25   0.34   0.29   0.25   0.26  0.19  0.22,
filtoffset=  -0.96  -0.85  -0.72  -0.69  -0.80  -0.97 -1.35 -0.39,
filtdisp=     0.00   1.02   2.04   3.03   4.05   5.06  6.06  7.05,
host="psp-fb1.ntp.org", flags=0x87f21, signature="md5WithRSAEncryption"

The flags decode as:

#define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
#define CRYPTO_FLAG_IFF   0x0020 /* IFF identity scheme */
#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
#define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
#define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
#define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
#define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
#define CRYPTO_FLAG_LEAP  0x4000 /* leapseconds table verified */

I also have Autokey+IFF running between a 4.7.7p142 (amd64) client and a
4.2.6p2 (686) server on my home LAN.

I appreciate Dave Hart's patience with me on IRC while getting this up
and running.

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/




More information about the questions mailing list