On 2005-12-02, Kevin Golder <[EMAIL PROTECTED]> wrote:
> I'm attempting to override the ntpkey_iff_hostname link using
> the iffpar option of the crypto command. I first setup a trusted
> authority and client using the iff identity scheme successfully. Then
> I configured the override of the ntpkey_iff_hostname on my trusted
> authority successfully. When I proceeded to do the same on the client,
> it then could never reach the server and with the debug turned on, the
> client kept reporting "no compatible identity scheme found."
If you wish to use a TA to distribute Identity Scheme Parameters for
time servers you will need to use the '-i' and, possibly, the '-s'
ntp-keygen options.
-i name
Set the subject name to name. This is used as the subject field in
certificates and in the file name for host and sign keys.
-s name
Set the issuer name to name. This is used for the issuer field in
certificates and in the file name for identity files.
--
Steve Kostecke <[EMAIL PROTECTED]>
NTP Public Services Project - http://ntp.isc.org/
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
