Re: [chrony-users] Problem with authentication algorithm

[ Thread Index | Date Index | More Archives ]

On Fri, Oct 16, 2015 at 04:04:22PM +0200, Steven Liegaux wrote:
> Hi there,
> I'm trying to configure chrony on a Debian. I need a client, a server and a
> packet authentication system (SHA2). If I understand, I can't use OpenSSL
> (because the licence is not compatible with the Chrony's GPL licence), so I
> need to use NSS. Am I right ?

NSS or tomcrypt. OpenSSL is not supported. The issue with licensing is
the main reason.

> root@client-chrony:~# /etc/chrony/sbin/chronyd -d
> 2015-10-15T15:52:43Z chronyd version 2.1.1 starting (+CMDMON +NTP +REFCLOCK

-SECHASH means it wasn't compiled with NSS or tomcrypt support.

>  --disable-sechash      Disable support for hashes other than MD5
>   --without-nss          Don't use NSS even if it is available
>   --without-tomcrypt     Don't use libtomcrypt even if it is available
> Only "disable or without" things. So how can I configure Chrony to use NSS ?
> For information, I have the same problem when I use "SHA1", but everything
> is OK when I use MD5. Strange nop ?

The SECHASH feature is enabled automatically if the configure script
can find the NSS or tomcrypt development files. MD5 is always
available as there is an internal MD5 implementation included in the
chrony source code.

Check config.log for errors. It will probably be a missing devel file.

It needs the freebl library and nsslowhash.h from NSS. In Fedora, for
instance, they are in the nss-softokn-devel and nss-softokn-freebl

Miroslav Lichvar

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+