color: #FF0000;
font-weight: bold;
}
-.style1 {color: #FF0000}
+.style1 {
+ color: #FF0000
+}
</style>
</head>
<body>
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->22-Dec-2010 21:55<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->31-Dec-2010 6:20<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
<dt><tt>host <i>name</i></tt></dt>
- <dd>Specifies the string used when constructing the names for the host, sign
- and certificate files generated by the <tt>ntp-keygen</tt> program with the <tt>-s <i>host</i></tt> option.</dd>
- <dd><span class="style1">Note: In the latest Autokey version, this option is deprecated. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</span></a>
- <dt> </dt>
+ <dd>Specifies the Autokey host name of this host. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
+ <dd><span class="style1">Note: In the latest Autokey version, this option has no affect other than to change the Autokey host name.</span></dd>
<dt><tt>ident <i>group</i></tt></dt>
- <dd>Specifies the optional string used in retrieving the identity files generated by the <tt>ntp-keygen</tt> program with the <tt>-i <i>group</i></tt> option.</dd>
+ <dd>Specifies the Autokey group name of this host. If this option is not specified, the default is the empty string.</dd>
+ <dd><span class="style1">Note: In the latest Autokey version, this option has no affect other than to change the Autokey group name.</span></dd>
<dt><tt>pw <i>password</i></tt></dt>
- <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option.</dd>
+ <dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine. </dd>
<dt><tt>randfile <i>file</i></tt></dt>
<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <tt>ntp-keygen</tt> page.</dd>
</dl>
</dd>
+ <dt id="keys"><tt>ident <i>group</i></tt></dt>
+ <dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt id="keys"><tt>keys <i>path</i></tt></dt>
<dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
<dt id="keysdir"><tt>keysdir <i>path</i></tt></dt>
{
struct pkey_info *pinfo; /* private/public key */
char filename[MAXFILENAME]; /* file name buffer */
- char * randfile;
+ char hostname[MAXFILENAME]; /* host name buffer */
+ char *randfile;
char statstr[NTP_MAXSTRLEN]; /* statistics for filegen */
l_fp seed; /* crypto PRNG seed as NTP timestamp */
u_int len;
/*
* Initialize structures.
*/
- if (sys_hostname == NULL) {
- gethostname(filename, MAXFILENAME);
- sys_hostname = emalloc(strlen(filename) + 1);
- strcpy(sys_hostname, filename);
- }
+ gethostname(hostname, MAXFILENAME);
+ if (sys_hostname == NULL)
+ sys_hostname = strdup(hostname);
if (passwd == NULL)
passwd = sys_hostname;
+
memset(&hostval, 0, sizeof(hostval));
memset(&pubkey, 0, sizeof(pubkey));
memset(&tai_leap, 0, sizeof(tai_leap));
* as we know it ends. The host key also becomes the default
* sign key.
*/
- snprintf(filename, MAXFILENAME, "ntpkey_host_%s", sys_hostname);
+ snprintf(filename, MAXFILENAME, "ntpkey_host_%s", hostname);
pinfo = crypto_key(filename, passwd, NULL);
if (pinfo == NULL) {
msyslog(LOG_ERR,
* Load optional sign key from file "ntpkey_sign_<hostname>". If
* available, it becomes the sign key.
*/
- snprintf(filename, MAXFILENAME, "ntpkey_sign_%s", sys_hostname);
+ snprintf(filename, MAXFILENAME, "ntpkey_sign_%s", hostname);
pinfo = crypto_key(filename, passwd, NULL); if (pinfo != NULL)
sign_pkey = pinfo->pkey;
/*
* Load required certificate from file "ntpkey_cert_<hostname>".
*/
- snprintf(filename, MAXFILENAME, "ntpkey_cert_%s", sys_hostname);
+ snprintf(filename, MAXFILENAME, "ntpkey_cert_%s", hostname);
cinfo = crypto_cert(filename);
if (cinfo == NULL) {
msyslog(LOG_ERR,
filename);
exit (-1);
}
- hostval.vallen = htonl(strlen(cinfo->subject));
- hostval.ptr = cinfo->subject;
+printf("xxx %s %s\n", sys_hostname, sys_groupname);
+
if (sys_groupname == NULL)
- sys_groupname = sys_hostname;
+ snprintf(filename, MAXFILENAME, "%s", sys_hostname);
+ else
+ snprintf(filename, MAXFILENAME, "%s@%s", sys_hostname,
+ sys_groupname);
+ hostval.vallen = htonl(strlen(filename));
+ hostval.ptr = strdup(filename);
/*
* Load optional IFF parameters from file
- * "ntpkey_iffkey_<groupname>".
+ * "ntpkey_iffkey_<hostname>".
*/
snprintf(filename, MAXFILENAME, "ntpkey_iffkey_%s",
- sys_groupname);
+ hostname);
iffkey_info = crypto_key(filename, passwd, NULL);
if (iffkey_info != NULL)
crypto_flags |= CRYPTO_FLAG_IFF;
/*
* Load optional GQ parameters from file
- * "ntpkey_gqkey_<groupname>".
+ * "ntpkey_gqkey_<hostname>".
*/
snprintf(filename, MAXFILENAME, "ntpkey_gqkey_%s",
- sys_groupname);
+ hostname);
gqkey_info = crypto_key(filename, passwd, NULL);
if (gqkey_info != NULL)
crypto_flags |= CRYPTO_FLAG_GQ;
/*
* Load optional MV parameters from file
- * "ntpkey_mvkey_<groupname>".
+ * "ntpkey_mvkey_<hostname>".
*/
snprintf(filename, MAXFILENAME, "ntpkey_mvkey_%s",
- sys_groupname);
+ hostname);
mvkey_info = crypto_key(filename, passwd, NULL);
if (mvkey_info != NULL)
crypto_flags |= CRYPTO_FLAG_MV;
*/
crypto_flags |= CRYPTO_FLAG_ENAB | (cinfo->nid << 16);
snprintf(statstr, NTP_MAXSTRLEN,
- "setup 0x%x host %s %s", crypto_flags, sys_hostname,
+ "setup 0x%x host %s %s", crypto_flags, hostname,
OBJ_nid2ln(cinfo->nid));
record_crypto_stats(NULL, statstr);
#ifdef DEBUG
projects / thirdparty / ntp.git / commitdiff
