ntpd: Network Time Protocol (NTP) Daemon User's Manual


Next: , Previous: (dir), Up: (dir)

ntpd: Network Time Protocol (NTP) Daemon User Manual

The ntpd program is an operating system daemon that synchronizes the system clock to remote NTP time servers or local reference clocks. It is a complete implementation of NTP version 4 defined by RFC-5905, but also retains compatible with version 3 defined by RFC-1305 and versions 1 and 2, defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, including client/server, symmetric and broadcast modes, and with both symmetric-key and public-key cryptography.

This document applies to version 4.2.8p4 of ntpd.



Description

The ntpd program ordinarily requires a configuration file described at ntp.conf. This configuration file contains configuration commands described on the pages listed above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment.

The ntpd program normally operates continuously while adjusting the system time and frequency, but in some cases this might not be practical. With the -q option ntpd operates as in continuous mode, but exits just after setting the clock for the first time. Most applications will probably want to specify the iburst option with the server command. With this option an initial volley of messages is exchanged to groom the data and set the clock in about ten seconds' time. If nothing is heard after a few minutes' time, the daemon times out and exits without setting the clock.



Invoking ntpd

The ntpd utility is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, as defined by RFC-5905, but also retains compatibility with version 3, as defined by RFC-1305, and versions 1 and 2, as defined by RFC-1059 and RFC-1119, respectively.

The ntpd utility does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.

Ordinarily, ntpd reads the ntp.conf(5) configuration file at startup time in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast/multicast client, with all peers being determined by listening to broadcasts at run time.

If NetInfo support is built into ntpd then ntpd will attempt to read its configuration from the NetInfo if the default ntp.conf(5) file cannot be read and no file is specified by the -c option.

Various internal ntpd variables can be displayed and configuration options altered while the ntpd is running using the ntpq(1ntpqmdoc) and ntpdc(1ntpdcmdoc) utility programs.

When ntpd starts it looks at the value of umask(2), and if zero ntpd will set the umask(2) to 022.

This section was generated by AutoGen, using the agtexi-cmd template and the option descriptions for the ntpd program. This software is released under the NTP license, <http://ntp.org/license>.


Next: , Up: ntpd Invocation

ntpd help/usage (--help)

This is the automatically generated usage text for ntpd.

The text printed is the same whether selected with the help option (--help) or the more-help option (--more-help). more-help will print the usage text by passing it through a pager program. more-help is disabled on platforms without a working fork(2) function. The PAGER environment variable is used to select the program, defaulting to more. Both will exit with a status code of 0.

ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
Usage:  ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
                [ <server1> ... <serverN> ]
  Flg Arg Option-Name    Description
   -4 no  ipv4           Force IPv4 DNS name resolution
                                - prohibits the option 'ipv6'
   -6 no  ipv6           Force IPv6 DNS name resolution
                                - prohibits the option 'ipv4'
   -a no  authreq        Require crypto authentication
                                - prohibits the option 'authnoreq'
   -A no  authnoreq      Do not require crypto authentication
                                - prohibits the option 'authreq'
   -b no  bcastsync      Allow us to sync to broadcast servers
   -c Str configfile     configuration file name
   -d no  debug-level    Increase debug verbosity level
                                - may appear multiple times
   -D Num set-debug-level Set the debug verbosity level
                                - may appear multiple times
   -f Str driftfile      frequency drift file name
   -g no  panicgate      Allow the first adjustment to be Big
                                - may appear multiple times
   -G no  force-step-once Step any initial offset correction.
   -i Str jaildir        Jail directory
   -I Str interface      Listen on an interface name or address
                                - may appear multiple times
   -k Str keyfile        path to symmetric keys
   -l Str logfile        path to the log file
   -L no  novirtualips   Do not listen to virtual interfaces
   -n no  nofork         Do not fork
                                - prohibits the option 'wait-sync'
   -N no  nice           Run at high priority
   -p Str pidfile        path to the PID file
   -P Num priority       Process priority
   -q no  quit           Set the time and quit
                                - prohibits these options:
                                saveconfigquit
                                wait-sync
   -r Str propagationdelay Broadcast/propagation delay
      Str saveconfigquit Save parsed configuration and quit
                                - prohibits these options:
                                quit
                                wait-sync
   -s Str statsdir       Statistics file location
   -t Str trustedkey     Trusted key number
                                - may appear multiple times
   -u Str user           Run as userid (or userid:groupid)
   -U Num updateinterval interval in seconds between scans for new or dropped interfaces
      Str var            make ARG an ntp variable (RW)
                                - may appear multiple times
      Str dvar           make ARG an ntp variable (RW|DEF)
                                - may appear multiple times
   -w Num wait-sync      Seconds to wait for first clock sync
                                - prohibits these options:
                                nofork
                                quit
                                saveconfigquit
   -x no  slew           Slew up to 600 seconds
      opt version        output version information and exit
   -? no  help           display extended usage information and exit
   -! no  more-help      extended usage information passed thru pager

Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.


