Comment 13 for bug 1884265
Revision history for this message
| Joy Latten (j-latten) wrote Re: [fips] Not fully initialized digest segfaulting some client applications | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Additional testing for ntpq authentication to ensure MD5 still works for ntpq in archive
NOTE: The shown testing is ntpq(with patch) + openssl from archive. To ensure all still works.
Testing with ntpq + fips-openssl was also done successfully.
VM-A (ntp server)
1. Edit /etc/ntp.keys to include,
1 SHA1 austintexas
2 MD5 cedarpark
2. Edit /etc/ntp.conf to include.
keys /etc/ntp.keys
trustedkey 2
controlkey 2
requestkey 2
3. restart ntp
sudo service ntp restart
VM-B (ntp client)
$ dpkg -l | grep ntp
ii ntp 1:4.2.8p10+
1. Edit /etc/ntp.keys to include,
1 SHA1 austintexas
2 MD5 cedarpark
2. Edit /etc/ntp.conf to include,
keys /etc/ntp.keys
server <VM-B ipaddress> key 2
trustedkey 2
controlkey 2
requestkey 2
3. I commented out all the "pool" entries in /etc/ntp.conf
4. restart ntp
sudo service ntp restart
On the client,
$ ntpq -c as
ind assid status conf reach auth condition last_event cnt
=======
1 46728 f014 yes yes ok reject reachable 1
Notice that "auth" is ok.
$ ntpq
ntpq> keytype
keytype is MD5 with 16 octet digests
ntpq> keyid 2
ntpq> ifstats
MD5 Password: <enter "cedarpark">
interface name send
# address/broadcast drop flag ttl mc received sent failed peers uptime
=======
0 v6wildcard D 81 0 0 0 0 0 0 96
[::]:123
1 v4wildcard D 89 0 0 0 0 0 0 96
0.0.0.0:123
2 lo . 5 0 0 2 1 0 0 96
127.0.0.1:123
3 ens3 . 19 0 0 2 2 0 1 96
192.
4 lo . 5 0 0 0 0 0 0 96
[::1]:123
5 ens3 . 11 0 0 0 0 0 0 96
[fe80:
ntpq>
Note: issuing "ifstats" requires authentication.
I also tested with SHA1 and it worked as well.
And last test on client,
ntpq -p
remote refid st t when poll reach delay offset jitter
=======
192.168.122.106 204.11.201.12 3 u 56 64 7 1.541 2.723 0.826