On 2006-02-04, Peter Pramberger <[EMAIL PROTECTED]> wrote: > Peter Pramberger schrieb:
> Update: It seems I've done the IFF part wrong. According to > http://www.eecis.udel.edu/~mills/ntp/html/keygen.html ... > > "For the IFF scheme proceed as in the TC scheme to generate keys and > certificates for all group hosts, then for every trusted host in the group, > generate the IFF parameter file. On trusted host alice run ntp-keygen -T -I -p > password to produce her parameter file ntpkey_IFFpar_alice.filestamp, which > includes both server and client keys. Copy this file to all group hosts that > operate as both servers and clients and install a soft link from the generic > ntpkey_iff_alice to this file." > > ... instead of running "ntp-keygen -T -I -p somepass" on all trusted servers > peering with each other in the trust group I had to create the IFFpar only on > one of them and just copy it to the other trusted servers, create the link, > and then create their host certificates ("ntp-keygen -T -q somepass"). I've tried that (a shared IFFpar) in that past and couldn't get it to work. Both of my authenticated peers have their own unique IFFpar file and have exchanged IFFkey files. I'm currently testing the lastest ntp-dev snapshot on Peer1. > Then I can put the leapseconds file on one (only!) of the trusted servers and > it will get distributed among the trust group. Which is then dependent on that particular ntpd staying up. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
