Victor, See the cryptotype table on the Authentication Options page. If a client needs IFF identity, all it needs is the IFF parameters file; the rest is automatic.
Dave Victor Jesus Angus wrote: >Further reading Authentication Options and stime.pdf, is it safe to say that >given the setup below and using the Schnorr/IFF scheme, > >1. the group name is not needed on the clients ? >2. there's no need to send any server files/keys to the client and still IFF >will work as designed ? > >Again how else do you know that the scheme is working other than being able to >receive the time? > > server > ------ > | > +------+-----+-----+ > client1 | client3 | > client2 client4 > >Thanks. > >Victor > >--- On Thu, 5/7/09, Victor Jesus Angus <[email protected]> wrote: > > > >>From: Victor Jesus Angus <[email protected]> >>Subject: [ntp:questions] autokey IFF client setup >>To: [email protected] >>Date: Thursday, May 7, 2009, 12:08 PM >> >>NTP client was not able to detect the IFF config files >>because the crypto_flags in crypto_setup() shows the >>following line >> >>crypto_setup: setup 0x80001 host myclient >>md5WithRSAEncryption >> >>I'm using 4.2.5p158 and have the following configurations. >> >>$ cat /etc/ntp.conf >>server myserver.domain.com autokey >>crypto pw myclientpass >>crypto randfile /dev/urandom >>keysdir /etc/ntp >> >>$ ls /etc/ntp >>ntpkey_cert_myclient -> >>ntpkey_RSA-MD5cert_myclient.3445412414 >>ntpkey_host_myclient -> >>ntpkey_RSAkey_myclient.3445412414 >>ntpkey_iff_myclient -> ntpkey_host_myclient >>ntpkey_iffkey_myserver >>ntpkey_RSAkey_myclient.3445412394 >>ntpkey_RSAkey_myclient.3445412414 >>ntpkey_RSA-MD5cert_myclient.3445412394 >>ntpkey_RSA-MD5cert_myclient.3445412414 >> >>It was able to transmit the request though and receive a >>response from the server but not sure if it is really using >>the IFF scheme. >>How to accurately verify this? >> >>As for the flag, I checked the defines and bit 0x0020 >>should have been set during loading of key files, right? >>In http://support.ntp.org/bin/view/Support/ConfiguringAutokey >>6.7.2, there is a note, "Trusted ntp servers which also >>operate as clients of other ntp servers may need to 6.7.3.4. >>Install Group/Client Keys." If I have a client only setup, >>then I don't need to install the group keys? >>What is really the purpose of the group keys? If the group >>keys are optional, what are the downside if it is not >>installed? >> >>Thanks. >> >>Victor >> >> >> >> >>_______________________________________________ >>questions mailing list >>[email protected] >>https://lists.ntp.org/mailman/listinfo/questions >> >> >> > > > >_______________________________________________ >questions mailing list >[email protected] >https://lists.ntp.org/mailman/listinfo/questions > > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
