NTPsec on OpenSwitch
Hal Murray
hmurray at megapathdsl.net
Thu Dec 24 06:15:29 UTC 2015
srinivasan.srivatsan at hpe.com said:
> For the initial release we are planning to support only NTP client.
You get a server for "free", without asking for it. You might be able to
hide it with the restrict stuff.
> * Daemon is up and we need to print the current ntp status info,
> * Daemon is up and we need to print the NTP associations info,
Poke around with ntpq. It can read most of the interesting status including
the associations.
There are several different versions of the peers command that squeeze
slightly different info into an 80 character line. (Let us know if you find
that something is missing.)
> * Daemon is up, but we need to allow runtime configuration for
> different NTP servers, along with âpreferâ and âversionâ setting for that
> NTP server. Can we update the Daemon to pick up this new configuration or do
> we have to write to the .conf file and then restart the daemon ?
ntpq has a :config command which feeds the rest of the line to the config
file parser. I haven't used it. I expect some parts will work fine and some
won't work because it's too late to change the baud rate on a refclock that
has already been opened and things like that. (If you find interesting
examples that don't work, we may be able to fix them.)
I think there is an unpeer command (in the config file, not ntpq) so you can
remove servers and add them again to change things. Again, I haven't tried
it.
> * Daemon is up, the user would provide the key-number and md5
> clientpassword. We want to use this configuration for the specific server
> instead of using autokey. Can a restart of the Daemon be avoided when
> setting authentication with the ntp client.
I haven't tried Autokey. Shared keys (MD5 and SHA1) work. I don't know if
you can reload the keys file from ntpq.
> * Does the Daemon support configuring of Broadcast, Multicast or
> Manycasting clients.
I've tried most of those options, but I might have missed one. Everything I
have tried worked, but sometimes it took me a while to set it up correctly.
> * Does the Daemon support Ipv6 Configuration ? If so does Daemon
> support mixed Ipv4 and Ipv6 NTP server configuration ?
Yes. Yes.
--
These are my opinions. I hate spam.
More information about the devel
mailing list