Lines Matching +full:power +full:- +full:management +full:- +full:ic +full:- +full:for +full:- +full:system

6 .\"  It has been AutoGen-ed  May 25, 2024 at 12:03:50 AM by AutoGen 5.18.16
8 .\"  and the template file   agmdoc-cmd.tpl
14 .Op Fl \-option\-name
15 .Op Fl \-option\-name Ar value
46 host addresses written in numeric, dotted\-quad form,
62 .Bl -bullet -offset indent
81 .Ic pool ,
82 .Ic server ,
83 .Ic peer ,
84 .Ic broadcast
86 .Ic manycastclient
111 If the Basic Socket Interface Extensions for IPv6 (RFC\-2553)
112 is detected, support for the IPv6 address family is generated
137 See IPv6 references for the
138 equivalent classes for that address family.
139 .Bl -tag -width indent
140 .It Xo Ic pool Ar address
149 .It Xo Ic server Ar address
160 .It Xo Ic peer Ar address
169 .It Xo Ic broadcast Ar address
177 .It Xo Ic manycastclient Ar address
192 either a DNS name or an IP address in dotted\-quad notation.
194 .Qq Association Management
199 .Bl -tag -width indent
200 .It Ic pool
201 For type s addresses, this command mobilizes a persistent
206 .It Ic server
207 For type s and r addresses, this command mobilizes a persistent
215 be used for type
217 .It Ic peer
218 For type s addresses (only), this command mobilizes a
219 persistent symmetric\-active mode association with the specified
227 This command should NOT be used for type
229 .It Ic broadcast
230 For type b and m addresses (only), this
250 sender; for operation as a broadcast client, see the
251 .Ic broadcastclient
253 .Ic multicastclient
256 .It Ic manycastclient
257 For type m addresses (only), this command mobilizes a
258 manycast client mode association for the multicast address
262 .Ic manycastserver
263 command for
271 .Ic manycastserver
283 .Ic server
290 .Bl -tag -width indent
300 .Ic server
308 .Ic server
324 for NTP messages, as a power of 2 in seconds
335 Marks the server as unused, except for display purposes.
342 this host will be chosen for synchronization among a set of
350 for further information.
360 It specifies the time\-to\-live
365 for the expanding ring search with manycast
371 Specifies the version number to be used for outgoing NTP
373 Versions 1\-4 are the choices, with version 4 the
382 Valid only for
389 .Bl -tag -width indent
390 .It Ic broadcastclient
393 Upon receiving a message for
400 server and client should operate using symmetric\-key or public\-key
403 .It Ic manycastserver Ar address ...
413 and client should operate using symmetric\-key or public\-key
416 .It Ic multicastclient Ar address ...
420 a message for the first time, the multicast client measures the
426 both the server and client should operate using symmetric\-key or
427 public\-key authentication as described in
429 .It Ic mdnstries Ar number
431 after we have synched for the first time
432 we attempt to register with the mDNS system.
434 we try again at one minute intervals for up to
435 .Ic mdnstries
438 .Ic ntpd
440 The default value for
441 .Ic mdnstries
449 specification RFC\-1305 defines a scheme which provides
454 DES\-CBC.
456 5 (MD5) algorithm using a private key, commonly called keyed\-MD5.
457 Either algorithm computes a message digest, or one\-way hash, which
469 management functions involve only public values, which
471 Public key management is based on X.509 certificates,
476 While the algorithms for symmetric key cryptography are
480 Directions for doing that
483 Authentication is configured separately for each association
489 .Ic peer ,
490 .Ic server ,
491 .Ic broadcast
493 .Ic manycastclient
526 .Ic enable
528 .Ic disable
544 .Ic auth
548 disrupt system timekeeping.
560 for servers as described in the
570 files for all clients can be identical.
572 The security model and protocol schemes for
578 .Ss Symmetric\-Key Cryptography
579 The original RFC\-1305 specification allows any one of possibly
580 65,535 keys, each distinguished by a 32\-bit key identifier, to
592 for ordinary NTP associations,
593 additional keys can be used as passwords for the
602 .Ic keys
607 .Ic trusted
610 allows, for instance, the installation of possibly
618 .Ic requestkey
619 command selects the key used as the password for the
622 .Ic controlkey
623 command selects the key used as the password for the
628 described in RFC\-1305 and in addition the Autokey protocol,
641 .\" The cryptographic means necessary for all Autokey operations
656 All modes use in addition a variant of the S\-KEY scheme,
657 in which a pseudo\-random key list is generated and used
667 .Xr ntp\-keygen 1ntpkeygenmdoc
679 which stands for the MD5 message digest with RSA
692 for all hosts along the trail to one or more trusted hosts.
711 system call or equivalent in other systems.
712 By the system design
715 for each interface, etc., are constrained in any way.
721 For this reason Autokey
725 For this reason operation
733 There may be management configurations where the clients,
746 .Ic server
748 .Ic peer
750 .Ic key
752 .Ic autokey
755 .Ic key
758 .Ic autokey
797 Bob sends Cathy a thing called a crypto\-NAK, which tells her
816 combinations; for instance, running an identity scheme
818 .Ss Key Management
821 .Xr ntp\-keygen 1ntpkeygenmdoc
829 Note that symmetric keys are necessary for the
834 The remaining files are necessary only for the
849 however, an extended key usage field for a trusted host must
854 .Bl -tag -width indent
855 .It Ic autokey Op Ar logsec
859 list for each association depends on this interval and the current
862 For poll intervals above the specified interval, a session key list
863 with a single entry will be regenerated for every message
865 .It Ic controlkey Ar key
869 protocol defined in RFC\-1305.
873 the key identifier for a trusted key, where the value can be in the
875 .It Xo Ic crypto
896 .Ic keysdir
900 .Bl -tag -width indent
943 .It Ic keys Ar keyfile
954 .It Ic keysdir Ar path
955 This command specifies the default directory path for
959 .It Ic requestkey Ar key
968 for the trusted key, where the value can be in the range 1 to
970 .It Ic revoke Ar logsec
971 Specifies the interval between re\-randomization of certain
972 cryptographic values used by the Autokey scheme, as a power of 2 in
975 deflect brute\-force attacks on the algorithms of the scheme;
978 For poll
980 for every message sent.
981 .It Ic trustedkey Ar key ...
982 Specifies the key identifiers which are trusted for the
990 and remote servers share the same key and key identifier for this
995 arguments are 32\-bit unsigned
1001 .Bl -tag -width indent
1053 for continuous, long term recording of server and client
1056 .Ic statistics
1058 for a listing and example of each type of statistics currently
1069 automatically summarized and archived for retrospective analysis.
1071 .Bl -tag -width indent
1072 .It Ic statistics Ar name ...
1077 .Bl -tag -width indent
1084 .Bd -literal
1091 clock address in dotted\-quad notation.
1098 clock for further details.
1106 .Bd -literal
1113 address in dotted\-quad notation, The final message field includes the
1117 section for further information.
1124 .Bd -literal
1131 show time offset (seconds), frequency offset (parts per million \-
1143 .Bd -literal
1144 48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
1150 show the peer address in dotted\-quad notation and status,
1157 Enables recording of raw\-timestamp statistics information.
1165 .Bd -literal
1173 in dotted\-quad notation.
1185 .Bd -literal
1194 .Bl -tag -width indent
1196 Time in hours since the system was last rebooted.
1208 Number of packets denied access for any reason.
1222 filename prefix to be modified for file generation sets, which
1223 is useful for handling statistics logs.
1232 file sets provide a means for handling files that are
1234 Server statistics are a typical example for such files.
1242 that are currently unused are available for administrational
1244 (Most important: they can be removed to free space for new data
1250 .Bl -tag -width indent
1256 This is the file name for the statistics records.
1263 .Bl -tag -width indent
1271 server, usually specified as a compile\-time constant.
1273 however, be configurable for individual file generation sets
1275 For example, the prefix used with
1305 .Bl -tag -width indent
1337 is a 4\-digit year number (e.g., 1992).
