Hello, all. We are working on migrating our Network Time solution from NTP to Chrony on one of our products. As part of the certification process, we have a set of tests that require backwards compatibility. In this configuration, we are running our test NTP server on Ubuntu with the package "ntp" version 4.2.8p12+dfsg-3ubuntu4.20.04.1.
For Chrony, we are using Rocky Linux 9.2 with the chrony RPM install on 4.3-1.
This test specifically is using symmetric key authentication. On the NTP server side, the configuration has not changed, and is implemented with the above-mentioned version of "ntp".
On our product side, where we are migrating to Chrony, we have recreated our configuration within Chrony. And, we do see an error being presented in "chrony -dd" that is unfamiliar to us.
2023-11-02T23:05:29Z main.c:571:(main) chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG)
2023-11-02T23:05:46Z clientlog.c:565:(CLG_LogServiceAccess) service 0 hits 1 rate -128 trate -128 tokens 0
2023-11-02T23:05:46Z ntp_core.c:2454:(NCR_ProcessRxUnknown) NTP packet failed auth mode=1 kod=0
I'm raising this issue because, with that same Chrony configuration on our product, we actually have another test passing - we have stood up a separate Chrony server with the same key and Chrony configuration and it can sync time via the symmetric key authentication just fine. The problem we're having is with backwards compatibility to NTP itself. Since we are mandated to be backwards compatible with NTP, we would like to see if this is something new..
I have created a google document with environment details and additional debug messages (the full "chrony -dd" log output); this includes our full /etc/ntp.conf and test /etc/ntp.keys file. It also includes the Chrony config we are using.
I can make this Google Document available, I do not know if it is best practice to post it here or provide it via another method.
Thank you for your time!
-Mike