Bug 57845 - ntp-genkeys paths set wrong
ntp-genkeys paths set wrong
Product: Red Hat Linux
Classification: Retired
Component: ntp (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2001-12-27 16:03 EST by Steve Bonneville
Modified: 2007-04-18 12:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-06-07 17:07:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2002:230 normal SHIPPED_LIVE New ntp package fixes a bug in parsing command line options 2002-10-10 00:00:00 EDT

  None (edit)
Description Steve Bonneville 2001-12-27 16:03:52 EST
Description of Problem:

/usr/sbin/ntp-genkeys tries to create the NTPv3 keys file and links
in the wrong places by default.

By default, it sets the keyfile to /ntp.keys.<NTPtime> and a broken link
/usr/etc/ntp.keys -> /usr/etc/ntp.keys.<NTPtime>.

It should probably set the keyfile to /etc/ntp/keys.<NTPtime> and
a symbolic link /etc/ntp/keys -> /etc/ntp/keys.<NTPtime>.

Also, the -k option listed in the command's Usage is not implemented,
although -h is.  In addition, despite the comment in the stock
/etc/ntp/keys file, we do not currently start ntpd with a -A option,
so no flags need to be changed for ntpd to activate authentication.
Comment 1 Steve Bonneville 2001-12-27 22:30:11 EST
Oh, and as long as you're looking at it, the sample /etc/ntp/keys file has the
wrong permissions; it should be readable by user ntp (and no other user), since
that's who ntpd runs as now (not root).
Comment 2 Harald Hoyer 2001-12-28 06:59:27 EST
should be fixed in:
Comment 3 Joe Bayes 2002-06-07 17:07:26 EDT
As far as I can tell (using ntp-4.1.1-1 from RH7.3):

If the default /etc/ntp/keys file exists when you run ntp-genkeys, ntp-genkeys
silently fails to create any files whatsoever. 

ntp-genkeys still makes a deposit in /ntp.keys.<timestamp>, with broken link as
described above.

/etc/ntp.conf still claims that ntpd is started with -A, when it isn't.

/etc/ntp/keys makes the same false claim.

The default /etc/ntp/keys is still root.root 600, so user ntp is going to have a
hard time reading it. 

When run as root, ntp-genkeys creates the /ntp.keys.<timestamp> file as
root.root 600, again making it difficult for user ntp to read. 

-k is still unsupported ("ntp-genkeys -k" returns 
"ntp-genkeys: unknown option -k")

Comment 4 Harald Hoyer 2002-06-11 12:43:39 EDT
found another bug in genkeys... these snprintf(buf, "%s/%s", buf, s2) are 
really scary...
Comment 5 Joe Bayes 2002-06-11 16:03:41 EDT
I installed 4.1.1a-2 off of rawhide...similar problems. Seems ntp-genkeys now
fails silently if /ntp.keys.<timestamp> exists. It still deposits the keyfile in
/ instead of /etc/ntp/
Comment 6 Harald Hoyer 2002-06-12 04:01:40 EDT
the fix is in 4.1.1a-3 ... you have to wait for it...
Comment 7 John Flanagan 2003-02-14 16:02:07 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.