On 2005-12-09, Serge Bets <[EMAIL PROTECTED]> wrote: > On Thursday, December 8, 2005 at 18:51:39 +0000, Steve Kostecke > wrote: > >> Test Client: stasis >> With the following files in the client's /etc/ntp > > I'm grateful for the data. And finally understood the mysterious > factor giving us different results. You *do* have a ntpkey_iff_stasis > link: > >| ntpkey_iff_stasis -> ntpkey_IFFpar_stasis.3342803910
No, I don't. Please re-read my previous article; that line you quoted above is from a much older article. Those tests were performed with 'stasis' configured purely as a unicast client of 'ntp0'. The following files were, and still are, in in the client's keysdir: ntpkey_iff_ntp0.kostecke.net -> ntpkey_IFFkey_ntp0.kostecke.net.3315100165 ntpkey_cert_stasis -> ntpkey_RSA-MD5cert_stasis.3342803910 ntpkey_host_stasis -> ntpkey_RSAkey_stasis.3342803910 > And this symlink changes everything. Stasis is not a strict client. > Stasis is also a server, in another trusted group. Stasis _was_ configured only as a unicast client in my last round of tests. Stasis is now configured as a multicast client and the association with ntp0 still shows flags=0x83f21 > You are not in the conditions of section 6.6.2 "Client Set-Up" of > ConfiguringAutokey. The client has an ntpkey_IFFkey_server.xxxxxxxxxx file with the ntpkey_iff_server symlink in its keysdir. That _is_ in compliance with 6.6.2. Client Set-Up. >> In one sense you're correct: it is _possible_ to use an >> ntpkey_iff_client symlink. But, is not _necessary_ to to so. > > An ntpkey_iff_client symlink is absolutely necessary(1). Really? My experience with a variety of Linux and FreeBSD systems has conclusively demonstrated that this is _not_ the case. And, yes, I've confirmed that their authenticated associations all report flags=0x83f21. >> ntpd may belong to more than one Trust Group. Using an >> ntpkey_iff_client symlink (or file) breaks this feature. > > No such feature breakage: These were cascaded exclusive "or"s. You can't have more than one sym-link with the same name. So you can't create an ntpkey_*_client symlink to each of your ntpkey_*_server.xxxxxxxx files. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
