Lines Matching +full:a +full:- +full:f
2 . it 1 an-trap
6 .ds B-Font [CB]
7 .ds I-Font [CI]
8 .ds R-Font [CR]
10 .ds B-Font B
11 .ds I-Font I
12 .ds R-Font R
15 .\" EDIT THIS FILE WITH CAUTION (in-mem file)
17 .\" It has been AutoGen-ed May 25, 2024 at 12:04:03 AM by AutoGen 5.18.16
19 .\" and the template file agman-cmd.tpl
21 \f\*[B-Font]ntp.conf\fP
22 \- Network Time Protocol (NTP) daemon configuration file format
24 \f\*[B-Font]ntp.conf\fP
25 [\f\*[B-Font]\-\-option-name\f[]]
26 [\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]]
36 \f\*[B-Font]ntp.conf\fP
38 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
42 \fI/etc\f[]
46 \f\*[B-Font]\-c\f[]
54 Comments begin with a
59 followed by a list of arguments,
63 host addresses written in numeric, dotted-quad form,
75 \fI/usr/share/doc/ntp\f[])
78 \fIConfiguration\f[] \fIOptions\f[],
82 \fIAuthentication\f[] \fISupport\f[]
84 \fIMonitoring\f[] \fISupport\f[]
86 \fIAccess\f[] \fIControl\f[] \fISupport\f[]
88 \fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
90 \fIReference\f[] \fIClock\f[] \fISupport\f[]
92 \fIMiscellaneous\f[] \fIOptions\f[]
97 Following these is a section describing
98 \fIMiscellaneous\f[] \fIOptions\f[].
99 While there is a rich set of options available,
101 \f\*[B-Font]pool\f[],
102 \f\*[B-Font]server\f[],
103 \f\*[B-Font]peer\f[],
104 \f\*[B-Font]broadcast\f[]
106 \f\*[B-Font]manycastclient\f[]
109 Following is a description of the configuration commands in
114 classes of commands, configuration commands that configure a
115 persistent association with a remote server or peer or reference
122 (s) a remote server or peer (IPv4 class A, B and C), (b) the
123 broadcast address of a local interface, (m) a multicast address (IPv4
124 class D), or (r) a reference clock address (127.127.x.x).
133 If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
136 In a few cases, including the
137 \f\*[B-Font]reslist\f[]
140 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
142 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[],
154 Note that in contexts where a host name is expected, a
155 \f\*[B-Font]\-4\f[]
158 while a
159 \f\*[B-Font]\-6\f[]
164 .NOP \f\*[B-Font]pool\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]xmtnonce\f[]]
166 .NOP \f\*[B-Font]server\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]true\f[]] [\f\*[B-Font]xmtnonce\f[]]
168 .NOP \f\*[B-Font]peer\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]true\f[]] [\f\*[B-Font]xleave\f[]]
170 .NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]] [\f\*[B-Font]xleave\f[]]
172 .NOP \f\*[B-Font]manycastclient\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]]
180 \f\*[I-Font]address\f[]
182 either a DNS name or an IP address in dotted-quad notation.
188 \fI/usr/share/doc/ntp\f[]).
190 .NOP \f\*[B-Font]pool\f[]
191 For type s addresses, this command mobilizes a persistent
192 client mode association with a number of remote servers.
197 .NOP \f\*[B-Font]server\f[]
198 For type s and r addresses, this command mobilizes a persistent
205 \fInot\f[]
209 .NOP \f\*[B-Font]peer\f[]
210 For type s addresses (only), this command mobilizes a
211 persistent symmetric-active mode association with the specified
216 This is useful in a network of servers where, depending on
222 .NOP \f\*[B-Font]broadcast\f[]
224 command mobilizes a persistent broadcast mode association.
232 messages to a client population at the
233 \f\*[I-Font]address\f[]
235 local network(s) or a multicast address assigned to NTP.
242 specification applies only to the local server operating as a
243 sender; for operation as a broadcast client, see the
244 \f\*[B-Font]broadcastclient\f[]
246 \f\*[B-Font]multicastclient\f[]
250 .NOP \f\*[B-Font]manycastclient\f[]
251 For type m addresses (only), this command mobilizes a
254 In this case a specific address must be supplied which
256 \f\*[B-Font]manycastserver\f[]
262 these messages and causing a possibly massive implosion of replies
265 \f\*[B-Font]manycastserver\f[]
270 client broadcasts a request message to the group address associated
272 \f\*[I-Font]address\f[]
277 \f\*[B-Font]server\f[]
287 .NOP \f\*[B-Font]autokey\f[]
291 \fIAuthentication\f[] \fIOptions\f[].
293 .NOP \f\*[B-Font]burst\f[]
294 when the server is reachable, send a burst of six packets
297 \f\*[B-Font]server\f[]
300 .NOP \f\*[B-Font]iburst\f[]
301 When the server is unreachable, send a burst of eight packets
306 \f\*[B-Font]server\f[]
308 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
310 \f\*[B-Font]\-q\f[]
313 .NOP \f\*[B-Font]key\f[] \f\*[I-Font]key\f[]
316 \f\*[I-Font]key\f[]
321 .NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]
323 .NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]
325 for NTP messages, as a power of 2 in seconds
328 \f\*[B-Font]maxpoll\f[]
333 \f\*[B-Font]minpoll\f[]
334 option to a lower limit of 4 (16 s).
336 .NOP \f\*[B-Font]noselect\f[]
340 .NOP \f\*[B-Font]preempt\f[]
343 .NOP \f\*[B-Font]prefer\f[]
346 this host will be chosen for synchronization among a set of
353 \fI/usr/share/doc/ntp\f[])
356 .NOP \f\*[B-Font]true\f[]
357 Marks the server as a truechimer,
360 \fIonly\f[]
363 .NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]
366 It specifies the time-to-live
367 \f\*[I-Font]ttl\f[]
370 \f\*[I-Font]ttl\f[]
374 127, is something of a black art and should be coordinated with the
377 .NOP \f\*[B-Font]version\f[] \f\*[I-Font]version\f[]
380 Versions 1-4 are the choices, with version 4 the
383 .NOP \f\*[B-Font]xleave\f[]
385 \f\*[B-Font]peer\f[]
387 \f\*[B-Font]broadcast\f[]
390 .NOP \f\*[B-Font]xmtnonce\f[]
392 \f\*[B-Font]server\f[]
394 \f\*[B-Font]pool\f[]
395 modes, this flag puts a random number in the packet's transmit timestamp.
399 .NOP \f\*[B-Font]broadcastclient\f[]
402 Upon receiving a message for
404 propagation delay using a brief client/server exchange with the
409 server and client should operate using symmetric-key or public-key
411 \fIAuthentication\f[] \fIOptions\f[].
413 .NOP \f\*[B-Font]manycastserver\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
419 taken to limit the span of the reply and avoid a possibly massive
423 and client should operate using symmetric-key or public-key
425 \fIAuthentication\f[] \fIOptions\f[].
427 .NOP \f\*[B-Font]multicastclient\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
431 a message for the first time, the multicast client measures the
432 nominal server propagation delay using a brief client/server
437 both the server and client should operate using symmetric-key or
438 public-key authentication as described in
439 \fIAuthentication\f[] \fIOptions\f[].
441 .NOP \f\*[B-Font]mdnstries\f[] \f\*[I-Font]number\f[]
447 \f\*[B-Font]mdnstries\f[]
450 \f\*[B-Font]ntpd\f[]
453 \f\*[B-Font]mdnstries\f[]
461 specification RFC-1305 defines a scheme which provides
466 DES-CBC.
468 5 (MD5) algorithm using a private key, commonly called keyed-MD5.
469 Either algorithm computes a message digest, or one-way hash, which
476 cryptography and, in addition, provides a new Autokey scheme
480 on a private value which is generated by each server and
503 \f\*[B-Font]key\f[]
505 \f\*[B-Font]autokey\f[]
507 \f\*[B-Font]peer\f[],
508 \f\*[B-Font]server\f[],
509 \f\*[B-Font]broadcast\f[]
511 \f\*[B-Font]manycastclient\f[]
513 \fIConfiguration\f[] \fIOptions\f[]
525 If a NTP packet arrives
526 including a message authentication
536 Furthermore, the Autokey scheme requires a
544 \f\*[B-Font]auth\f[]
548 \f\*[B-Font]enable\f[]
550 \f\*[B-Font]disable\f[]
552 configuration commands sent by a
553 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
566 \f\*[B-Font]auth\f[]
567 flag disabled invites a significant vulnerability
568 where a rogue hacker can
569 masquerade as a falseticker and seriously
574 a new association in response to new broadcast
585 \fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
603 \f[C]http://www.ntp.org/\f[].
604 .SS Symmetric-Key Cryptography
605 The original RFC-1305 specification allows any one of possibly
606 65,535 keys, each distinguished by a 32-bit key identifier, to
612 related information are specified in a key
614 \fIntp.keys\f[],
620 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
622 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
628 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
630 \f\*[B-Font]keys\f[]
635 \f\*[B-Font]trusted\f[]
642 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[].
643 This also provides a revocation capability that can be used
644 if a key becomes compromised.
646 \f\*[B-Font]requestkey\f[]
648 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
650 \f\*[B-Font]controlkey\f[]
652 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
656 described in RFC-1305 and in addition the Autokey protocol,
683 Most modes use a special cookie which can be
686 All modes use in addition a variant of the S-KEY scheme,
687 in which a pseudo-random key list is generated and used
691 \fIAutonomous\f[] \fIAuthentication\f[]
697 and clients is determined by a set of files
699 \fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[]
701 This includes a required host key file,
709 by a specific string such as
710 \f\*[B-Font]md5WithRSAEncryption\f[],
722 in the group be able to construct a certificate trail to one
730 a trail to at least one trusted host.
746 \fCgethostname\f[]\fR(2)\f[]
768 A specific combination of authentication scheme (none,
770 a cryptotype, although not all combinations are compatible.
773 A secure NTPv4 subnet can be configured in many ways while
784 later when a message of appropriate cryptotype arrives.
785 When mobilized by a
786 \f\*[B-Font]server\f[]
788 \f\*[B-Font]peer\f[]
790 \f\*[B-Font]key\f[]
792 \f\*[B-Font]autokey\f[]
795 \f\*[B-Font]key\f[]
798 \f\*[B-Font]autokey\f[]
811 and select a common scheme.
815 Following the principle that time is a public value,
816 a server responds to any client packet that matches
818 Thus, a server receiving
820 packet, while the same server receiving a packet of a cryptotype
824 mobilized unless the server supports a cryptotype compatible
827 unless overridden in a decidedly dangerous way.
833 Server Bob has both a symmetric key file and minimal Autokey files.
836 Cathy has a copy of Bob's symmetric
840 same key and the message is verified, Bob sends Cathy a reply
843 Bob sends Cathy a thing called a crypto-NAK, which tells her
846 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
870 incorporated as a set of files generated by the
871 \fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[]
880 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
882 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
900 a subject key identifier or a issuer key identifier field;
901 however, an extended key usage field for a trusted host must
903 \f\*[B-Font]trustRoot\f[];.
907 .NOP \f\*[B-Font]autokey\f[] [\f\*[I-Font]logsec\f[]]
914 For poll intervals above the specified interval, a session key list
915 with a single entry will be regenerated for every message
918 .NOP \f\*[B-Font]controlkey\f[] \f\*[I-Font]key\f[]
920 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
922 protocol defined in RFC-1305.
924 \f\*[I-Font]key\f[]
926 the key identifier for a trusted key, where the value can be in the
929 .NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
938 location of a file is relative to the keys directory specified
940 \f\*[B-Font]keysdir\f[]
942 \fI/usr/local/etc\f[].
946 .NOP \f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]
949 \fIntpkey_cert_\f[]\f\*[I-Font]hostname\f[]
952 .NOP \f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]
956 \fIntpkey_gq_\f[]\f\*[I-Font]hostname\f[]
959 .NOP \f\*[B-Font]host\f[] \f\*[I-Font]file\f[]
963 \fIntpkey_key_\f[]\f\*[I-Font]hostname\f[]
966 .NOP \f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]
969 \fIntpkey_iff_\f[]\f\*[I-Font]hostname\f[]
972 .NOP \f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]
975 \fIntpkey_leap\f[]
978 .NOP \f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]
981 \fIntpkey_mv_\f[]\f\*[I-Font]hostname\f[]
984 .NOP \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]
990 .NOP \f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]
996 .NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[]
999 \fCntpd\f[]\fR(1ntpdmdoc)\f[],
1000 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1002 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1005 \f\*[B-Font]\-k\f[]
1008 .NOP \f\*[B-Font]keysdir\f[] \f\*[I-Font]path\f[]
1012 \fI/usr/local/etc/\f[].
1014 .NOP \f\*[B-Font]requestkey\f[] \f\*[I-Font]key\f[]
1016 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1017 utility program, which uses a
1019 \fCntpd\f[]\fR(1ntpdmdoc)\f[].
1021 \f\*[I-Font]key\f[]
1022 argument is a key identifier
1026 .NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
1027 Specifies the interval between re-randomization of certain
1028 cryptographic values used by the Autokey scheme, as a power of 2 in
1031 deflect brute-force attacks on the algorithms of the scheme;
1032 however, updating some values is a relatively expensive operation.
1038 .NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]key\f[] \f\*[I-Font]...\f[]
1042 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1044 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1051 \f\*[I-Font]key\f[]
1052 arguments are 32-bit unsigned
1066 This could be due to a replay or a server clock time step.
1071 This could be due to a replay or a key file generation error.
1092 It could be bogus or signed by a
1121 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1122 includes a comprehensive monitoring facility suitable
1126 \f\*[B-Font]statistics\f[]
1128 for a listing and example of each type of statistics currently
1132 \fI./scripts\f[]
1137 \fCcron\f[]\fR(8)\f[]
1142 .NOP \f\*[B-Font]statistics\f[] \f\*[I-Font]name\f[] \f\*[I-Font]...\f[]
1145 \f\*[I-Font]name\f[]
1149 .NOP \f\*[B-Font]clockstats\f[]
1152 received from a clock driver appends a line of the following form to
1154 \f\*[B-Font]clockstats\f[]:
1159 .in -4
1167 clock address in dotted-quad notation.
1171 In some clock drivers a good deal of additional information
1176 .NOP \f\*[B-Font]cryptostats\f[]
1180 Each message received by the protocol module appends a line of the
1182 \f\*[B-Font]cryptostats\f[]:
1187 .in -4
1195 address in dotted-quad notation, The final message field includes the
1198 \fIAuthentication\f[] \fIOptions\f[]
1201 .NOP \f\*[B-Font]loopstats\f[]
1204 update of the local clock outputs a line of the following form to
1206 \f\*[B-Font]loopstats\f[]:
1211 .in -4
1219 show time offset (seconds), frequency offset (parts per million \-
1223 .NOP \f\*[B-Font]peerstats\f[]
1226 statistics records of all peers of a NTP server and of special
1228 Each valid update appends a
1229 line of the following form to the current element of a file
1231 \f\*[B-Font]peerstats\f[]:
1235 48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
1236 .in -4
1244 show the peer address in dotted-quad notation and status,
1247 described in Appendix A of the NTP specification RFC 1305.
1251 .NOP \f\*[B-Font]rawstats\f[]
1252 Enables recording of raw-timestamp statistics information.
1254 includes statistics records of all peers of a NTP server and of
1257 received from a peer or clock driver appends a line of the
1259 \f\*[B-Font]rawstats\f[]:
1264 .in -4
1273 in dotted-quad notation.
1280 .NOP \f\*[B-Font]sysstats\f[]
1281 Enables recording of ntpd statistics counters on a periodic basis.
1283 hour a line of the following form is appended to the file generation
1285 \f\*[B-Font]sysstats\f[]:
1290 .in -4
1302 .NOP Time since restart \f\*[B-Font]36000\f[]
1305 .NOP Packets received \f\*[B-Font]81965\f[]
1308 .NOP Packets processed \f\*[B-Font]0\f[]
1311 .NOP Current version \f\*[B-Font]9546\f[]
1314 .NOP Previous version \f\*[B-Font]56\f[]
1317 .NOP Bad version \f\*[B-Font]71793\f[]
1320 .NOP Access denied \f\*[B-Font]512\f[]
1323 .NOP Bad length or format \f\*[B-Font]540\f[]
1326 .NOP Bad authentication \f\*[B-Font]10\f[]
1329 .NOP Rate exceeded \f\*[B-Font]147\f[]
1333 .NOP \f\*[B-Font]statsdir\f[] \f\*[I-Font]directory_path\f[]
1334 Indicates the full path of a directory where statistics files
1338 \f\*[B-Font]filegen\f[]
1342 .NOP \f\*[B-Font]filegen\f[] \f\*[I-Font]name\f[] [\f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]] [\f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]] [\f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]] [\f\*[B-Font]enable\f[] | \f\*[B-Font]disable\f[]]
1345 file sets provide a means for handling files that are
1346 continuously growing during the lifetime of a server.
1347 Server statistics are a typical example for such files.
1348 Generation file sets provide access to a set of files used
1353 when and how data will be directed to a new element of the set.
1354 This way, information stored in elements of a file set
1363 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1364 program running at a remote location.
1367 .NOP \f\*[B-Font]name\f[]
1369 \f\*[B-Font]statistics\f[]
1372 .NOP \f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]
1376 \f\*[B-Font]prefix\f[],
1377 \f\*[B-Font]filename\f[]
1379 \f\*[B-Font]suffix\f[]:
1382 .NOP \f\*[B-Font]prefix\f[]
1383 This is a constant filename path.
1386 \f\*[I-Font]filegen\f[]
1389 server, usually specified as a compile-time constant.
1394 \f\*[I-Font]loopstats\f[]
1396 \f\*[I-Font]peerstats\f[]
1398 \f\*[I-Font]statsdir\f[]
1401 .NOP \f\*[B-Font]filename\f[]
1407 \f\*[I-Font]filegen\f[]
1410 \fI..\f[]
1414 \f\*[I-Font]prefix\f[].
1416 .NOP \f\*[B-Font]suffix\f[]
1417 This part is reflects individual elements of a file set.
1419 generated according to the type of a file set.
1422 .NOP \f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]
1423 A file generation set is characterized by its type.
1428 .NOP \f\*[B-Font]none\f[]
1429 The file set is actually a single plain file.
1431 .NOP \f\*[B-Font]pid\f[]
1432 One element of file set is used per incarnation of a ntpd
1437 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1439 The set member filename is built by appending a
1442 \f\*[I-Font]prefix\f[]
1444 \f\*[I-Font]filename\f[]
1447 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1450 .NOP \f\*[B-Font]day\f[]
1452 A day is
1455 member suffix consists of a
1457 and a day specification in
1459 \f\*[B-Font]YYYYMMdd\f[].
1460 \f\*[B-Font]YYYY\f[]
1461 is a 4-digit year number (e.g., 1992).
1462 \f\*[B-Font]MM\f[]
1463 is a two digit month number.
1464 \f\*[B-Font]dd\f[]
1465 is a two digit day number.