1349 The term week is defined by computing day\-of\-year
1353 filename base: A dot, a 4\-digit year number, the letter
1355 and a 2\-digit week number.
1356 For example, information from January,
1362 file name suffix consists of a dot, a 4\-digit year number, and
1363 a 2\-digit month.
1374 and an 8\-digit number.
1376 running at the start of the corresponding 24\-hour period.
1430 with the access policies for the original NSFnet backbone
1435 be useful for keeping unwanted or broken or malicious clients
1443 .Ic restrict
1452 only for the offending packet, others cause denied service
1453 for a timed period and others cause the denied service for
1456 for an indefinite period, the only way at present to remove
1458 .Ss The Kiss\-of\-Death Packet
1464 for the system operator.
1466 for this purpose called the "kiss\-of\-death" (KoD) packet.
1468 to zero and the reference identifier field set to a four\-byte
1494 .Bl -tag -width indent
1495 .It Xo Ic discard
1512 and a kiss\-o'\-death packet returned if enabled.
1514 .Ic monitor
1521 .Ic monitor
1522 value, default 3000. For example, if the oldest entry
1528 .It Xo Ic restrict
1541 is provided, a restriction entry is created for each
1545 used for each entry.
1560 directive limits the number of peer requests for each IP to
1562 where a value of \-1 means "unlimited", the current default.
1577 restrict informational queries and attempts to do run\-time
1581 .Bl -tag -width indent
1589 If this flag is set when a rate violation occurs, a kiss\-o'\-death
1598 .Ic discard
1616 be overridden by later requests for normal priority traps.
1620 Note that the ability to use a symmetric key for authentication may be restricted to
1628 to become the default in ntp\-4.4.
1675 protocol which is intended for use by remote event logging programs.
1692 .It Ic "serverresponse fuzz"
1701 ntpport, for each of the local host's interface addresses are
1712 .It Xo Ic delrestrict
1716 Remove a previously\-set restriction.  This is useful for
1732 It is intended as a means for a multicast client
1743 with the anycast paradigm described in RFC\-1546,
1759 as well and is highly recommended, especially for broadcast modes.
1763 .Ic manycastclient
1765 .Ic server
1772 and IPv6 address FF05::101 (site local) for NTP.
1775 and minimum feasible time\-to\-live (TTL) hops, depending
1779 for a future ephemeral unicast client/server association.
1782 .Ic manycastserver
1783 command listen on the specified group address for manycast
1805 in a volley of eight client/server at 2\-s intervals
1818 and the effects of implosion due to near\-simultaneous
1821 .Ic manycastclient ,
1822 .Ic tos
1824 .Ic ttl
1827 normally eight times the system poll interval,
1831 .Ic manycastclient ,
1837 .Ic ttl
1851 .Ic tos
1861 For legacy purposes,
1866 For manycast service
1880 For each transmission
1888 it the system poll interval.
1893 By default, the increment for TTL hops is 32 starting
1895 .Ic ttl
1910 .Ic tos
1917 .Ic tos
1924 The above actions occur for each manycast client message,
1940 The recommended value for
1950 For example, consider an NTP
1955 .Ic multicastclient
1957 .Ic multicastserver
1958 commands using, for instance, multicast group address
1961 configuration file must include commands for the primary
1964 The remaining configuration files for all secondary
1965 servers and clients have the same contents, except for the
1966 .Ic tos
1967 command, which is specific for each stratum level.
1968 For stratum 1 and stratum 2 servers, that command is
1970 For stratum 3 and above servers the
1986 re\-associate accordingly.
2004 for the usual suspects, selects the best from among
2040 .Bl -tag -width indent
2041 .It Xo Ic tos
2060 .Bl -tag -width indent
2061 .It Xo Ic tos
2073 quantity of peers used to synchronize the system clock
2077 .Bl -tag -width indent
2113 one or more truechimers for the clustering algorithm.
2117 for legacy purposes.
2128 in an expanding\-ring search.
2134 satellite and modem reference clocks plus a special pseudo\-clock
2135 used for backup or when no other clock source is available.
2145 .Qq Debugging Hints for Reference Clock Drivers
2152 In addition, support for a PPS
2154 .Qq Pulse\-per\-second (PPS) Signal Interfacing
2183 in a scalding remark to the system log file, but is otherwise non
2186 For the purposes of configuration,
2204 number in the range 0\-3.
2210 .Ic server
2221 options are not used for reference clock support.
2224 option is added for reference clock support, as
2243 meaning only for selected clock drivers.
2245 driver document pages for additional information.
2248 .Ic fudge
2250 information for individual clock drivers and normally follows
2252 .Ic server
2262 override the defaults for the device.
2264 device\-dependent time offsets and four flags that can be included
2266 .Ic fudge
2279 option is used for this purpose.
2281 involving both a reference clock and a pulse\-per\-second (PPS)
2286 option is used for this purpose.
2290 .Bl -tag -width indent
2291 .It Xo Ic server
2303 .Bl -tag -width indent
2307 equal, this host will be chosen for synchronization among a set of
2315 for further information.
2318 device\-specific fashion.
2319 For instance, it selects a dialing
2326 for reference clock messages, as a power of 2 in seconds
2327 For
2333 For modem reference clocks,
2340 .It Xo Ic fudge
2357 .Ic server
2365 .Bl -tag -width indent
2368 the driver, a fixed\-point decimal number in seconds.
2374 systematic error or bias due to serial port or operating system
2380 for an individual system and driver is available, an approximate
2386 .Ic enable
2396 Specifies a fixed\-point decimal number in seconds, which is
2397 interpreted in a driver\-dependent way.
2418 device\-specific fashion.
2419 For instance, it selects a dialing
2427 These four flags are used for customizing the clock driver.
2438 .Ic filegen
2441 .Ic filegen
2447 .Bl -tag -width indent
2448 .It Ic broadcastdelay Ar seconds
2456 controls, for example.
2459 Typically (for Ethernet), a
2463 .It Ic driftfile Ar driftfile
2475 frequency of zero and creates the file when writing it for the first time.
2481 in parts\-per\-million (PPM).
2487 must have write permission for the directory the
2488 drift file is located in, and that file system links, symbolic or
2490 .It Ic dscp Ar value
2492 a 6\-bit code.
2494 .It Xo Ic enable
2504 .It Xo Ic disable
2520 .Bl -tag -width indent
2525 The default for this flag is
2526 .Ic enable .
2528 Enables the server to listen for a message from a broadcast or
2530 .Ic multicastclient
2533 The default for this flag is
2534 .Ic disable .
2536 Enables the calibrate feature for reference clocks.
2537 The default for
2539 .Ic disable .
2542 The default for this
2544 .Ic enable
2546 .Ic disable .
2548 Enables processing of NTP mode 7 implementation\-specific requests
2552 The default for this flag is disable.
2566 .Ic monlist
2569 default for this flag is
2570 .Ic enable .
2574 closes the feedback loop, which is useful for testing.
2575 The default for
2577 .Ic enable .
2582 receives a crypto\-NAK packet that
2586 as it allows for quick recovery if a server key has changed,
2587 a properly forged and appropriately delivered crypto\-NAK packet
2594 file for evidence of any of these attacks.
2596 default for this flag is
2597 .Ic enable .
2602 section for further information.
2603 The default for this flag is
2604 .Ic disable .
2623 file for evidence of any of these attacks.
2625 default for this flag is
2626 .Ic enable .
2630 receives a crypto\-NAK packet that
2634 as it allows for quick recovery if a server key has changed,
2635 a properly forged and appropriately delivered crypto\-NAK packet
2642 file for evidence of any of these attacks.
2644 default for this flag is
2645 .Ic enable .
2654 as it allows for quick recovery,
2656 during an appropriate window it can be used for a DoS attack.
2662 file for evidence of any of these attacks.
2664 default for this flag is
2665 .Ic enable .
2667 .It Ic includefile Ar includefile
2674 This option is useful for sites that run
2678 .It Xo Ic interface
2694 The first parameter determines the action for addresses
2701 determines how many bits must match for this rule to apply.
