| Re: [chrony-users] ntp symmetric auth for internal clients |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] ntp symmetric auth for internal clients
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 2 Sep 2024 13:06:18 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725275184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ummgbkV4l1I36JWT8ZvJbnqGZae4QiYDtozKH2YNiAg=; b=XZ39DNqsNNeaWAe9ufVZyUo9YvkV6IqwOhy60y1dFWN9Y3iXELc5+XmAYsCZIqi1jlIrxb xWjMdZGSPNQIU4qqugm0zy2PMNfT70ixOzZ9jjD+qBOuaFWSAO7OPo4Q2LWv0wl0oin4lh 7Vd+RJ/xM+6HA7lrXi1UHM2+whpbI5g=
On Mon, Sep 02, 2024 at 12:48:42PM +0200, Ede Wolf wrote:
> I need to specify a key for the systems I am serving to, however, the local
> directrive has no key option available.
A server cannot force clients to use a key. The key needs to be
specified on the client side.
> And a global option, similar to "trustedkey 5" in ntpd.conf, for those who
> are also familiar with ntpd, seems also not available.
All keys in the chrony key file are trusted. Unlike with ntpd, there
is no way to trust only a subset of them.
chrony and ntpd should interoperate in both client-server directions.
>
> So if I want to require, let's say key 5 for internal clients, what would be
> the proper way to archive this?
Specify it in the server directive in the client's config.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.