Hi Steve, I am posting my questions again in text format. I hoe you can read it this time.
Thank you for your comments. I tried ntpq -c "rv assID flags" command, it shows the Identity Scheme that the server supports regardless of what identity scheme has been installed on the client. Here are the result of my experiments: Server Identity scheme | ntpq -c "rv assID flags" -------------------------------------|---------------------------------- IFF | 0x417f21 GQ | 0x417f41 IFF and GQ | 0x417f61 "rv assID flags" returns the same value whether I install IFF parameters, or GQ parameters or none on the client. So my question again is that how can I verify that IFF or GQ schemes are actually working? Association flag shows auth is 'ok' whether I install an Identity Scheme on the client or not, so it's not an indication that IFF or GQ is actually being used. BTW, I found two problems in this document:http://support.ntp.org/bin/view/Support/ConfiguringAutokey In sections 6.7.2.5 and 6.7.3.6: ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf` '-q' option for updatuing keys doesn't work, '-p'works; is this a typo in the document? [root@myserver]# ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf` Using OpenSSL version 90802f Using host myserver group myserver Corrupt file ntpkey_host_myserver or wrong key myserver error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Regards On Thu, Dec 15, 2011 at 10:18 AM, Joe Smithian <joe.smith...@gmail.com> wrote: > > Hi Steve, > > Thank you for your comments. I tried ntpq -c "rv assID flags" command, it > shows the > Identity Scheme that the server supports regardless of what identity scheme > has been installed on the client. > Here are the result of my experiments: > > Server Identity scheme | ntpq -c "rv assID flags" > -------------------------------------|---------------------------------- > IFF | 0x417f21 > GQ | 0x417f41 > IFF and GQ | 0x417f61 > > "rv assID flags" returns the same value whether I install IFF parameters, or > GQ parameters or none on the client. So my question again is that how can I > verify that IFF or GQ schemes are actually working? > > Association flag shows auth is 'ok' whether I install an Identity Scheme on > the client or not, so it's not an indication that IFF or GQ is actually being > used. > > BTW, I found two problems in this > document:http://support.ntp.org/bin/view/Support/ConfiguringAutokey > > In sections 6.7.2.5 and 6.7.3.6: > ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' </etc/ntp.conf` > > '-q' option for updatuing keys doesn't work, '-p'works; is this a typo > in the document? > > [root@myserver]# ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' > </etc/ntp.conf` > Using OpenSSL version 90802f > Using host myserver group myserver > Corrupt file ntpkey_host_myserver or wrong key myserver > error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt > > Regards > > Joe > > > > On Tue, Dec 13, 2011 at 10:55 AM, Steve Kostecke <koste...@ntp.org> wrote: >> >> On 2011-12-12, Joe Smithian <joe.smith...@gmail.com> wrote: >> >> > I have configured my NTP server and client to use Autokey with IFF >> > Identity scheme and it's working, client synchronizes to my servers. >> > It synchronizes with and without copying the IFF parameter to the >> > client. So I'm wondering if IFF identity scheme is actually being >> > used; How can I verify that? >> >> By checking the association flags. >> >> Please see >> http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4. >> >> -- >> Steve Kostecke <koste...@ntp.org> >> NTP Public Services Project - http://support.ntp.org/ >> >> _______________________________________________ >> questions mailing list >> questions@lists.ntp.org >> http://lists.ntp.org/listinfo/questions > > _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions