2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
11 # make sure this host already has ntp keys:
14 KEYSDIR="/etc/ntp.keys.d"
15 if ! [ -e "$KEYSDIR/ntpkey_cert_$h" ] ||
16 ! [ -e "$KEYSDIR/ntpkey_host_$h" ] ||
17 ! [ -e "$KEYSDIR/ntpkey_iff_$h" ]; then
18 # on a "server" we would have to add -T to the ntp-keygen call
19 # and then run something like this:
21 ### sed -e 's/^[[:space:]]*#//' << 'EOF'
23 # RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -T -I -H -c RSA-SHA1 -m 1024 &&
24 # RANDFILE=/dev/urandom ntp-keygen -q `hostname` -e | (
28 # echo "# This is the public version of this 'private' key -"
29 # echo "# the private data has been replaced by 0x01."
30 # echo "# (just ask 'openssl dsa -text < foo.pub')"
32 # openssl dsa -passin `hostname` -passin pass:`hostname` ) > ntpkey_iff_`hostname`.pub
35 # So that we can copy that .pub to all the clients that need it (don't
36 # call it .pub on the client then)
38 # on the client this is all we need:
39 if [ -x /usr/sbin/ntp-keygen ] ; then
40 [ -d "$KEYSDIR" ] || install -d -o root -g ntp -m 770 "$KEYSDIR"
41 ( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA1 -m 1024 )