Thanks, here is the key and server config information. I've included the link to the full log of errors and documentation below.
Our implementation currently uses ASCII keys, and follows the 'optional' usage for ASCII (Per the man page for chrony.conf : " The key can be specified as a string of ASCII characters not containing white space with an optional *ASCII:* prefix, or...". Thanks for the heads up, I will take a closer look and add keys with additional lengths and formats, and then retest. We really need to test against implicit ASCII, explicit ASCII, and explicit HEX keys. Our test plans do need to expand to cover both ASCII and HEX key usage/support, being honest, so if this is an aspect we need to address, we can definitely do so. *Chrony Client :* /etc/chrony.conf : authselectmode require keyfile /etc/chrony.keys server 10.207.4.84 prefer version 4 iburst key 20 /etc/chrony.keys : 20 SHA1 421b67770525bde2e926354a88ae2f81c7c76108 *NTP Server :* /etc/ntp.conf : keys /etc/ntp.keys trustedkey 1 5 20 21 22 /etc/ntp.keys: 20 SHA1 421b67770525bde2e926354a88ae2f81c7c76108 #RSA-SHA1-compliant Full logs and config for both server and client configurations and logs can be found here: https://tinyurl.com/2utbe2uk -Mike On Mon, Nov 6, 2023 at 2:26 AM Miroslav Lichvar <[email protected]> wrote: > On Fri, Nov 03, 2023 at 02:35:21PM -0500, Michael Krell wrote: > > I'm raising this issue because, with that same Chrony configuration on > > our product, we actually have another test passing - we have stood up a > > separate Chrony server with the same key and Chrony configuration and it > > can sync time via the symmetric key authentication just fine. The > problem > > we're having is with backwards compatibility to NTP itself. Since we are > > mandated to be backwards compatible with NTP, we would like to see if > this > > is something new. > > The issue likely is in the key specification (ASCII vs HEX) or > truncated vs untruncated digest with length over 160 bits, which > requires "version 4" in the chrony config as explained in the man > page. > > Please post sample configs and key files for both ntpd and chrony. > > -- > Miroslav Lichvar > > > -- > To unsubscribe email [email protected] > with "unsubscribe" in the subject. > For help email [email protected] > with "help" in the subject. > Trouble? Email [email protected]. > >
