Carson, See the example on the Authentication Options page in the online documentation.
You have something wrong; the last two hex digits of the status word should be 21 for IFF. Light up the cryptostats in the filegen function and note the steps, which should include an iff for the client. In the debug trace note the files that are loaded; the server should include your IFF keys file. Dave, Carsten Rieck wrote: >Hej, > >I wonder how to correctly configure dependent autokey servers. >I am using 4.2.4p5 with linuxpps on the server and vanilla 4.2.4p5 on >the clients > >Even though a successful autokey+iff association should show flags=0x83f2, >I think i have a working configuration for a single iff >server(st1)-client system: > >assID=8385 status=f614 reach, conf, auth, sel_sys.peer, 1 event, >event_reach, >flags=0x83f01 > >If the above is a correctly configured/working association on the >client, what would be the correct way of configuring the same client to >be a dependent autokey server? >Obviously the clients private key cannot be used to extract group >parameters. Creating server type parameters on the client brakes the >association to the server . Do dependent servers have to share the same >group parameters ? > >I seem lost and would be grateful for advice. > >with best regards >Carsten Rieck > > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
