[ntp:questions] NTP Autokey - who is actively using it?

Martin Burnicki martin.burnicki at meinberg.de
Mon Jan 19 13:41:15 UTC 2015


Antonio M. Moreiras schrieb:
> We were using autokey at our public ntp servers(1) since 2011. We are
> now in the middle of a process to deactivate it, since 4.2.8 is broken
> (we could not make autokey work with 4.2.8 on Linux, it seems to be some
> issue related to the version 1.0.x of openssl).

Which NTP version have you been using before?

There has been a bug which could be the reason for the problem:

Bug 1243 - MD5auth_setkey zero-fills key from first zero octet
https://bugs.ntp.org/show_bug.cgi?id=1243

This has been fixed before 4.2.6, but unfortunately the fix break 
compatibilty between versions of ntpd which have it and versions which 
don't. See comment #22:
https://bugs.ntp.org/show_bug.cgi?id=1243#c22

In 4.2.6 and newer there is a configuration option which can be used to 
force the old behavior:

   --enable-bug1243-fix    + use unmodified autokey session keys

So this may also depend on how the earlier versions of ntpd have been built.

Martin
-- 
Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont
Germany



More information about the questions mailing list