1467 in a file named
1468 \f\*[I-Font]prefix\f[]
1469 \f\*[I-Font]filename\f[].19921210.
1471 .NOP \f\*[B-Font]week\f[]
1472 Any file set member contains data related to a certain week of
1473 a year.
1474 The term week is defined by computing day-of-year
1476 Elements of such a file generation set are
1478 filename base: A dot, a 4-digit year number, the letter
1479 \f\*[B-Font]W\f[],
1480 and a 2-digit week number.
1482 10th 1992 would end up in a file with suffix
1483 .NOP. \f\*[I-Font]1992W1\f[].
1485 .NOP \f\*[B-Font]month\f[]
1488 file name suffix consists of a dot, a 4-digit year number, and
1489 a 2-digit month.
1491 .NOP \f\*[B-Font]year\f[]
1494 suffix consists of a dot and a 4 digit year number.
1496 .NOP \f\*[B-Font]age\f[]
1497 This type of file generation sets changes to a new element of
1500 suffix consists of a dot, the letter
1501 \f\*[B-Font]a\f[],
1502 and an 8-digit number.
1504 running at the start of the corresponding 24-hour period.
1505 Information is only written to a file generation by specifying
1506 \f\*[B-Font]enable\f[];
1508 \f\*[B-Font]disable\f[].
1511 .NOP \f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]
1512 It is convenient to be able to access the current element of a file
1513 generation set by a fixed name.
1516 \f\*[B-Font]link\f[]
1518 \f\*[B-Font]nolink\f[].
1519 If link is specified, a
1520 hard link from the current file set element to a file without
1522 When there is already a file with this name and
1523 the number of links of this file is one, it is renamed appending a
1525 \f\*[B-Font]C\f[],
1527 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1532 allows the current file to be accessed by a constant name.
1534 .NOP \f\*[B-Font]enable\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]disable\f[]
1541 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
1542 daemon implements a general purpose address/mask based restriction
1546 A match occurs when the bitwise AND of the mask and the packet
1553 "Notes on Configuring NTP and Setting up a NTP Subnet"
1557 \fI/usr/share/doc/ntp\f[]).
1571 by a determined cracker.
1577 \f\*[B-Font]restrict\f[]
1587 for a timed period and others cause the denied service for
1589 When a client or network is denied access
1592 .SS The Kiss-of-Death Packet
1595 Sometimes a
1596 more proactive response is needed, such as a server message that
1597 explicitly requests the client to stop sending and leave a message
1599 A special packet format has been created
1600 for this purpose called the "kiss-of-death" (KoD) packet.
1602 to zero and the reference identifier field set to a four-byte
1605 \f\*[B-Font]noserve\f[]
1607 \f\*[B-Font]notrust\f[]
1610 \f\*[B-Font]limited\f[]
1613 Finally, if a cryptographic violation occurs, the code is "CRYP".
1617 A client receiving a KoD performs a set of sanity checks to
1621 a message to the log.
1631 .NOP \f\*[B-Font]discard\f[] [\f\*[B-Font]average\f[] \f\*[I-Font]avg\f[]] [\f\*[B-Font]minimum\f[] \f\*[I-Font]min\f[]] [\f\*[B-Font]monitor\f[] \f\*[I-Font]prob\f[]]
1633 \f\*[B-Font]limited\f[]
1637 \f\*[B-Font]average\f[]
1640 \f\*[B-Font]minimum\f[]
1644 and a kiss-o'-death packet returned if enabled.
1646 \f\*[B-Font]monitor\f[]
1653 \f\*[B-Font]monitor\f[]
1655 in the MRU list represents a request 300 seconds ago,
1661 .NOP \f\*[B-Font]restrict\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
1663 \f\*[I-Font]address\f[]
1665 numeric form is the address of a host or network.
1667 \f\*[I-Font]address\f[]
1668 argument can be a valid hostname. When a hostname
1669 is provided, a restriction entry is created for each
1671 \f\*[I-Font]mask\f[]
1675 \f\*[I-Font]mask\f[]
1678 \f\*[I-Font]address\f[]
1680 A default entry with address and mask all zeroes
1683 \f\*[B-Font]default\f[],
1687 \f\*[B-Font]ippeerlimit\f[]
1689 \f\*[I-Font]int\f[],
1690 where a value of \-1 means "unlimited", the current default.
1691 A value of 0 means "none".
1693 but if the remote peering requests are behind a proxy
1696 \f\*[B-Font]flag\f[]
1705 restrict informational queries and attempts to do run-time
1711 .NOP \f\*[B-Font]ignore\f[]
1713 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1715 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1718 .NOP \f\*[B-Font]kod\f[]
1719 If this flag is set when a rate violation occurs, a kiss-o'-death
1723 \f\*[B-Font]discard\f[] \f\*[B-Font]average\f[]
1726 .NOP \f\*[B-Font]limited\f[]
1729 \f\*[B-Font]discard\f[]
1731 A history of clients is kept using the
1733 \fCntpd\f[]\fR(1ntpdmdoc)\f[].
1735 long as there is a restriction entry with the
1736 \f\*[B-Font]limited\f[]
1739 .NOP \f\*[B-Font]lowpriotrap\f[]
1742 number of traps a server can maintain is limited (the current limit
1744 Traps are usually assigned on a first come, first served
1750 .NOP \f\*[B-Font]noepeer\f[]
1753 Note that the ability to use a symmetric key for authentication may be restricted to
1755 \fIntp.keys\f[]
1760 \f\*[B-Font]noepeer\f[]
1761 to become the default in ntp-4.4.
1763 .NOP \f\*[B-Font]nomodify\f[]
1765 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1767 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1773 .NOP \f\*[B-Font]noquery\f[]
1775 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1777 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1781 .NOP \f\*[B-Font]nopeer\f[]
1782 Deny unauthenticated packets which would result in mobilizing a new association.
1785 when a configured association does not exist.
1787 \f\*[B-Font]pool\f[]
1788 associations, so if you want to use servers from a
1789 \f\*[B-Font]pool\f[]
1791 \f\*[B-Font]nopeer\f[]
1792 by default, you'll want a
1793 \f\*[B-Font]restrict source ...\f[]
1795 \fInot\f[]
1797 \f\*[B-Font]nopeer\f[]
1800 .NOP \f\*[B-Font]noserve\f[]
1802 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1804 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
1807 .NOP \f\*[B-Font]notrap\f[]
1810 The trap service is a subsystem of the
1811 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1815 .NOP \f\*[B-Font]notrust\f[]
1818 .NOP \f\*[B-Font]ntpport\f[]
1819 This is actually a match algorithm modifier, rather than a
1826 \f\*[B-Font]ntpport\f[]
1829 \f\*[B-Font]ntpport\f[]
1833 .NOP \f\*[B-Font]serverresponse fuzz\f[]
1836 \f\*[B-Font]reftime\f[].