2711 The last rule which matches a particular address determines the action for it.
2715 .Fl \-interface ,
2718 .Fl \-novirtualips
2719 command\-line options are specified in the configuration file,
2723 directive is an alias for
2725 .It Ic leapfile Ar leapfile
2727 leapsecond values for the next leapsecond event, leapfile expiration
2730 .Li https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list
2732 .Li ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list .
2747 .Xr update\-leap 1update_leapmdoc
2751 .It Ic leapsmearinterval Ar seconds
2755 .Cm \-\-enable\-leap\-smear
2760 Recommended values for this option are between
2762 .Sy DO NOT USE THIS OPTION ON PUBLIC\-ACCESS SERVERS!
2763 See http://bugs.ntp.org/2855 for more information.
2764 .It Ic logconfig Ar configkeyword
2766 the system
2769 .Ic logfile
2778 .Ql \- ,
2786 .Ql \-
2830 .Bd -literal
2836 and the major system events.
2837 For a simple reference server, the
2839 .Bd -literal
2846 peers, system events and so on is suppressed.
2847 .It Ic logfile Ar logfile
2849 be used instead of the default system
2855 .It Xo Ic mru
2867 .Bl -tag -width indent
2868 .It Ic maxdepth Ar count
2869 .It Ic maxmem Ar kilobytes
2887 entries, existing entries are never removed to make room for newer ones,
2911 .It Ic nonvolatile Ar threshold
2916 (frequency file) will be written, with a default value of 1e\-7 (0.1 PPM).
2924 for embedded systems with nonvolatile memory.
2925 .It Ic phone Ar dial ...
2928 or the JJY driver (type 40, mode 100 \- 180).
2929 For the ACTS modem driver (type 18), the arguments consist of
2932 For the JJY driver (type 40 mode 100 \- 180), the argument is 
2955 The next two numbers must be between 0 and one\-half of the poll interval,
2963 .It Xo Ic reset
2965 .Ic allpeers
2968 .Ic auth
2971 .Ic ctl
2974 .Ic io
2977 .Ic mem
2980 .Ic sys
2983 .Ic timer
2992 .It Xo Ic rlimit
2999 .Bl -tag -width indent
3007 The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
3008 -1 means "do not lock the process into memory".
3017 Defaults to the system default.
3019 .It Ic saveconfigdir Ar directory_path
3031 .It Ic saveconfig Ar filename
3036 .Cm config\-from\-file 
3052 for example,
3053 .Cm saveconfig\ ntp\-%Y%m%d\-%H%M%S.conf .
3054 The filename used is stored in the system variable
3057 .It Ic setvar Ar variable Op Cm default
3058 This command adds an additional system variable.
3069 variable will be listed as part of the default system variables
3072 .Ic rv
3081 .Ic setvar
3088 the names of all system variables.
3099 .It Xo Ic tinker
3112 This command can be used to alter several system variables in
3117 default values of these variables have been carefully optimized for
3125 for them.
3130 .Bl -tag -width indent
3132 The argument becomes the new value for the minimum Allan
3138 The argument becomes the new value for the dispersion increase rate,
3142 parts\-per\-million.
3146 The argument becomes the new value for the experimental
3147 huff\-n'\-puff filter span, which determines the most recent interval
3148 the algorithm will search for a minimum delay.
3169 The argument is the step threshold for the backward direction,
3180 As for stepback, but for the forward direction.
3193 system variables
3200 .It Xo Ic trap Ar host_address
3205 address and port number for sending messages with the specified
3219 mode these values are used in\-turn in an expanding\-ring search.
3232 an expanding\-ring search.
3237 .Bl -tag
3238 .It Fl \-help
3240 .It Fl \-more\-help
3242 .It Fl \-version Op Brq Ar v|c|n
3251   \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP
3255 See \fBOPTION PRESETS\fP for configuration environment variables.
3257 .Bl -tag -width /etc/ntp.drift -compact
3267 Diffie\-Hellman agreement parameters
3271 .Bl -tag
3278 it to autogen\-users@lists.sourceforge.net.  Thank you.
3299 Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved.
3317 This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP