Kevin,
The certificate hike by the client eventually loads the trusted
certificate, then attempt to load the iff file with the same name. You
can use a different name, but there must be a link from the trusted name
to whatever you choose. The crypto iffpar option is for the client
itself serving as a server for dependent clients. Ordinarily, it
attempts to load the iff file with its own name, but that can be changed
by the iffpar option as well. There are many combinations of links and
options, but the best is to use the original keys generated by the
ntp-keygen program and install links as required.
Dave
Kevin Golder wrote:
I'm attempting to override the ntpkey_iff_hostname link using the iffpar
option of the crypto command.
I first setup a trusted authority and client using the iff identity
scheme successfully.
Then I configured the override of the ntpkey_iff_hostname on my trusted
authority successfully.
When I proceeded to do the same on the client, it then could never reach
the server and with the debug turned on, the client kept reporting "no
compatible identity scheme found."
Has anyone else tried this and been successful/unsuccessful?
Thanks,
Kevin
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
