| Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 6 Nov 2023 09:26:24 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1699259191; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=gjhwYKV7Avr1ss3a1lv9HroWy03kmGrXuc4WjDFYCWU=; b=Pda+fcG0Ar7zyHLmS+q4+A197aPcO00glw7JLBt3vCjtjxMjKgl0fwu2TvQ9yJ6+MTtO5+ 7uWtKQrT7QfZ9CR2jRvZrKyoxW2JoDxZdOskRbkMImeWCA5aDf4P/UfL4eo5P/PjxLB87v EtZMxSx1JcG34RFZiNmxzCSywFFs7h0=
On Fri, Nov 03, 2023 at 02:35:21PM -0500, Michael Krell wrote:
> I'm raising this issue because, with that same Chrony configuration on
> our product, we actually have another test passing - we have stood up a
> separate Chrony server with the same key and Chrony configuration and it
> can sync time via the symmetric key authentication just fine. The problem
> we're having is with backwards compatibility to NTP itself. Since we are
> mandated to be backwards compatible with NTP, we would like to see if this
> is something new.
The issue likely is in the key specification (ASCII vs HEX) or
truncated vs untruncated digest with length over 160 bits, which
requires "version 4" in the chrony config as explained in the man
page.
Please post sample configs and key files for both ntpd and chrony.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.