[ntp:questions] AutoKey again

David L. Mills mills at udel.edu
Fri Feb 4 22:24:50 UTC 2011


Jacek,

An index to the cryptic error comment is in ./include/ntp_crypto.h. It 
says "bad or missing group key". This message is from the client; you 
should see the similar message at the server. Check to be sure you are 
using the correct client parameters file.

Recent chjanges to the configuration process makes it much simpler to 
deply a secure subnet. This doesn't change the protocol, just the 
commands to set it up. See the development documentation on the web and 
the Autokey Public Key Cryptography page..

Dave

Jacek Igalson wrote:

> Hello,
>
> Some time ago I reported a bug in the implementation of
> AutoKey+IFF, in ntp ver 4.2.4p8.
> The error is intermittent and has been observed a in the long
> run of ntpd, that is within 2 - 10 days.
>
> When the error happens, ntpd keeps on running but authenticated
> server is rejected:
>
> ntpq -p
>     remote           refid      st t when poll reach   delay   offset 
> jitter
> ====================================================
> neptune         .CRYP.          16 u   6d   16    0    0.000    0.000 
> 0.000
> *ntp2.tp.pl      .ATOM.           1 u   15   64  377    2.522    0.008 
> 0.088
>
> ntpq -c associations
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================
>  1 60684  e0fe   yes   yes   ok     reject             15
>  2 60685  9614   yes   yes  none  sys.peer   reachable  1
>
> Client synchronizes successfully to the another server which is
> in the configuration file.
> Server with the authentication is not used any more, "reject"
> status seems to be permanent (unless ntpd is restarted).
>
> The only hint is in cryptostats logfile:
> ...ntpkey_IFFkey_xxx.tpnet.pl.3479706582 mod 384
> ...error 10e opcode 82070000 ts 3505303563 fs 3479706582
>
> What is a meaning of error 10e opcode?
> Has someone encountered such a problem in the longer run?
>
> I appreciate your help.
> Jacek
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions





More information about the questions mailing list