[ntp:questions] Re: Crypto iffpar

Steve Kostecke kostecke at ntp.isc.org
Wed Dec 21 13:54:56 UTC 2005


On 2005-12-21, Serge Bets <serge.bets at NOSPAM.laposte.invalid> wrote:
>  On Saturday, December 17, 2005 at 6:17:28 +0000, Steve Kostecke wrote:
>
>> In that message I omitted the fact that the client, _at_ _that_
>> _time_, had an IFFpar file so that it could serve authenticated time
>> to another system.

<snip: superceded results>

> And you call that an "omitted fact"? Nice terminology. I would have
> naively called that a voluntary propagation of misleading informations
> in the intent to hide a previous mistake.

I was merely being truthful.

> But your wording is way better.

Thank-you.

> While at it you should have dared to suggest that there is
> confusion on my side... Hey, wait a second. Bravo, you've done it:
>
>>>> You may be confused by the fact the one of my sets of results was
>>>> generated while stasis was configured to serve authenticated time to
>>>> a third host.

Again, the truth.

>> The existence of this IFFpar file is [...]
>
> The heart of the ConfiguringAutokey problem. The main reason of this
> whole debate. The *only* single point of disagreement between us.

Perhaps _you_ need to use an ntpkey_iffkey_client sym-link, or a 'crypto
iff...' directive, to force _your_ ntpd to use the IFF Identity Scheme.
I, on the other hand, don't.

This suggests to me that something on your end is broken. Perhaps it's
your OS or perhaps it's the version of ntpd that you're using.

> There are other disagreements, but they are only secondary
> consequences of this one single point, and they will mostly
> self-dissolve once the truth known.

I know what works on all of the systems that I've configured to use
Autokey+IFF/GQ/MV.

>> Here's yet another extract. For this one I regenerated the client
>> parameters with 'ntp-keygen -H -p ...' to make sure that we're using
>> "strict client" host parameters.
>
> Thanks. Very odd 3rd cryptostats, I don't understand it:
>
> - Your 1st cryptostats was similar to mine when I have added a
>   ntpkey_iff_Client to be loaded at startup.

This set of results was generated while ntpd was not configured as a
"leaf node".

> - Your 2nd cryptostats was similar to mine when I have added a
>   "crypto ident iff" ntp.conf statement.

This set of results was generated while ntpd was configured as a "leaf
node". The host parameters used were probably generated using '-T'.

> - This 3rd cryptostats doesn't look like anything I ever saw. What is
>   it?

I did add some in-line commentary.

> Not client mode I suppose?

This set of results was also generated while ntpd was configured as a
"leaf node". The host parameters used in this case _were_ generated
_without_ '-T'.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/




More information about the questions mailing list