Hi I'm trying to enable a NTP client and NTP server in my environment to work using NTP PKI authentication.
In the /usr/local/etc directory/folder, I've run 'ntp-keygen -S RSA -c RSA-SHA256 -m 2048' on both my NTP client system and my NTP server system; this created the expected certificate and private key pairs: lava93141:~ # ls -l /usr/local/etc/ total 24 -rw-r----- 1 root root 1098 Dec 12 14:47 ntpkey_RSA-SHA256cert_lava93141.3785176056 -rw-r----- 1 root root 1900 Dec 12 14:47 ntpkey_RSAhost_lava93141.3785176056 -rw-r----- 1 root root 1900 Dec 12 14:47 ntpkey_RSAsign_lava93141.3785176056 lrwxrwxrwx 1 root root 42 Dec 12 14:47 ntpkey_cert_lava93141 -> ntpkey_RSA-SHA256cert_lava93141.3785176056 lrwxrwxrwx 1 root root 35 Dec 12 14:47 ntpkey_host_lava93141 -> ntpkey_RSAhost_lava93141.3785176056 lrwxrwxrwx 1 root root 35 Dec 12 14:47 ntpkey_sign_lava93141 -> ntpkey_RSAsign_lava93141.3785176056 lava93141:~ # On my NTP client, I'm using these parameters in /etc/ntp.conf: # # Authentication stuff # #keys /etc/ntp.keys # path for keys file #trustedkey 1 # define trusted keys #requestkey 1 # key (7) for accessing server variables #controlkey 1 # key (6) for accessing server variables keysdir /usr/local/etc server lava93101.dev.local autokey crypto On my NTP server (lava93101.dev.local), I'm using these parameters in /etc/ntp.conf: # # Authentication stuff # #keys /etc/ntp.keys # path for keys file #trustedkey 1 # define trusted keys #requestkey 1 # key (7) for accessing server variables #controlkey 1 # key (6) for accessing server variables server minnie.lss.emc.com iburst keysdir /usr/local/etc crypto When I start ntpd on both ntp client and ntp server, there are no errors reported in /var/log/messages or in /var/log/ntp related to the crypto stuff. When I start ntpd with the '-D2' option, I don't see anything that looks like an obvious error. But I'm seeing these problems: 1. 'ntpq -p' forever shows a refid of .INIT.: lava93141:~ # ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== lava93101.dev.l .INIT. 16 u 16 64 0 0.000 0.000 0.000 lava93141:~ # 2. If I use 'date' to set the time on my ntp client to give minutes in the past, the system time is never corrected. If I edit /etc/ntp.conf on my ntp client, comment out the authentication stuff, and restart ntpd, the system time is corrected within seconds of ntpd restarting. This leads me to conclude that ntp is non-functional on my client, at least in its role of maintaining the system time. I've searched the ntp documentation, but don't see what I've done wrong, and I don't see a way to debug this. I'm using ntp-4.2.8p13-85.1.x86_64 on SLES 12 SP4. Thanks for any help! Terry Lemons Dell EMC _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions