On 2011-03-29, Dave Hart <h...@ntp.org> wrote: > On Tue, Mar 29, 2011 at 12:53 AM, David L. Mills <mi...@udel.edu> wrote: > >> I sent you a message requesting to test this before deployment. >> >> > I was referring to docs galore as I thrashed about earlier. I don't doubt > each of your changes was an improvement, but each one also made Steve's > 4.2.4 step-by-step guide less useful. I was looking at:
I've moved the legacy Autokey Configuration to http://support.ntp.org/bin/view/Support/ConfiguringAutokeyFourTwoFour http://support.ntp.org/bin/view/Support/ConfiguringAutokey is being updated for the current Autokey configuration scheme. It currently only covers IFF and it does not address any of the ident/group name features. At the moment I have ntp-dev-4.2.7p142 Autokey+IFF running between psp-fb1 (trust group server) and psp-os1. Here's the view from the client: ntpq> rv &6 assID=29118 \ status=f63a reach, conf, auth, sel_sys.peer, 3 events, event_10, srcadr=psp-fb1.ntp.org, srcport=123, dstadr=2001:4f8:fff7:1::26, dstport=123, leap=00, stratum=2, precision=-20, rootdelay=0.626, rootdisp=16.495, refid=209.81.9.7, reftime=d13c56aa.cc4f74b3 Tue, Mar 29 2011 13:01:30.798, rec=d13c588e.76244c5b Tue, Mar 29 2011 13:09:34.461, reach=377, unreach=0, hmode=3, pmode=4, hpoll=6, ppoll=6, headway=176, flash=00 ok, keyid=2472358740, offset=-1.346, delay=0.194, dispersion=5.554, jitter=0.605, xleave=0.028, filtdelay= 0.28 0.25 0.34 0.29 0.25 0.26 0.19 0.22, filtoffset= -0.96 -0.85 -0.72 -0.69 -0.80 -0.97 -1.35 -0.39, filtdisp= 0.00 1.02 2.04 3.03 4.05 5.06 6.06 7.05, host="psp-fb1.ntp.org", flags=0x87f21, signature="md5WithRSAEncryption" The flags decode as: #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */ #define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */ #define CRYPTO_FLAG_VALID 0x0100 /* public key verified */ #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */ #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */ #define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */ #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */ #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */ #define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */ I also have Autokey+IFF running between a 4.7.7p142 (amd64) client and a 4.2.6p2 (686) server on my home LAN. I appreciate Dave Hart's patience with me on IRC while getting this up and running. -- Steve Kostecke <koste...@ntp.org> NTP Public Services Project - http://support.ntp.org/ _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions