[ntp:questions] Venting steam: Autokey in 4.2.6/4.2.7

David L. Mills mills at udel.edu
Wed Mar 30 13:27:55 UTC 2011


Steve,

Whatever does or does not work with IFF applies also to GQ and MV. These 
have been no changed. However, from a purely practical view, IFF is 
probably best for typical Internet configurations..

          Dave

Dave

Steve Kostecke wrote:

>On 2011-03-29, Dave Hart <hart at ntp.org> wrote:
>
>  
>
>>On Tue, Mar 29, 2011 at 12:53 AM, David L. Mills <mills at udel.edu> wrote:
>>
>>    
>>
>>>I sent you a message requesting to test this before deployment.
>>>
>>>
>>>      
>>>
>>I was referring to docs galore as I thrashed about earlier.  I don't doubt
>>each of your changes was an improvement, but each one also made Steve's
>>4.2.4 step-by-step guide less useful.  I was looking at:
>>    
>>
>
>I've moved the legacy Autokey Configuration to
>http://support.ntp.org/bin/view/Support/ConfiguringAutokeyFourTwoFour
>
>http://support.ntp.org/bin/view/Support/ConfiguringAutokey is being
>updated for the current Autokey configuration scheme. It currently
>only covers IFF and it does not address any of the ident/group name
>features.
>
>At the moment I have ntp-dev-4.2.7p142 Autokey+IFF running between
>psp-fb1 (trust group server) and psp-os1. Here's the view from the
>client:
>
>ntpq> rv &6
>assID=29118 \
>status=f63a reach, conf, auth, sel_sys.peer, 3 events, event_10,
>srcadr=psp-fb1.ntp.org, srcport=123, dstadr=2001:4f8:fff7:1::26,
>dstport=123, leap=00, stratum=2, precision=-20, rootdelay=0.626,
>rootdisp=16.495, refid=209.81.9.7,
>reftime=d13c56aa.cc4f74b3  Tue, Mar 29 2011 13:01:30.798,
>rec=d13c588e.76244c5b  Tue, Mar 29 2011 13:09:34.461, reach=377,
>unreach=0, hmode=3, pmode=4, hpoll=6, ppoll=6, headway=176, flash=00 ok,
>keyid=2472358740, offset=-1.346, delay=0.194, dispersion=5.554,
>jitter=0.605, xleave=0.028,
>filtdelay=    0.28   0.25   0.34   0.29   0.25   0.26  0.19  0.22,
>filtoffset=  -0.96  -0.85  -0.72  -0.69  -0.80  -0.97 -1.35 -0.39,
>filtdisp=     0.00   1.02   2.04   3.03   4.05   5.06  6.06  7.05,
>host="psp-fb1.ntp.org", flags=0x87f21, signature="md5WithRSAEncryption"
>
>The flags decode as:
>
>#define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
>#define CRYPTO_FLAG_IFF   0x0020 /* IFF identity scheme */
>#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
>#define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
>#define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
>#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
>#define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
>#define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
>#define CRYPTO_FLAG_LEAP  0x4000 /* leapseconds table verified */
>
>I also have Autokey+IFF running between a 4.7.7p142 (amd64) client and a
>4.2.6p2 (686) server on my home LAN.
>
>I appreciate Dave Hart's patience with me on IRC while getting this up
>and running.
>
>  
>




More information about the questions mailing list