NTP client was not able to detect the IFF config files because the crypto_flags in crypto_setup() shows the following line
crypto_setup: setup 0x80001 host myclient md5WithRSAEncryption I'm using 4.2.5p158 and have the following configurations. $ cat /etc/ntp.conf server myserver.domain.com autokey crypto pw myclientpass crypto randfile /dev/urandom keysdir /etc/ntp $ ls /etc/ntp ntpkey_cert_myclient -> ntpkey_RSA-MD5cert_myclient.3445412414 ntpkey_host_myclient -> ntpkey_RSAkey_myclient.3445412414 ntpkey_iff_myclient -> ntpkey_host_myclient ntpkey_iffkey_myserver ntpkey_RSAkey_myclient.3445412394 ntpkey_RSAkey_myclient.3445412414 ntpkey_RSA-MD5cert_myclient.3445412394 ntpkey_RSA-MD5cert_myclient.3445412414 It was able to transmit the request though and receive a response from the server but not sure if it is really using the IFF scheme. How to accurately verify this? As for the flag, I checked the defines and bit 0x0020 should have been set during loading of key files, right? In http://support.ntp.org/bin/view/Support/ConfiguringAutokey 6.7.2, there is a note, "Trusted ntp servers which also operate as clients of other ntp servers may need to 6.7.3.4. Install Group/Client Keys." If I have a client only setup, then I don't need to install the group keys? What is really the purpose of the group keys? If the group keys are optional, what are the downside if it is not installed? Thanks. Victor _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
