Grzegorz,
You didn't say whether that message came from the client or the server.
I assume you are running in client/server mode and that NTP works when
not authenticated or even as a sanity check whether it works with
symmetric key cryptography. We have been running it here in several
machine
Hi again,
I have one more question. In which situations I can get the
protocol_error in cryptostats file ? I read in the documentation that
this means 'The protocol state machine has wedged due to unexpected
restart.' However, what does it mean ? In which situations could this
happen ?
I'm tryi
Hi again,
ok, sorry, that was my mistake (about cooperation of -e and -q) I was
reading the old documentation.
Best Regards,
Grzegorz
Grzegorz Daniluk wrote:
> Hi David,
> Why -e and -q options together are confusing ? As I understand correctly
> by -q we give the password to the encrypted pri
Hi David,
Why -e and -q options together are confusing ? As I understand correctly
by -q we give the password to the encrypted private key to openssl to
export the public values (which is made by -e option). When using
standalone openssl for des parameters generation and exporting public
values
Grzegorz,
Using -e and -q on the same command linke is very confusing.
Dave
DP MPGrzegorz Daniluk wrote:
>I know that you wrote the autokey does not work correctly in release
>versions of ntp, but just to compare, please take a look what ntp-keygen
>v4.2.4p7 prints out when using with '-e' op
I know that you wrote the autokey does not work correctly in release
versions of ntp, but just to compare, please take a look what ntp-keygen
v4.2.4p7 prints out when using with '-e' option:
%ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
%cat group.key
# ntpkey_IFFkey_NTS-MAILING.345
Hi, again
I used '>' redirection, after generating keys as I wrote in previous
e-mails, with ntp-keygen -e command as follows:
%ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
However, the operation and printouts were exactly the same as I wrote
you before and created file has length
Grzegorz,
I am using here exactly what I told you. You did not provide evidence
you use the > redirect function to produce the paramters file. I have
nothing more to tell you. I am done with this mission. You should ask
for help elsewhere.
Dave
Grzegorz Daniluk wrote:
>This problem I have wi
Hi
I know how to make the stdout redirection. My point is, that what
ntp-keygen in development version 4.2.4p179 produces to the stdout is
not the public crypto values needed for client in IFF scheme. Actually
there is no difference in the output text when using or not using '-e'
option.
than
This problem I have with ntp-4.2.5p179.
best regards,
Grzegorz
Grzegorz Daniluk wrote:
> Hi,
> Thank you David for your patience and answers. I understand what you
> wrote. However, maybe once again, here is the full procedure I'm using
> to generate those parameters for IFF scheme (with full o
Grzegorz ,
Please review your Unix documentation on how to redirect standare outpu.
I see no ">" character on your command line. Also, including both a -e
and -q option on the same command line would lead to a most confusing
redirected file.
Dave
Grzegorz Daniluk wrote:
>Hi,
>Thank you David
Hi,
Thank you David for your patience and answers. I understand what you
wrote. However, maybe once again, here is the full procedure I'm using
to generate those parameters for IFF scheme (with full output that
ntp-keygen gives to me):
[grzeg...@rocket ~/keys]$ ntp-keygen -T -I -p serverpasswd
Grzegorz,
I think this has been said before: Autokey does not work properly in the
current release version.That version includes a mongrel of old and new
files that are mutually incompatible. Autokey works only in the
development version, at least until the release version catches up.
Dave
Gr
Hi,
Thank you for your answer, I know about this redirecting :) My problem
is that ntp-keygen does not generate those public parameters as e.g.
ntp-keygen in ntp-4.2.4p7.
Best Regards,
Grzegorz
David Mills wrote:
> Grzegorz,
>
> You should read the -e option more carefully. Tthe client paramete
Grzegorz,
You should read the -e option more carefully. Tthe client parameters are
redirected to a specified file, usually using the > filename on the
command line.
Dave
Grzegorz Daniluk wrote:
>Hello, again
>David, I tried using latest development version (4.2.5p179). However,
>ntp-keygen t
Hello, again
David, I tried using latest development version (4.2.5p179). However,
ntp-keygen there looks like ignoring -e option when I want to export a
group key for clients. What I'm doing is:
% ntp-keygen -T -I -p serverpasswd -s hostname
(...)
% ls
ntpkey_IFFkey_hostname.3452249317
nt
Grzegorz,
On rereading your message I learn that you are using the release
version. That versio has an incompatible mix of old and new files that
are unlikely to work properly. The old files when used together and the
new files when used together do work, but not a combination. Use the
develop
Hi,
Thank you for your answer.
I understand what you wrote, and that is exactly what I'm trying to do
by using ntp-keygen. However, it does not work, I receive the log
message as described in the first e-mail.
Am I doing something wrong ? Please advise.
best regards,
Grzegorz
David Mills wrote
Grzegorz,
With reference to the documentation, you act as a trusted agent (TA) to
generate cryptographic media for a trusted host (TH) whose name is
specifiied in the -s option of ntp-keygen.
Dave
Grzegorz Daniluk wrote:
>Hi,
>did anybody try to generate keys and certificate for IFF scheme u
Hi,
did anybody try to generate keys and certificate for IFF scheme using
ntp-keygen, but outside the server that will use it ? or maybe it is not
possible ?
E.g. I need to generate keys and signed certificate on my computer for
another server (lets say whose hostname is 'A'). Then I tried like
20 matches
Mail list logo
