[ntp:questions] AutoKey again
David L. Mills
mills at udel.edu
Fri Feb 4 22:24:50 UTC 2011
Jacek,
An index to the cryptic error comment is in ./include/ntp_crypto.h. It
says "bad or missing group key". This message is from the client; you
should see the similar message at the server. Check to be sure you are
using the correct client parameters file.
Recent chjanges to the configuration process makes it much simpler to
deply a secure subnet. This doesn't change the protocol, just the
commands to set it up. See the development documentation on the web and
the Autokey Public Key Cryptography page..
Dave
Jacek Igalson wrote:
> Hello,
>
> Some time ago I reported a bug in the implementation of
> AutoKey+IFF, in ntp ver 4.2.4p8.
> The error is intermittent and has been observed a in the long
> run of ntpd, that is within 2 - 10 days.
>
> When the error happens, ntpd keeps on running but authenticated
> server is rejected:
>
> ntpq -p
> remote refid st t when poll reach delay offset
> jitter
> ====================================================
> neptune .CRYP. 16 u 6d 16 0 0.000 0.000
> 0.000
> *ntp2.tp.pl .ATOM. 1 u 15 64 377 2.522 0.008
> 0.088
>
> ntpq -c associations
> ind assID status conf reach auth condition last_event cnt
> ===========================================
> 1 60684 e0fe yes yes ok reject 15
> 2 60685 9614 yes yes none sys.peer reachable 1
>
> Client synchronizes successfully to the another server which is
> in the configuration file.
> Server with the authentication is not used any more, "reject"
> status seems to be permanent (unless ntpd is restarted).
>
> The only hint is in cryptostats logfile:
> ...ntpkey_IFFkey_xxx.tpnet.pl.3479706582 mod 384
> ...error 10e opcode 82070000 ts 3505303563 fs 3479706582
>
> What is a meaning of error 10e opcode?
> Has someone encountered such a problem in the longer run?
>
> I appreciate your help.
> Jacek
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions
More information about the questions
mailing list