On 2005-12-15, Serge Bets <[EMAIL PROTECTED]> wrote: > How to configure the strict client Client so it makes use of IFF > scheme? Client has to have the good link(s) ntpkey_iff_Server(s) > available, and what else?
http://ntp.isc.org/Support/ConfiguringAutokey This is the client set-up for a unicast association with Autokey + IFF Identity Scheme: 6.6.2.1. Create the NTP Keys directory Create a directory for the NTP Keys (e.g. /etc/ntp.) 6.6.2.2. Edit ntp.conf Add the following lines to ntp.conf: crypto pw clientpassword keysdir /etc/ntp 6.6.2.2.1. Unicast Autokey Append autokey to the server line for the time-server that you want to authenticate with Autokey in a unicast association: server host.some.domain iburst autokey 6.6.2.3. Generate Client Parameters Generate the client key / certificate with the following commands: cd /etc/ntp ntp-keygen -H -p clientpassword 6.6.2.4. Install Group/Client Keys 6.6.2.4.1. IFF Group Keys Obtain the IFF group key, exported in 6.6.1.3.1. IFF Parameters via a secure means (e.g. an SSL Web Form or encrypted e-mail), copy the key file to the keysdir, and create the standard sym-link: cd /etc/ntp ln -s ntpkey_IFFkey_server.xxxxxxxxxx ntpkey_iff_server 6.6.2.5. Restart ntpd -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
