[ntp:questions] Panicgate option not working as expected with Authentication enabled (psk/autokey) in ntpd

Kumar, Sumit 11. (Nokia - IN/Bangalore) sumit.11.kumar at nokia.com
Wed Feb 19 09:15:50 UTC 2020


Hi,

We are using ntpd_4.2.8p10 and having authentication used on our configuration. We came to a problem where our ntp client is not able to sync to NTP server(hosted-in-house) with authentication enabled (tried both PSK and autokey based on IFF scheme).

The scenario is like below:

  1.  server is up and running and able to serve time
  2.  client is adjusted to a time where offset to the server is more than 1000 secs
  3.  started ntpd on client machine like below:
     *   /usr/sbin/ntpd -u ntp:ntp -g -n -c /etc/ntp_master.conf
     *   waited until sync happens but we are seeing log which says ntpd getting panic in spite "--panicgate" options used.
  4.  the same scenario works fine with "--panicgate" option and able to adjust time when offset is more than 1000 sec.

>From the documentation what I see that "--panicgate" option should work irrespective of Authentication enabled or disabled.

Could someone help is this an expected behavior or is this a bug which appears only if Authentication is enabled?

Let me know if further debug information needed for this.


logs:
# /usr/sbin/ntpd -u ntp:ntp -g -n -c /root/ntp_custom_conf
12 Feb 06:42:24 ntpd[894]: ntpd 4.2.8p10 at 1.3728-o Mon Feb 17 11:21:17 UTC 2020 (1): Starting
12 Feb 06:42:24 ntpd[894]: Command line: /usr/sbin/ntpd -u ntp:ntp -g -n -c /root/ntp_custom_conf
restrict <FWD_1>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: restrict <FWD_1>: KOD does nothing without LIMITED.
restrict <FWD_2>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: restrict <FWD_2>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: Listen normally on 0 lo 127.0.0.1:123
12 Feb 06:42:24 ntpd[894]: Listening on routing socket on fd #18 for interface updates
12 Feb 06:42:24 ntpd[894]: proto: precision = 1.217 usec (-20)
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c01d 0d kern kernel time sync enabled
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c012 02 freq_set kernel 4.030 PPM
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c016 06 restart
12 Feb 06:42:41 ntpd[894]: 0.0.0.0 0515 05 clock_sync
12 Feb 06:45:22 ntpd[894]: 0.0.0.0 0617 07 panic_stop +549761 s; set clock manually within 1000 s.
12 Feb 06:45:22 ntpd[894]: 0.0.0.0 061d 0d kern kernel time sync disabled

ntp._master.conf

restrict default ignore
restrict -6 default ignore

restrict 127.0.0.1


interface ignore wildcard
interface ignore lo
interface listen 127.0.0.1

restrict -4 <FWD_1> kod nomodify notrap nopeer noquery
server -4 <FWD_1> prefer iburst minpoll 4 maxpoll 6 key 5
restrict -4 <FWD_2> kod nomodify notrap nopeer noquery
server -4 <FWD_2> autokey prefer iburst minpoll 4 maxpoll 6

fudge 127.127.1.2 stratum 10

tos ceiling 14

driftfile /var/lib/ntp/drift

enable auth
keys /etc/ntp/keys
trustedkey 1
requestkey 1
controlkey 1

crypto pw <client_password>
keysdir /etc/ntp
crypto randfile /dev/urandom

disable monitor

enable stats
statsdir  /var/log/ntp/
statistics loopstats
statistics peerstats
filegen peerstats file peerstats type none link enable
filegen loopstats file loopstats type none link enable
tos orphanwait 10
tos orphan 14


# ntpd --version

ntpd 4.2.8p10 at 1.3728-o Tue Feb 18 11:00:14 UTC 2020 (1)

Regards,
Sumit Kumar
mailto: sumit.11.kumar at nokia.com



More information about the questions mailing list