1838 .NOP \f\*[B-Font]version\f[]
1848 \f\*[B-Font]manycastclient\f[]
1850 \f\*[B-Font]manycast\f[]
1852 A default entry is also always present, though if it is
1857 .NOP \f\*[B-Font]delrestrict\f[] [source] \f\*[I-Font]address\f[]
1858 Remove a previously-set restriction. This is useful for
1860 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
1862 \f\*[B-Font]source\f[]
1863 is specified, a dynamic restriction created from the
1864 \f\*[B-Font]restrict\f[] \f\*[B-Font]source\f[]
1867 \f\*[B-Font]source\f[]
1868 a static restriction is removed.
1872 Manycasting is a automatic discovery and configuration paradigm
1874 It is intended as a means for a multicast client
1887 with the anycast paradigm described in RFC-1546,
1888 which is designed to find a single server from a clique
1890 The manycast paradigm is designed to find a plurality
1903 \f[C]http://www.openssl.org/\f[].
1909 A persistent manycast client association is configured
1911 \f\*[B-Font]manycastclient\f[]
1913 \f\*[B-Font]server\f[]
1914 command but with a multicast (IPv4 class
1915 \f\*[B-Font]D\f[]
1917 \f\*[B-Font]FF\f[])
1923 and minimum feasible time-to-live (TTL) hops, depending
1926 as different group address, each one serving as a template
1927 for a future ephemeral unicast client/server association.
1932 \f\*[B-Font]manycastserver\f[]
1938 If a manycast server is
1940 to a valid source and operating at a stratum level equal
1957 in a volley of eight client/server at 2-s intervals
1972 and the effects of implosion due to near-simultaneous
1975 \f\*[B-Font]manycastclient\f[],
1976 \f\*[B-Font]tos\f[]
1978 \f\*[B-Font]ttl\f[]
1983 \f\*[B-Font]minpoll\f[]
1985 \f\*[B-Font]manycastclient\f[],
1987 \f\*[B-Font]maxpolll\f[]
1991 \f\*[B-Font]ttl\f[]
1994 the maximum hops specified by this command or a sufficient
2003 \f\*[B-Font]minclock\f[]
2005 \f\*[B-Font]minsane\f[]
2007 \f\*[B-Font]tos\f[]
2010 \f\*[B-Font]minsane\f[]
2013 \f\*[B-Font]minclock\f[]
2016 candidates in order to correctly discard a single falseticker.
2018 \f\*[B-Font]minsane\f[]
2020 \f\*[B-Font]minclock\f[]
2023 \f\*[B-Font]minsane\f[]
2030 \f\*[B-Font]minclock\f[]
2033 \f\*[B-Font]maxpoll\f[].
2035 \f\*[B-Font]minclock\f[]
2041 \f\*[B-Font]maxpoll\f[].
2055 \f\*[B-Font]ttl\f[]
2072 \f\*[B-Font]tos\f[]
2075 \f\*[B-Font]floor\f[]
2077 \f\*[B-Font]ceiling\f[]
2079 \f\*[B-Font]tos\f[]
2084 \f\*[B-Font]minclock\f[].
2092 since that would result in a duplicate association.
2093 If during a poll interval the number of client associations
2095 \f\*[B-Font]minclock\f[],
2105 \f\*[B-Font]maxpoll\f[]
2110 It is possible and frequently useful to configure a host
2112 A number of hosts configured this way and sharing a common
2117 subnet of two primary servers and a hundred or more
2121 \f\*[B-Font]multicastclient\f[]
2123 \f\*[B-Font]multicastserver\f[]
2128 reference source such as a GPS receiver.
2134 \f\*[B-Font]tos\f[]
2139 \f\*[B-Font]floor\f[]
2150 since these operate at a higher stratum.
2154 it will continue to operate as a client and other clients
2156 re-associate accordingly.
2161 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2163 \fCsntp\f[]\fR(1sntpmdoc)\f[]
2165 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2166 \f\*[B-Font]\-q\f[]
2167 as a cron job.
2171 A really slick
2173 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2174 \f\*[B-Font]\-q\f[].
2182 Each time a manycast client sends a client mode packet
2183 to a multicast group address, all manycast servers
2184 in scope generate a reply including the host name
2205 If a new certificate has been generated since
2215 .NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]bcpollbstep\f[] \f\*[I-Font]gate\f[]]
2216 This command provides a way to delay,
2218 believing backward time steps from a broadcast server.
2220 In the event a broadcast server's time is stepped backwards,
2224 and even though there are a number of protections built in to
2225 broadcast mode, attempts to perform a replay attack are possible.
2231 .NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
2241 .NOP \f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[]
2243 \f\*[B-Font]ceiling\f[]
2245 \f\*[B-Font]minclock\f[]
2250 .NOP \f\*[B-Font]cohort\f[] {0 | 1 }
2251 This is a binary flag which enables (0) or disables (1)
2259 .NOP \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[]
2261 \f\*[B-Font]floor\f[]
2263 \f\*[B-Font]minclock\f[]
2268 .NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
2271 \f\*[B-Font]minclock\f[]
2277 .NOP \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]
2287 \f\*[B-Font]minsane\f[]
2289 a single falseticker.
2292 .NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
2293 This command specifies a list of TTL values in increasing
2296 in an expanding-ring search.
2302 satellite and modem reference clocks plus a special pseudo-clock
2310 \fI/usr/share/doc/ntp\f[]).
2315 "How To Write a Reference Clock Driver"
2319 \fI/usr/share/doc/ntp\f[]).
2320 In addition, support for a PPS
2322 "Pulse-per-second (PPS) Signal Interfacing"
2326 \fI/usr/share/doc/ntp\f[]).
2336 \fI/usr/share/doc/ntp\f[]).
2340 A reference clock will generally (though not always) be a radio
2341 timecode receiver which is synchronized to a source of standard
2345 receiver is device dependent, but is usually a serial port.
2346 A
2351 configure a reference clock when the driver has not been compiled
2353 in a scalding remark to the system log file, but is otherwise non
2359 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2361 reference clocks in a manner analogous to normal NTP peers as much
2363 Reference clocks are identified by a syntactically
2367 \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[],
2369 \f\*[I-Font]t\f[]
2372 \f\*[I-Font]u\f[]
2374 number in the range 0-3.
