[ntpwg] Autokey-related Questions
Chen Helen-A12587
Helen.Y.Chen at motorola.com
Fri May 25 14:35:16 PDT 2007
Hi,
I have some questions related to the Autokey protocol and configuration:
1) What exactly does "crypto pw clientpassword" in the autokey
configuration procedure do (mentioned in
http://ntp.isc.org/bin/view/Support/ConfiguringAutokey#Section_6.7.1.2
<http://ntp.isc.org/bin/view/Support/ConfiguringAutokey> .)? Does it
create (and encrypt) a new client password for the purpose of storing it
in ntp.conf for the autokey protocol? When is this password used? I
noticed that when generating the host parameters, a password is passed
to the utility, instead of getting it from ntp.conf.
2) When the server (manually) FTPs the leapseconds table from NIST NTP
server or wherever, where must this file be stored in order for the
autokey protocol code to access it for the autokey dance (to send it to
the client)? Is the location detail documented somewhere?
3) I read somewhere on one of the NTP installation pages (I think) that
"Public key cryptography needs a key file (usually in /usr/local/etc)".
Does this just mean the key/parameter files generated by the ntp-keygen
utility must be stored at /usr/local/etc/? Is the random seed file
(.rnd) the ONLY file that needs to be created manually, besides the
exported IFF parameter file?
4) When is the following command used - crypto [cert file] [leap file]
[randfile file] [host file] [sign file] [ident scheme] [iffpar file]
[gqpar file] [mvpar file] [pw password]? I am confused because it's not
mentioned in the autokey configuration procedure but it's mentioned in
http://www.eecis.udel.edu/~mills/ntp/html/authopt.html
<http://www.eecis.udel.edu/~mills/ntp/html/authopt.html> . Is it just
used when we feel the need to encrypt certain files for storage? When a
file is encrypted, will the autokey software automatically decrypt the
file?
5) When the server extracts the IFF parameters for export to the
clients, what is the security impact of (1) using the same password for
all the clients in the Trust Group, and of (2) using no client password?
Thanks,
Helen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://support.ntp.org/pipermail/ntpwg/attachments/20070525/51cf0120/attachment.html
More information about the ntpwg
mailing list