The following option preset mechanisms are supported:
 - examining environment variables named NTPD_*

Please send bug reports to:  <http://bugs.ntp.org, bugs@ntp.org>


Next: , Previous: ntpd usage, Up: ntpd Invocation

ipv4 option (-4)

This is the “force ipv4 dns name resolution” option.

This option has some usage constraints. It:

Force DNS resolution of following host names on the command line to the IPv4 namespace.


Next: , Previous: ntpd ipv4, Up: ntpd Invocation

ipv6 option (-6)

This is the “force ipv6 dns name resolution” option.

This option has some usage constraints. It:

Force DNS resolution of following host names on the command line to the IPv6 namespace.


Next: , Previous: ntpd ipv6, Up: ntpd Invocation

authreq option (-a)

This is the “require crypto authentication” option.

This option has some usage constraints. It:

Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.


Next: , Previous: ntpd authreq, Up: ntpd Invocation

authnoreq option (-A)

This is the “do not require crypto authentication” option.

This option has some usage constraints. It:

Do not require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is almost never a good idea.


Next: , Previous: ntpd authnoreq, Up: ntpd Invocation

configfile option (-c)

This is the “configuration file name” option. This option takes a string argument. The name and path of the configuration file, /etc/ntp.conf by default.


Next: , Previous: ntpd configfile, Up: ntpd Invocation

driftfile option (-f)

This is the “frequency drift file name” option. This option takes a string argument. The name and path of the frequency file, /etc/ntp.drift by default. This is the same operation as the driftfile driftfile configuration specification in the /etc/ntp.conf file.


Next: , Previous: ntpd driftfile, Up: ntpd Invocation

panicgate option (-g)

This is the “allow the first adjustment to be big” option.

This option has some usage constraints. It:

Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. See the tinker configuration file directive for other options.


Next: , Previous: ntpd panicgate, Up: ntpd Invocation

force-step-once option (-G)

This is the “step any initial offset correction.” option. Normally, ntpd steps the time if the time offset exceeds the step threshold, which is 128 ms by default, and otherwise slews the time. This option forces the initial offset correction to be stepped, so the highest time accuracy can be achieved quickly. However, this may also cause the time to be stepped back so this option must not be used if applications requiring monotonic time are running. See the tinker configuration file directive for other options.


Next: , Previous: ntpd force-step-once, Up: ntpd Invocation

jaildir option (-i)

This is the “jail directory” option. This option takes a string argument.

This option has some usage constraints. It:

Chroot the server to the directory jaildir . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a -u option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --enable-clockctl) or Linux (configure with --enable-linuxcaps) or Solaris (configure with --enable-solarisprivs).


Next: , Previous: ntpd jaildir, Up: ntpd Invocation

interface option (-I)

This is the “listen on an interface name or address” option. This option takes a string argument iface.

This option has some usage constraints. It:

Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.


Next: , Previous: ntpd interface, Up: ntpd Invocation

keyfile option (-k)

This is the “path to symmetric keys” option. This option takes a string argument. Specify the name and path of the symmetric key file. /etc/ntp.keys is the default. This is the same operation as the keys keyfile configuration file directive.


Next: , Previous: ntpd keyfile, Up: ntpd Invocation

logfile option (-l)

This is the “path to the log file” option. This option takes a string argument. Specify the name and path of the log file. The default is the system log file. This is the same operation as the logfile logfile configuration file directive.


Next: , Previous: ntpd logfile, Up: ntpd Invocation

novirtualips option (-L)

This is the “do not listen to virtual interfaces” option. Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.


Next: , Previous: ntpd novirtualips, Up: ntpd Invocation

modifymmtimer option (-M)

This is the “modify multimedia timer (windows only)” option.

This option has some usage constraints. It:

Set the Windows Multimedia Timer to highest resolution. This ensures the resolution does not change while ntpd is running, avoiding timekeeping glitches associated with changes.


Next: , Previous: ntpd modifymmtimer, Up: ntpd Invocation

nice option (-N)

This is the “run at high priority” option. To the extent permitted by the operating system, run ntpd at the highest priority.


Next: , Previous: ntpd nice, Up: ntpd Invocation

pidfile option (-p)

This is the “path to the pid file” option. This option takes a string argument. Specify the name and path of the file used to record ntpd's process ID. This is the same operation as the pidfile pidfile configuration file directive.


Next: , Previous: ntpd pidfile, Up: ntpd Invocation

priority option (-P)

This is the “process priority” option. This option takes a number argument. To the extent permitted by the operating system, run ntpd at the specified sched_setscheduler(SCHED_FIFO) priority.


