ntp-keygen problem in ntp-4.2.4p5 - NTP

This is a discussion on ntp-keygen problem in ntp-4.2.4p5 - NTP ; Hi all, I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed that ntp- keygen doesn’t works as it used to work in previous versions. I tried to generate Autokey keys and certificates but it doesn’t work as you ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: ntp-keygen problem in ntp-4.2.4p5

  1. ntp-keygen problem in ntp-4.2.4p5

    Hi all,

    I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed that ntp-
    keygen doesn’t works as it used to work in previous versions. I tried
    to generate Autokey keys and certificates
    but it doesn’t work as you can see bellow. Is it a bug or I am missing
    something? Did they change the ntp-keygen without updating its
    documents?
    # ntp-keygen -H
    ntp-keygen: illegal option – H
    ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.4p5
    USAGE: ntp-keygen [ - [] | --[{=| }] ]...
    Flg Arg Option-Name Description
    -d no debug-level Increase output debug message level
    -D Str set-debug-level Set the output debug message level
    -M no md5key generate MD5 keys
    -v opt version Output version information and exit
    -? no help Display usage information and exit
    -! no more-help Extended usage information passed thru pager
    -> opt save-opts Save the option state to a config file
    -< Str load-opts Load options from a config file

    Options are specified by doubled hyphens and their name
    or by a single hyphen and the flag character.

    please send bug reports to: http://bugs.ntp.isc.org, bugs@ntp.org

    Regards

    Joe

  2. Re: ntp-keygen problem in ntp-4.2.4p5

    Joe,

    I seriously dooubt anything autokey works properly in the p5
    (production) version. That version has been on a different maintainence
    track than the p127 (development) version for well over a year. The p5
    protocol and crypto modules date from December 2006 and the keygen
    module from August of this year. The configuration and key management
    procedures did change in the summer of 2007 to both simplify the
    procedures and provide nested, separately keyed secure groups. This is
    documented on the current web and in the development version.

    I dispair that the production version lags so far behind the development
    version and especially when production maintenance results in
    incompatible module matches. My advice is to use the development
    version, which is in rather good shape.

    By the way, I did verify the -H option does work in p127. The discussion
    on the Authentication Options and ntp-keygen pages has been rewritten
    and clarified. You should find things much simpler, more straightforward
    and with consistent defaults.

    Dave

    youpak2000@yahoo.com wrote:
    > Hi all,
    >
    > I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed that ntp-
    > keygen doesn’t works as it used to work in previous versions. I tried
    > to generate Autokey keys and certificates
    > but it doesn’t work as you can see bellow. Is it a bug or I am missing
    > something? Did they change the ntp-keygen without updating its
    > documents?
    > # ntp-keygen -H
    > ntp-keygen: illegal option – H
    > ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.4p5
    > USAGE: ntp-keygen [ - [] | --[{=| }] ]...
    > Flg Arg Option-Name Description
    > -d no debug-level Increase output debug message level
    > -D Str set-debug-level Set the output debug message level
    > -M no md5key generate MD5 keys
    > -v opt version Output version information and exit
    > -? no help Display usage information and exit
    > -! no more-help Extended usage information passed thru pager
    > -> opt save-opts Save the option state to a config file
    > -< Str load-opts Load options from a config file
    >
    > Options are specified by doubled hyphens and their name
    > or by a single hyphen and the flag character.
    >
    > please send bug reports to: http://bugs.ntp.isc.org, bugs@ntp.org
    >
    > Regards
    >
    > Joe


  3. Re: ntp-keygen problem in ntp-4.2.4p5

    >>> In article , "David L. Mills" writes:

    David> I dispair that the production version lags so far behind the
    David> development version and especially when production maintenance
    David> results in incompatible module matches. My advice is to use the
    David> development version, which is in rather good shape.

    Yes, the release cycle is much faster when I can devote full time to the
    project. There are a couple of blocking bugs that will need the attention
    of Danny, or somebody like him. Need I elaborate on the known solutions to
    this problem?