2382 \f\*[B-Font]server\f[]
2383 command is used to configure a reference
2385 \f\*[I-Font]address\f[]
2389 \f\*[B-Font]key\f[],
2390 \f\*[B-Font]version\f[]
2392 \f\*[B-Font]ttl\f[]
2395 \f\*[B-Font]mode\f[]
2399 \f\*[B-Font]prefer\f[]
2401 persuade the server to cherish a reference clock with somewhat more
2408 \fI/usr/share/doc/ntp\f[])
2411 \f\*[B-Font]minpoll\f[]
2413 \f\*[B-Font]maxpoll\f[]
2422 \f\*[B-Font]fudge\f[]
2426 \f\*[B-Font]server\f[]
2429 \f\*[I-Font]address\f[]
2432 \f\*[B-Font]refid\f[]
2434 \f\*[B-Font]stratum\f[]
2438 device-dependent time offsets and four flags that can be included
2440 \f\*[B-Font]fudge\f[]
2445 The stratum number of a reference clock is by default zero.
2447 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2449 peer, a primary server ordinarily displays an external stratum of
2454 \f\*[B-Font]stratum\f[]
2457 involving both a reference clock and a pulse-per-second (PPS)
2461 \f\*[B-Font]refid\f[]
2467 .NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
2473 .NOP \f\*[B-Font]prefer\f[]
2476 equal, this host will be chosen for synchronization among a set of
2483 \fI/usr/share/doc/ntp\f[])
2486 .NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
2487 Specifies a mode number which is interpreted in a
2488 device-specific fashion.
2489 For instance, it selects a dialing
2490 protocol in the ACTS driver and a device subtype in the
2494 .NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]
2496 .NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]
2498 for reference clock messages, as a power of 2 in seconds
2501 \f\*[B-Font]minpoll\f[]
2503 \f\*[B-Font]maxpoll\f[]
2506 \f\*[B-Font]minpoll\f[]
2508 \f\*[B-Font]maxpoll\f[]
2513 .NOP \f\*[B-Font]fudge\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]time2\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]]
2517 \f\*[B-Font]server\f[]
2521 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
2527 .NOP \f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]
2528 Specifies a constant to be added to the time offset produced by
2529 the driver, a fixed-point decimal number in seconds.
2531 as a calibration constant to adjust the nominal time offset of a
2532 particular clock to agree with an external standard, such as a
2534 It also provides a way to correct a
2540 Where a calibration
2544 radio clock or PPS signal is supported, a special calibration
2547 \f\*[B-Font]enable\f[]
2549 \fIMiscellaneous\f[] \fIOptions\f[]
2555 \fI/usr/share/doc/ntp\f[]).
2557 .NOP \f\*[B-Font]time2\f[] \f\*[I-Font]secs\f[]
2558 Specifies a fixed-point decimal number in seconds, which is
2559 interpreted in a driver-dependent way.
2566 \fI/usr/share/doc/ntp\f[] \fI).\f[]
2568 .NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]
2574 .NOP \f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]
2581 .NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
2582 Specifies a mode number which is interpreted in a
2583 device-specific fashion.
2584 For instance, it selects a dialing
2585 protocol in the ACTS driver and a device subtype in the
2589 .NOP \f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
2591 .NOP \f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
2593 .NOP \f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
2595 .NOP \f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
2599 is a function of the particular clock driver.
2602 \f\*[B-Font]flag4\f[]
2605 \f\*[B-Font]clockstats\f[]
2607 \f\*[B-Font]filegen\f[]
2610 \f\*[B-Font]filegen\f[]
2612 \fIMonitoring\f[] \fIOptions\f[].
2617 .NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
2618 The broadcast and multicast modes require a special calibration
2628 Typically (for Ethernet), a
2633 .NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[]
2638 \f\*[B-Font]\-f\f[]
2651 The file format consists of a single line containing a single
2653 in parts-per-million (PPM).
2655 the current drift value into a temporary file and then renaming
2658 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2663 .NOP \f\*[B-Font]dscp\f[] \f\*[I-Font]value\f[]
2665 a 6-bit code.
2668 .NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]peer_clear_digest_early\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
2670 .NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]peer_clear_digest_early\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
2671 Provides a way to enable or disable various server options.
2675 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
2679 .NOP \f\*[B-Font]auth\f[]
2684 \f\*[B-Font]enable\f[].
2686 .NOP \f\*[B-Font]bclient\f[]
2687 Enables the server to listen for a message from a broadcast or
2689 \f\*[B-Font]multicastclient\f[]
2693 \f\*[B-Font]disable\f[].
2695 .NOP \f\*[B-Font]calibrate\f[]
2699 \f\*[B-Font]disable\f[].
2701 .NOP \f\*[B-Font]kernel\f[]
2705 \f\*[B-Font]enable\f[]
2707 \f\*[B-Font]disable\f[].
2709 .NOP \f\*[B-Font]mode7\f[]
2710 Enables processing of NTP mode 7 implementation-specific requests
2712 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
2716 \fCntpq\f[]\fR(1ntpqmdoc)\f[].
2718 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
2720 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
2723 .NOP \f\*[B-Font]monitor\f[]
2726 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
2729 \f\*[B-Font]monlist\f[]
2733 \f\*[B-Font]enable\f[].
2735 .NOP \f\*[B-Font]ntp\f[]
2741 \f\*[B-Font]enable\f[].
2743 .NOP \f\*[B-Font]peer_clear_digest_early\f[]
2745 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2747 receives a crypto-NAK packet that
2750 While this is generally a feature
2751 as it allows for quick recovery if a server key has changed,
2752 a properly forged and appropriately delivered crypto-NAK packet
2753 can be used in a DoS attack.
2758 \f\*[B-Font]peerstats\f[]
2762 \f\*[B-Font]enable\f[].
2764 .NOP \f\*[B-Font]stats\f[]
2767 \fIMonitoring\f[] \fIOptions\f[]
2770 \f\*[B-Font]disable\f[].
2772 .NOP \f\*[B-Font]unpeer_crypto_early\f[]
2774 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2776 a crypto failure,
2778 This is almost certainly a feature,
2789 \f\*[B-Font]peerstats\f[]
2793 \f\*[B-Font]enable\f[].
2795 .NOP \f\*[B-Font]unpeer_crypto_nak_early\f[]
2797 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2798 receives a crypto-NAK packet that
2801 While this is generally a feature
2802 as it allows for quick recovery if a server key has changed,
2803 a properly forged and appropriately delivered crypto-NAK packet
2804 can be used in a DoS attack.
2809 \f\*[B-Font]peerstats\f[]
2813 \f\*[B-Font]enable\f[].
2815 .NOP \f\*[B-Font]unpeer_digest_early\f[]
2817 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2822 While this is generally a feature
2825 during an appropriate window it can be used for a DoS attack.
2830 \f\*[B-Font]peerstats\f[]
2834 \f\*[B-Font]enable\f[].
2837 .NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
2839 to be included from a separate file.
2841 be nested to a depth of five; upon reaching the end of any
2845 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2846 on multiple hosts, with (mostly) common options (e.g., a
2849 .NOP \f\*[B-Font]interface\f[] [\f\*[B-Font]listen\f[] | \f\*[B-Font]ignore\f[] | \f\*[B-Font]drop\f[]] [\f\*[B-Font]all\f[] | \f\*[B-Font]ipv4\f[] | \f\*[B-Font]ipv6\f[] | \f\*[B-Font]wildcard\f[] \f\*[I-Font]name\f[] | \f\*[I-Font]address\f[] [\f\*[B-Font]/\f[] \f\*[I-Font]prefixlen\f[]]]
2851 \f\*[B-Font]interface\f[]
2853 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2857 The second parameter specifies a class of addresses,
2858 or a specific interface name,
2861 \f\*[I-Font]prefixlen\f[]
2863 \f\*[B-Font]ignore\f[]
2865 \f\*[B-Font]drop\f[]
2867 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2870 \f\*[B-Font]interface\f[]
2872 The last rule which matches a particular address determines the action for it.
2873 \f\*[B-Font]interface\f[]
2875 \f\*[B-Font]\-I\f[],
2876 \f\*[B-Font]\-\-interface\f[],
2877 \f\*[B-Font]\-L\f[],
2879 \f\*[B-Font]\-\-novirtualips\f[]
2880 command-line options are specified in the configuration file,
2883 \f\*[B-Font]nic\f[]
2885 \f\*[B-Font]interface\f[].
2887 .NOP \f\*[B-Font]leapfile\f[] \f\*[I-Font]leapfile\f[]
2892 \f[C]https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[]
2894 \f[C]ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[].
2896 \f\*[B-Font]leapfile\f[]
2898 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2900 \f\*[B-Font]leapfile\f[] \f\*[B-Font]directive\f[] \f\*[B-Font]or\f[] \f\*[B-Font]when\f[]
2901 \f\*[B-Font]ntpd\f[] \f\*[B-Font]detects\f[] \f\*[B-Font]that\f[] \f\*[B-Font]the\f[]
2902 \f\*[I-Font]leapfile\f[]
2904 \f\*[B-Font]ntpd\f[]
2905 checks once a day to see if the
2906 \f\*[I-Font]leapfile\f[]
2909 \fCupdate-leap\f[]\fR(1update_leapmdoc)\f[]
2911 \f\*[I-Font]leapfile\f[]
2914 .NOP \f\*[B-Font]leapsmearinterval\f[] \f\*[I-Font]seconds\f[]
2916 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2918 \f\*[B-Font]\--enable-leap-smear\f[]
2920 \f\*[B-Font]configure\f[]
2922 It specifies the interval over which a leap second correction will be applied.
2925 .Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS!
2928 .NOP \f\*[B-Font]logconfig\f[] \f\*[I-Font]configkeyword\f[]
2931 \fCsyslog\f[]\fR(3)\f[]
2933 \f\*[B-Font]logfile\f[]
2937 \f\*[I-Font]configkeyword\f[]
2942 \[oq]\-\[cq],
2946 \fCsyslog\f[]\fR(3)\f[]
2950 \[oq]\-\[cq]
2953 \fCsyslog\f[]\fR(3)\f[]
2956 (\f\*[B-Font]clock\f[], \f\*[B-Font]peer\f[], \f\*[B-Font]sys\f[] and \f\*[B-Font]sync\f[]).
2959 (\f\*[B-Font]info\f[]),
2961 (\f\*[B-Font]events\f[]),
2963 (\f\*[B-Font]statistics\f[])
2966 (\f\*[B-Font]status\f[]).
2973 \f\*[B-Font]all\f[]
2974 prefix can be used instead of a message class.
2975 A
2977 \f\*[B-Font]all\f[]
2980 Thus, a minimal log configuration
2986 .in -4
2992 \fCntpd\f[]\fR(1ntpdmdoc)\f[]
2994 For a simple reference server, the
3000 .in -4
3010 .NOP \f\*[B-Font]logfile\f[] \f\*[I-Font]logfile\f[]
3013 \fCsyslog\f[]\fR(3)\f[]
3016 \f\*[B-Font]\-l\f[]
3019 .NOP \f\*[B-Font]mru\f[] [\f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[] | \f\*[B-Font]initialloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]]
3026 .NOP \f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[]
3028 .NOP \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[]
3031 \f\*[B-Font]incalloc\f[]
3033 \f\*[B-Font]incmem\f[]
3036 \f\*[B-Font]mru\f[]
3038 \f\*[B-Font]maxdepth\f[]
3040 \f\*[B-Font]maxmem\f[] \f\*[B-Font]are\f[] \f\*[B-Font]used,\f[] \f\*[B-Font]the\f[] \f\*[B-Font]last\f[] \f\*[B-Font]one\f[] \f\*[B-Font]used\f[] \f\*[B-Font]controls.\f[]
3043 .NOP \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[]
3046 \f\*[B-Font]mindepth\f[]
3051 .NOP \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[]
3053 \f\*[B-Font]mindepth\f[]
3056 \f\*[B-Font]maxage\f[]
3060 \f\*[B-Font]maxdepth\f[] \f\*[B-Font]/\f[] \f\*[B-Font]moxmem\f[].
3063 .NOP \f\*[B-Font]initalloc\f[] \f\*[I-Font]count\f[]
3065 .NOP \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[]
3070 .NOP \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[]
3072 .NOP \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]
3077 .NOP \f\*[B-Font]nonvolatile\f[] \f\*[I-Font]threshold\f[]
3079 \f\*[I-Font]threshold\f[]
3081 \f\*[B-Font]driftfile\f[]
3082 (frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
3086 \f\*[B-Font]threshold\f[]
3092 .NOP \f\*[B-Font]phone\f[] \f\*[I-Font]dial\f[] \f\*[I-Font]...\f[]
3095 or the JJY driver (type 40, mode 100 \- 180).
3097 a maximum of 10 telephone numbers used to dial USNO, NIST, or European
3099 For the JJY driver (type 40 mode 100 \- 180), the argument is
3104 .NOP \f\*[B-Font]pollskewlist\f[] [\f\*[I-Font]poll\f[] \f\*[I-Font]early\f[] \f\*[I-Font]late\f[]] \f\*[I-Font]...\f[] [\f\*[B-Font]default\f[] \f\*[I-Font]early\f[] \f\*[I-Font]late\f[]]
3106 \f\*[I-Font]poll\f[]
3107 is a number between 3 and 17 inclusive, identifying a specific poll interval.
3108 A poll interval is 2^n seconds in duration,
3109 so a poll value of 3 corresponds to 8 seconds
3111 a poll interval of 17 corresponds to
3112 131,072 seconds, or about a day and a half.
3113 The next two numbers must be between 0 and one-half of the poll interval,
3122 .NOP \f\*[B-Font]reset\f[] [\f\*[B-Font]allpeers\f[]] [\f\*[B-Font]auth\f[]] [\f\*[B-Font]ctl\f[]] [\f\*[B-Font]io\f[]] [\f\*[B-Font]mem\f[]] [\f\*[B-Font]sys\f[]] [\f\*[B-Font]timer\f[]]
3124 \f\*[B-Font]ntpd\f[]
3126 \f\*[B-Font]ntpq\f[]
3128 \f\*[B-Font]ntpdc\f[].
3130 .NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
3133 .NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
3138 \f\*[B-Font]\-i\f[]
3140 The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
3141 -1 means "do not lock the process into memory".
3144 .NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
3146 \fBmlockall\f[]\fR()\f[]
3150 .NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
3155 .NOP \f\*[B-Font]saveconfigdir\f[] \f\*[I-Font]directory_path\f[]
3159 \f\*[B-Font]saveconfig\f[]
3162 \f\*[B-Font]saveconfigdir\f[]
3164 \f\*[B-Font]saveconfig\f[]
3166 \f\*[B-Font]ntpd\f[].
3168 .NOP \f\*[B-Font]saveconfig\f[] \f\*[I-Font]filename\f[]
3171 \f\*[B-Font]:config\f[]
3173 \f\*[B-Font]config-from-file\f[]
3175 \f\*[B-Font]ntpd\f[]
3177 \f\*[I-Font]filename\f[]
3179 \f\*[B-Font]saveconfigdir\f[].
3181 \f\*[B-Font]saveconfigdir\f[]
3185 \f\*[I-Font]filename\f[]
3187 \fCstrftime\f[]\fR(3)\f[]
3190 \f\*[B-Font]saveconfig\ ntp-%Y%m%d-%H%M%S.conf\f[].
3192 \f\*[B-Font]savedconfig\f[].
3195 .NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]]
3201 \fIname\f[]\fI=\f[]\f\*[I-Font]value\f[]
3203 \f\*[B-Font]default\f[]
3206 (\fCntpq\f[]\fR(1ntpqmdoc)\f[] \f\*[B-Font]rv\f[] command)).
3213 \f\*[B-Font]setvar\f[]
3218 \fIsys_var_list\f[]
3222 \fIpeer_var_list\f[]
3225 \fIclock_var_list\f[]
3228 .NOP \f\*[B-Font]sysinfo\f[]
3231 .NOP \f\*[B-Font]sysstats\f[]
3234 .NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]step\f[] | \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[] | \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]]
3241 a wide range of network speeds and reliability expectations.
3257 .NOP \f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[]
3259 intercept, which is a parameter of the PLL/FLL clock discipline
3264 .NOP \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[]
3268 .NOP \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[]
3270 parts-per-million.
3274 .NOP \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[]
3276 huff-n'-puff filter span, which determines the most recent interval
3277 the algorithm will search for a minimum delay.
3279 900 s (15 m), but a more reasonable value is 7200 (2 hours).
3284 .NOP \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[]
3287 the panic sanity check is disabled and a clock offset of any value will
3290 .NOP \f\*[B-Font]step\f[] \f\*[I-Font]step\f[]
3300 .NOP \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[]
3312 .NOP \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[]
3315 .NOP \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]
3323 .NOP \f\*[B-Font]writevar\f[] \f\*[I-Font]assocID\ name\f[] \f\*[I-Font]=\f[] \f\*[I-Font]value\f[] \f\*[I-Font][,...]\f[]
3326 \f\*[B-Font]assocID\f[]
3333 \f\*[B-Font]assocID\f[]
3336 .NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
3337 This command configures a trap receiver at the given host
3340 If the port number is unspecified, a value
3343 message is sent with a source address of the local interface the
3345 Note that on a multihomed host the
3348 .NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
3349 This command specifies a list of TTL values in increasing order.
3352 \f\*[B-Font]manycast\f[]
3353 mode these values are used in-turn in an expanding-ring search.
3359 information from the server in a log file.
3361 programs may also request their own trap dynamically, configuring a
3365 .NOP \f\*[B-Font]hop\f[] \f\*[I-Font]...\f[]
3366 This command specifies a list of TTL values in increasing order, up to 8
3369 an expanding-ring search.
3375 .NOP \f\*[B-Font]\-\-help\f[]
3378 .NOP \f\*[B-Font]\-\-more-help\f[]
3379 Pass the extended usage information through a pager.
3381 .NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
3382 Output version of program and exit. The default mode is `v', a simple
3390 \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
3397 .NOP \fI/etc/ntp.conf\f[]
3402 .NOP \fIntp.keys\f[]
3407 .NOP \fIntpkey\f[]
3412 .NOP \fIntpkey_\f[]\f\*[I-Font]host\f[]
3417 .NOP \fIntp_dh\f[]
3418 Diffie-Hellman agreement parameters
3431 it to autogen-users@lists.sourceforge.net. Thank you.
3434 \fCntpd\f[]\fR(1ntpdmdoc)\f[],
3435 \fCntpdc\f[]\fR(1ntpdcmdoc)\f[],
3436 \fCntpq\f[]\fR(1ntpqmdoc)\f[]
3443 \f[C]http://www.ntp.org/\f[].
3444 A snapshot of this documentation is available in HTML format in
3445 \fI/usr/share/doc/ntp\f[].
3454 Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved.
3464 \fIntpkey_\f[]\f\*[I-Font]host\f[]
3478 This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP