[ntp:questions] Panicgate option not working as expected with Authentication enabled (psk/autokey) in ntpd
Kumar, Sumit 11. (Nokia - IN/Bangalore)
sumit.11.kumar at nokia.com
Wed Feb 19 09:15:50 UTC 2020
Hi,
We are using ntpd_4.2.8p10 and having authentication used on our configuration. We came to a problem where our ntp client is not able to sync to NTP server(hosted-in-house) with authentication enabled (tried both PSK and autokey based on IFF scheme).
The scenario is like below:
1. server is up and running and able to serve time
2. client is adjusted to a time where offset to the server is more than 1000 secs
3. started ntpd on client machine like below:
* /usr/sbin/ntpd -u ntp:ntp -g -n -c /etc/ntp_master.conf
* waited until sync happens but we are seeing log which says ntpd getting panic in spite "--panicgate" options used.
4. the same scenario works fine with "--panicgate" option and able to adjust time when offset is more than 1000 sec.
>From the documentation what I see that "--panicgate" option should work irrespective of Authentication enabled or disabled.
Could someone help is this an expected behavior or is this a bug which appears only if Authentication is enabled?
Let me know if further debug information needed for this.
logs:
# /usr/sbin/ntpd -u ntp:ntp -g -n -c /root/ntp_custom_conf
12 Feb 06:42:24 ntpd[894]: ntpd 4.2.8p10 at 1.3728-o Mon Feb 17 11:21:17 UTC 2020 (1): Starting
12 Feb 06:42:24 ntpd[894]: Command line: /usr/sbin/ntpd -u ntp:ntp -g -n -c /root/ntp_custom_conf
restrict <FWD_1>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: restrict <FWD_1>: KOD does nothing without LIMITED.
restrict <FWD_2>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: restrict <FWD_2>: KOD does nothing without LIMITED.
12 Feb 06:42:24 ntpd[894]: Listen normally on 0 lo 127.0.0.1:123
12 Feb 06:42:24 ntpd[894]: Listening on routing socket on fd #18 for interface updates
12 Feb 06:42:24 ntpd[894]: proto: precision = 1.217 usec (-20)
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c01d 0d kern kernel time sync enabled
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c012 02 freq_set kernel 4.030 PPM
12 Feb 06:42:24 ntpd[894]: 0.0.0.0 c016 06 restart
12 Feb 06:42:41 ntpd[894]: 0.0.0.0 0515 05 clock_sync
12 Feb 06:45:22 ntpd[894]: 0.0.0.0 0617 07 panic_stop +549761 s; set clock manually within 1000 s.
12 Feb 06:45:22 ntpd[894]: 0.0.0.0 061d 0d kern kernel time sync disabled
ntp._master.conf
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
interface ignore wildcard
interface ignore lo
interface listen 127.0.0.1
restrict -4 <FWD_1> kod nomodify notrap nopeer noquery
server -4 <FWD_1> prefer iburst minpoll 4 maxpoll 6 key 5
restrict -4 <FWD_2> kod nomodify notrap nopeer noquery
server -4 <FWD_2> autokey prefer iburst minpoll 4 maxpoll 6
fudge 127.127.1.2 stratum 10
tos ceiling 14
driftfile /var/lib/ntp/drift
enable auth
keys /etc/ntp/keys
trustedkey 1
requestkey 1
controlkey 1
crypto pw <client_password>
keysdir /etc/ntp
crypto randfile /dev/urandom
disable monitor
enable stats
statsdir /var/log/ntp/
statistics loopstats
statistics peerstats
filegen peerstats file peerstats type none link enable
filegen loopstats file loopstats type none link enable
tos orphanwait 10
tos orphan 14
# ntpd --version
ntpd 4.2.8p10 at 1.3728-o Tue Feb 18 11:00:14 UTC 2020 (1)
Regards,
Sumit Kumar
mailto: sumit.11.kumar at nokia.com
More information about the questions
mailing list