    The list of bugs that is blocking the 4.2.6 release is:

    http://support.ntp.org/bugs/buglist....ocking%204.2.6

    David> By the way, I did verify the -H option does work in p127. The
    David> discussion on the Authentication Options and ntp-keygen pages has
    David> been rewritten and clarified. You should find things much simpler,
    David> more straightforward and with consistent defaults.

    And Steve has done a fine job implementing:

    http://doc.ntp.org

    which contains the documentation for a number of different versions of NTP.

    But the original reporter's problem seems to be that the version of NTP that
    was built does not seem to have been built with OpenSSL, so none of those
    capabilities will be present in that code.

    --
    Harlan Stenn
    http://ntpforum.isc.org - be a member!

  4. Re: ntp-keygen problem in ntp-4.2.4p5

    On 2008-09-03, David L. Mills wrote:

    > I seriously dooubt anything autokey works properly in the p5
    > (production) version. That version has been on a different maintainence
    > track than the p127 (development) version for well over a year. The p5
    > protocol and crypto modules date from December 2006 and the keygen
    > module from August of this year. The configuration and key management
    > procedures did change in the summer of 2007 to both simplify the
    > procedures and provide nested, separately keyed secure groups. This is
    > documented on the current web and in the development version.


    The Official Distribution Documentation for the 4.2.5 releases of NTP
    is available at http://doc.ntp.org/4.2.5/ in the (searchable) NTP
    Documentation Archive.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  5. Re: ntp-keygen problem in ntp-4.2.4p5

    On 2008-09-03, David L. Mills wrote:

    > I seriously dooubt anything autokey works properly in the p5
    > (production) version. That version has been on a different maintainence
    > track than the p127 (development) version for well over a year. The p5
    > protocol and crypto modules date from December 2006 and the keygen
    > module from August of this year. The configuration and key management
    > procedures did change in the summer of 2007 to both simplify the
    > procedures and provide nested, separately keyed secure groups. This is
    > documented on the current web and in the development version.


    I neglected to mention that the Autokey configuration procedure for the
    current stable releases of NTP is documented ("HOWTO" style) at
    http://support.ntp.org/Support/ConfiguringAutokey

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  6. Re: ntp-keygen problem in ntp-4.2.4p5

    On Sep 2, 11:03*pm, "David L. Mills" wrote:
    > Joe,
    >
    > I seriously dooubt anything autokey works properly in the p5
    > (production) version. That version has been on a different maintainence
    > track than the p127 (development) version for well over a year. The p5
    > protocol and crypto modules date from December 2006 and the keygen
    > module from August of this year. The configuration and key management
    > procedures did change in the summer of 2007 to both simplify the
    > procedures and provide nested, separately keyed secure groups. This is
    > documented on the current web and in the development version.
    >
    > I dispair that the production version lags so far behind the development
    > version and especially when production maintenance results in
    > incompatible module matches. My advice is to use the development
    > version, which is in rather good shape.
    >
    > By the way, I did verify the -H option does work in p127. The discussion
    > on the Authentication Options andntp-keygenpages has been rewritten
    > and clarified. You should find things much simpler, more straightforward
    > and with consistent defaults.
    >
    > Dave
    >
    > youpak2...@yahoo.com wrote:
    > > Hi all,

    >
    > > I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed thatntp-> keygendoesn’t works as it used to work in previous versions. I tried
    > > to generate Autokey keys and certificates
    > > but it doesn’t work as you can see bellow. Is it a bug or I am missing
    > > something? Did they change thentp-keygenwithout updating its
    > > documents?
    > > #ntp-keygen-H
    > >ntp-keygen: illegal option – H
    > >ntp-keygen(ntp) - Create a NTP host key - Ver. 4.2.4p5
    > > USAGE: *ntp-keygen[ - [] | --[{=| }] ]...
    > > * Flg Arg Option-Name * *Description
    > > * *-d no *debug-level * *Increase output debug message level
    > > * *-D Str set-debug-level Set the output debug message level
    > > * *-M no *md5key * * * * generate MD5 keys
    > > * *-v opt version * * * *Output version information and exit
    > > * *-? no *help * * * * * Display usage information and exit
    > > * *-! no *more-help * * *Extended usage information passed thru pager
    > > * *-> opt save-opts * * *Save the option state to a config file
    > > * *-< Str load-opts * * *Load options from a config file

    >
    > > Options are specified by doubled hyphens and their name
    > > or by a single hyphen and the flag character.

