[ntp:questions] Problem using ntp autokey with the trusted ce rtificate identity s cheme
Bartholome, Alain
alain.bartholome at eads.com
Tue Feb 10 15:38:16 UTC 2009
I downloaded the development version of NTP (4.2.5p158), I installed it on
all the systems, I kept the certificates and the same configuration (except
the logconfig line of ntp.conf) especially one trusted system.
It works.
The synchronization of server3 occurred quite quickly.
I am quite worried about the release version...
Thanks for your help.
Alain BARTHOLOMÉ
-----Message d'origine-----
De : questions-bounces+alain.bartholome=eads.com at lists.ntp.org
[mailto:questions-bounces+alain.bartholome=eads.com at lists.ntp.org] De la
part de Martin Burnicki
Envoyé : mardi 10 février 2009 10:17
À : questions at lists.ntp.org
Objet : Re: [ntp:questions] Problem using ntp autokey with the trusted
certificate identity scheme
Steve Kostecke wrote:
> On 2009-02-10, Danny Mayer <mayer at ntp.isc.org> wrote:
>> Steve Kostecke wrote:
>> [---=| Quote block shrinked by t-prot: 24 lines snipped |=---]
>>
>>>> server3 does not synchronize with server2
>>>
>>> The problem here is that you want to operate _two_ trust groups:
>>>
>>> server2 trusts serverT1
>>> server3 trusts server2
>>>
>>> Server3 needs to be able to trust server2. Try regenerating the
>>> paramters on server2 using '-T'.
>>
>> My understanding from what Dave has said is that the newer versions of
>> the development branch supports multiple trust groups.
>
> You missed the point. The OP has set up a _chain_ of two trust groups.
> This is not a problem with one ntpd serving multiple trust groups.
>
> The server for the second trust group needs to have a trusted cert so
> that it will be trused by its client.
This is an interesting setup, but should not be very uncommon.
Has anyone *tried* to configure autokey so that a machine is a client which
uses one certificate for his upstream server, and additionally acts as a
server who provides its own certificate to its clients?
This setup should also be mentioned in
http://support.ntp.org/Support/ConfiguringAutokey
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
_______________________________________________
questions mailing list
questions at lists.ntp.org
https://lists.ntp.org/mailman/listinfo/questions
More information about the questions
mailing list