### NTP Autokey problem

Hi,

Following is the scenario being tried out by myself to establish an =
autokey (GQ scheme) authenticated  client-server association.=20

In the server machine:

- ntp.conf in the server_machine
keysdir ./
server  127.127.1.0
fudge   127.127.1.0 stratum 10
server <primary_server> iburst prefer

- I generate the required parameter files, keyfiles and certificates =
using

- Transfer the generated GQ-parameter file =
ntpkey_GQpar_servername.3327213795 to the client.

- Run=20
/usr/sbin/ntpd -c ntp.conf -l log=20
and wait until the server gets synchronised to the primary server =
and the server's stratum gets reduced to 2

In the client machine:

- ntp.conf in the client
keysdir ./
server <server_machine> autokey iburst

- Generate the required keyfiles using
(The GQ parameter file of step 3 is earlier transferred to this =
machine)

- Create a soft link to the parameter file
ln -s ntpkey_GQpar_servername.332721379 ntpkey_gq_servername

- Run=20
/usr/sbin/ntpd -c ntp.conf -l log

On Quering the status of the client ntpd the reachability register =
remains 0 and I get an error message of the form=20

8 Jun 16:59:33 ntpd[22234]: crypto_key error:06065064:digital envelope =
8 Jun 16:59:33 ntpd[22234]: crypto_ident: no compatible identity scheme =
found
8 Jun 16:59:33 ntpd[22234]: transmit: crypto error for <server_machine>

My doubts are=20
1. What is wrong with my configuration?
2. Which exactly is the client key which is to be transferred to the =
client machine if not for ntpkey_GQpar_server.332721379 ?

-Srikanth K.

On 2005-06-08, Kommuri, Srikanth (STSD) <srikanth.k@hp.com> wrote:

> Following is the scenario being tried out by myself to establish an
> autokey (GQ scheme) authenticated client-server association.

<snip>

> 1. What is wrong with my configuration?

The GQ identity scheme requires that you use the same crypto password on
all members of an NTP Trust Group (i.e. a server and it's clients).

BTW: There is a step-by-step guide to configuring autokey at
http://ntp.isc.org/Support/ConfiguringAutokey

> 2. Which exactly is the client key which is to be transferred to the
> client machine if not for ntpkey_GQpar_server.332721379 ?

You copied the correct file.

--
Steve Kostecke <kostecke@ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

