On 2007-05-07, David L. Mills <[EMAIL PROTECTED]> wrote: > Steve Kostecke wrote: >> On 2007-05-07, Vladimir Smotlacha <[EMAIL PROTECTED]> wrote: >> >>>I setup up an IFF identity scheme at my labs NTP server and client. >>>I did it exactly according to available documentation and it worked O.K. >>>However, I tried it once more with new keys and certficates but without >>>copying IFF parameters to the client (i.e. the client did not know IFF >>>parameters). I expected that the authentication fails but it was >>>successful again.
<snip> >>>What profit has client from knowledge of the IFF params and key? >> >> I'll let someone else answer that. > > The ntpkey_IFF_ file contains both the server and client keys; the > ntpkey_IFFkey_ contains only the client key. Be sure to copy the correct > one. The problem here is _not_ which file to copy. What has happened is that Vladimir has discovered the fact the Autokey will "degrade" to TC in the event that parameters for no other Identity Scheme are present. So he is asking "what's the point" of IFF (and, by extension, GQ and MV) if the Authentication will succeed just on the strength of the host parameters. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
