On Fri, Oct 16, 2015 at 04:04:22PM +0200, Steven Liegaux wrote: > Hi there, > > I'm trying to configure chrony on a Debian. I need a client, a server and a > packet authentication system (SHA2). If I understand, I can't use OpenSSL > (because the licence is not compatible with the Chrony's GPL licence), so I > need to use NSS. Am I right ?
NSS or tomcrypt. OpenSSL is not supported. The issue with licensing is the main reason. > root@client-chrony:~# /etc/chrony/sbin/chronyd -d > 2015-10-15T15:52:43Z chronyd version 2.1.1 starting (+CMDMON +NTP +REFCLOCK > +RTC -PRIVDROP -DEBUG +ASYNCDNS +IPV6 -SECHASH) -SECHASH means it wasn't compiled with NSS or tomcrypt support. > --disable-sechash Disable support for hashes other than MD5 > --without-nss Don't use NSS even if it is available > --without-tomcrypt Don't use libtomcrypt even if it is available > > Only "disable or without" things. So how can I configure Chrony to use NSS ? > For information, I have the same problem when I use "SHA1", but everything > is OK when I use MD5. Strange nop ? The SECHASH feature is enabled automatically if the configure script can find the NSS or tomcrypt development files. MD5 is always available as there is an internal MD5 implementation included in the chrony source code. Check config.log for errors. It will probably be a missing devel file. It needs the freebl library and nsslowhash.h from NSS. In Fedora, for instance, they are in the nss-softokn-devel and nss-softokn-freebl packages. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.