Next: , Previous: ntpd priority, Up: ntpd Invocation

quit option (-q)

This is the “set the time and quit” option.

This option has some usage constraints. It:

ntpd will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the ntpdate program, which will soon be replaced with a shell script. The -g and -x options can be used with this option. Note: The kernel time discipline is disabled with this option.


Next: , Previous: ntpd quit, Up: ntpd Invocation

propagationdelay option (-r)

This is the “broadcast/propagation delay” option. This option takes a string argument. Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.


Next: , Previous: ntpd propagationdelay, Up: ntpd Invocation

saveconfigquit option

This is the “save parsed configuration and quit” option. This option takes a string argument.

This option has some usage constraints. It:

Cause ntpd to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing.


Next: , Previous: ntpd saveconfigquit, Up: ntpd Invocation

statsdir option (-s)

This is the “statistics file location” option. This option takes a string argument. Specify the directory path for files created by the statistics facility. This is the same operation as the statsdir statsdir configuration file directive.


Next: , Previous: ntpd statsdir, Up: ntpd Invocation

trustedkey option (-t)

This is the “trusted key number” option. This option takes a string argument tkey.

This option has some usage constraints. It:

Add the specified key number to the trusted key list.


Next: , Previous: ntpd trustedkey, Up: ntpd Invocation

user option (-u)

This is the “run as userid (or userid:groupid)” option. This option takes a string argument.

This option has some usage constraints. It:

Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --enable-clockctl) or Linux (configure with --enable-linuxcaps) or Solaris (configure with --enable-solarisprivs).


Next: , Previous: ntpd user, Up: ntpd Invocation

updateinterval option (-U)

This is the “interval in seconds between scans for new or dropped interfaces” option. This option takes a number argument. Give the time in seconds between two scans for new or dropped interfaces. For systems with routing socket support the scans will be performed shortly after the interface change has been detected by the system. Use 0 to disable scanning. 60 seconds is the minimum time between scans.


Next: , Previous: ntpd updateinterval, Up: ntpd Invocation

wait-sync option (-w)

This is the “seconds to wait for first clock sync” option. This option takes a number argument.

This option has some usage constraints. It:

If greater than zero, alters ntpd's behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, otherwise it is ETIMEDOUT. This provides the option for a script starting ntpd to easily wait for the first set of the clock before proceeding.


Next: , Previous: ntpd wait-sync, Up: ntpd Invocation

slew option (-x)

This is the “slew up to 600 seconds” option. Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the -g and -q options. See the tinker configuration file directive for other options. Note: The kernel time discipline is disabled with this option.


Next: , Previous: ntpd slew, Up: ntpd Invocation

usepcc option

This is the “use cpu cycle counter (windows only)” option.

This option has some usage constraints. It:

Attempt to substitute the CPU counter for QueryPerformanceCounter. The CPU counter and QueryPerformanceCounter are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call.


Next: , Previous: ntpd usepcc, Up: ntpd Invocation

pccfreq option

This is the “force cpu cycle counter use (windows only)” option. This option takes a string argument.

This option has some usage constraints. It:

Force substitution the CPU counter for QueryPerformanceCounter. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz).


Next: , Previous: ntpd pccfreq, Up: ntpd Invocation

mdns option (-m)

This is the “register with mdns as a ntp server” option.

This option has some usage constraints. It:

Registers as an NTP server with the local mDNS server which allows the server to be discovered via mDNS client lookup.


Next: , Previous: ntpd mdns, Up: ntpd Invocation

presetting/configuring ntpd

Any option that is not marked as not presettable may be preset by loading values from environment variables named NTPD and NTPD_<OPTION_NAME>. <OPTION_NAME> must be one of the options listed above in upper case and segmented with underscores. The NTPD variable will be tokenized and parsed like the command line. The remaining variables are tested for existence and their values are treated like option arguments.

The command line options relating to configuration and/or usage help are:

version (-)

Print the program version to standard out, optionally with licensing information, then exit 0. The optional argument specifies how much licensing detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the first letter of the argument is examined:

version
Only print the version. This is the default.
copyright
Name the copyright usage licensing terms.
verbose
Print the full copyright usage licensing terms.


Next: , Previous: ntpd config, Up: ntpd Invocation

ntpd exit status

One of the following exit values will be returned:

0 (EXIT_SUCCESS)
Successful program execution.
1 (EXIT_FAILURE)
The operation failed or the command syntax was not valid.


Next: , Previous: ntpd exit status, Up: ntpd Invocation

ntpd Usage


Next: , Previous: ntpd Usage, Up: ntpd Invocation

ntpd Files


Next: , Previous: ntpd Files, Up: ntpd Invocation

ntpd See Also


Next: , Previous: ntpd See Also, Up: ntpd Invocation

ntpd Bugs


Previous: ntpd Bugs, Up: ntpd Invocation

ntpd Notes



Usage