Hi Steve, Thank you for your comments. I tried ntpq -c "rv assID flags" command, it shows the Identity Scheme that the server supports regardless of what identity scheme has been installed on the client. Here are the result of my experiments:
Server Identity scheme | ntpq -c "rv assID flags" -------------------------------------|---------------------------------- IFF | 0x417f21 GQ | 0x417f41 IFF and GQ | 0x417f61 "rv assID flags" returns the same value whether I install IFF parameters, or GQ parameters or none on the client. So my question again is that how can I verify that IFF or GQ schemes are actually working? Association flag shows auth is 'ok' whether I install an Identity Scheme on the client or not, so it's not an indication that IFF or GQ is actually being used. BTW, I found two problems in this document: http://support.ntp.org/bin/view/Support/ConfiguringAutokey<http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4> In sections 6.7.2.5 and 6.7.3.6: ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf` '-q' option for updatuing keys doesn't work, '-p'works; is this a typo in the document? [root@myserver]# ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf` Using OpenSSL version 90802f Using host myserver group myserver Corrupt file ntpkey_host_myserver or wrong key myserver error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Regards Joe On Tue, Dec 13, 2011 at 10:55 AM, Steve Kostecke <[email protected]> wrote: > On 2011-12-12, Joe Smithian <[email protected]> wrote: > > > I have configured my NTP server and client to use Autokey with IFF > > Identity scheme and it's working, client synchronizes to my servers. > > It synchronizes with and without copying the IFF parameter to the > > client. So I'm wondering if IFF identity scheme is actually being > > used; How can I verify that? > > By checking the association flags. > > Please see > http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4. > > -- > Steve Kostecke <[email protected]> > NTP Public Services Project - http://support.ntp.org/ > > _______________________________________________ > questions mailing list > [email protected] > http://lists.ntp.org/listinfo/questions > _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
