On 2010-03-30, jacek igalson <[email protected]> wrote:
> My question concerns Autokey configuration. I followed the instructions > contained in: http://psp2.ntp.org/bin/view/Support/ConfiguringAutokey The configuration information in that document is only valid for NTP up to version 4.2.4. This is clearly stated in the first sentence on that page. What version are you using? > I have chosen unicast association and identity scheme: IFF. > > I went through the installation and got the authentication status ok in the > column auth. The auth column is a bit misleading. You must look at the flags for each association. > My flags = 0x87f01 and differs from this which is in the Guide > ( 0x83f21 ). What does that mean? The second bit (0x00*0) indicates the identity scheme in use. Since this bit is clear you are using the default Trusted Certificate (TC) mode. For IFF you would see 0x0020. BTW The flags are decoded at the bottom of Support.ConfiguringAutokey 0x87f01 =~ #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */ #define CRYPTO_FLAG_VALID 0x0100 /* public key verified */ #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */ #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */ #define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */ #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */ #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */ #define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */ -- Steve Kostecke <[email protected]> NTP Public Services Project - http://support.ntp.org/ _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