    >
    > > please send bug reports to: *http://bugs.ntp.isc.org, b...@ntp.org

    >
    > > Regards

    >
    > > Joe


    Thank you Dr. Mills for your reply and suggestion to use the latest
    p127 dev version. I'm wondering if this dev version is stable enough
    to use it in a commercial product.

    As Harlan (thanks) correctly pointed out the reason ntp-keygen didn't
    work in my 4.2.4p5 build was that I didn't build it with crypto and
    openssl options. I rebuilt it with those options and ntp-keygen works
    as I expected.

    Thanks again.

    Joe

  7. Re: ntp-keygen problem in ntp-4.2.4p5

    Joe,

    Older versions are already in commercial products, but I would expect a
    firmware update to cope with the recent changes. I know wome folks are
    using it, but I suspect not many. I advise waiting for the specs to hit
    the streets before mounting a major advertising campaign.

    Dave

    youpak2000@yahoo.com wrote:
    > On Sep 2, 11:03 pm, "David L. Mills" wrote:
    >
    >>Joe,
    >>
    >>I seriously dooubt anything autokey works properly in the p5
    >>(production) version. That version has been on a different maintainence
    >>track than the p127 (development) version for well over a year. The p5
    >>protocol and crypto modules date from December 2006 and the keygen
    >>module from August of this year. The configuration and key management
    >>procedures did change in the summer of 2007 to both simplify the
    >>procedures and provide nested, separately keyed secure groups. This is
    >>documented on the current web and in the development version.
    >>
    >>I dispair that the production version lags so far behind the development
    >>version and especially when production maintenance results in
    >>incompatible module matches. My advice is to use the development
    >>version, which is in rather good shape.
    >>
    >>By the way, I did verify the -H option does work in p127. The discussion
    >>on the Authentication Options andntp-keygenpages has been rewritten
    >>and clarified. You should find things much simpler, more straightforward
    >>and with consistent defaults.
    >>
    >>Dave
    >>
    >>youpak2...@yahoo.com wrote:
    >>
    >>>Hi all,

    >>
    >>>I installed the new ntp-4.2.4p5 in Redhat 7.2 and I noticed thatntp-> keygendoesn’t works as it used to work in previous versions. I tried
    >>>to generate Autokey keys and certificates
    >>>but it doesn’t work as you can see bellow. Is it a bug or I am missing
    >>>something? Did they change thentp-keygenwithout updating its
    >>>documents?
    >>>#ntp-keygen-H
    >>>ntp-keygen: illegal option – H
    >>>ntp-keygen(ntp) - Create a NTP host key - Ver. 4.2.4p5
    >>>USAGE: ntp-keygen[ - [] | --[{=| }] ]...
    >>> Flg Arg Option-Name Description
    >>> -d no debug-level Increase output debug message level
    >>> -D Str set-debug-level Set the output debug message level
    >>> -M no md5key generate MD5 keys
    >>> -v opt version Output version information and exit
    >>> -? no help Display usage information and exit
    >>> -! no more-help Extended usage information passed thru pager
    >>> -> opt save-opts Save the option state to a config file
    >>> -< Str load-opts Load options from a config file

    >>
    >>>Options are specified by doubled hyphens and their name
    >>>or by a single hyphen and the flag character.

    >>
    >>>please send bug reports to: http://bugs.ntp.isc.org, b...@ntp.org

    >>
    >>>Regards

    >>
    >>>Joe

    >
    >
    > Thank you Dr. Mills for your reply and suggestion to use the latest
    > p127 dev version. I'm wondering if this dev version is stable enough
    > to use it in a commercial product.
    >
    > As Harlan (thanks) correctly pointed out the reason ntp-keygen didn't
    > work in my 4.2.4p5 build was that I didn't build it with crypto and
    > openssl options. I rebuilt it with those options and ntp-keygen works
    > as I expected.
    >
    > Thanks again.
    >
    > Joe


+ Reply to Thread