[ntp:questions] Trouble creating symmetric connection

mills at udel.edu mills at udel.edu
Wed Mar 7 20:02:54 UTC 2007


Henning,

'M' stands for MD5; the DES crypto code is no longer in the 
distribution. I haven't tried using a DES key with the MD5 crypto code. 
Goshdarn it might even work sorta, but not a good idea.

Think of peer (symmetric mode) as each machine functioning 
simultaneously as a client and a server for the other machine. Time 
flows from the machine at the lower stratum to the other machine. 
Usually, both peers are clients of different lower stratum servers and 
usually operate at the same stratum, so time doesn't flow between them. 
However, if a lower stratum server fails, then the orphan peer switches 
to the other peer.

Dave

Henning Makholm wrote:

> Scripsit Ronan Flood <usenet at umbral.org.uk>
> 
>>Henning Makholm <henning at makholm.net> wrote:
> 
> 
>>>However, I had expected that B.B.B.B would list A.A.A.A as an
>>>association in 'symmetric-passive' mode, but it doesn't. Shouldn't it?
> 
> 
>>Only if you have authentication turned off, which is inadvisable.
>>Better to make both symmetric-active:
> 
> 
>>  ntpdc -c 'addpeer B.B.B.B' A.A.A.A
>>  ntpdc -c 'addpeer A.A.A.A' B.B.B.B
> 
> 
> I though the point of "addpeer" was that a single association could
> transfer time in any direction (and I still have trouble reading
> the documentation any other way). If I need to make two associations,
> then why not just do
> 
>   ntpdc -c 'addserver B.B.B.B' A.A.A.A
>   ntpcd -c 'addserver A.A.A.A' B.B.B.B
> 
> i.e. what is the difference between a client connection and a peer
> connection if both are unidirectional?
> 
> 
> Hm, on further experimentation it does work in two directions with
> authentified messages. I tried this before without success, but it
> works after I switched to a 'M' (md4) key instead of an 'A' (des) key
> with the same password for the authentication. Are there known bugs
> in the DES authentication code?
> 




More information about the questions mailing list