xref: /freebsd/contrib/ntp/ntpd/invoke-ntp.conf.texi (revision 0b3105a37d7adcadcb720112fed4dc4e8040be99)
1@node ntp.conf Notes
2@section Notes about ntp.conf
3@pindex ntp.conf
4@cindex Network Time Protocol (NTP) daemon configuration file format
5@ignore
6#
7# EDIT THIS FILE WITH CAUTION  (invoke-ntp.conf.texi)
8#
9# It has been AutoGen-ed  January 20, 2016 at 04:17:59 AM by AutoGen 5.18.5
10# From the definitions    ntp.conf.def
11# and the template file   agtexi-file.tpl
12@end ignore
13
14
15
16The
17@code{ntp.conf}
18configuration file is read at initial startup by the
19@code{ntpd(1ntpdmdoc)}
20daemon in order to specify the synchronization sources,
21modes and other related information.
22Usually, it is installed in the
23@file{/etc}
24directory,
25but could be installed elsewhere
26(see the daemon's
27@code{-c}
28command line option).
29
30The file format is similar to other
31@sc{unix}
32configuration files.
33Comments begin with a
34@quoteleft{}#@quoteright{}
35character and extend to the end of the line;
36blank lines are ignored.
37Configuration commands consist of an initial keyword
38followed by a list of arguments,
39some of which may be optional, separated by whitespace.
40Commands may not be continued over multiple lines.
41Arguments may be host names,
42host addresses written in numeric, dotted-quad form,
43integers, floating point numbers (when specifying times in seconds)
44and text strings.
45
46The rest of this page describes the configuration and control options.
47The
48"Notes on Configuring NTP and Setting up an NTP Subnet"
49page
50(available as part of the HTML documentation
51provided in
52@file{/usr/share/doc/ntp})
53contains an extended discussion of these options.
54In addition to the discussion of general
55@ref{Configuration Options},
56there are sections describing the following supported functionality
57and the options used to control it:
58@itemize @bullet
59@item
60@ref{Authentication Support}
61@item
62@ref{Monitoring Support}
63@item
64@ref{Access Control Support}
65@item
66@ref{Automatic NTP Configuration Options}
67@item
68@ref{Reference Clock Support}
69@item
70@ref{Miscellaneous Options}
71@end itemize
72
73Following these is a section describing
74@ref{Miscellaneous Options}.
75While there is a rich set of options available,
76the only required option is one or more
77@code{pool},
78@code{server},
79@code{peer},
80@code{broadcast}
81or
82@code{manycastclient}
83commands.
84@node Configuration Support
85@subsection Configuration Support
86Following is a description of the configuration commands in
87NTPv4.
88These commands have the same basic functions as in NTPv3 and
89in some cases new functions and new arguments.
90There are two
91classes of commands, configuration commands that configure a
92persistent association with a remote server or peer or reference
93clock, and auxiliary commands that specify environmental variables
94that control various related operations.
95@subsubsection Configuration Commands
96The various modes are determined by the command keyword and the
97type of the required IP address.
98Addresses are classed by type as
99(s) a remote server or peer (IPv4 class A, B and C), (b) the
100broadcast address of a local interface, (m) a multicast address (IPv4
101class D), or (r) a reference clock address (127.127.x.x).
102Note that
103only those options applicable to each command are listed below.
104Use
105of options not listed may not be caught as an error, but may result
106in some weird and even destructive behavior.
107
108If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
109is detected, support for the IPv6 address family is generated
110in addition to the default support of the IPv4 address family.
111In a few cases, including the reslist billboard generated
112by ntpdc, IPv6 addresses are automatically generated.
113IPv6 addresses can be identified by the presence of colons
114@quotedblleft{}:@quotedblright{}
115in the address field.
116IPv6 addresses can be used almost everywhere where
117IPv4 addresses can be used,
118with the exception of reference clock addresses,
119which are always IPv4.
120
121Note that in contexts where a host name is expected, a
122@code{-4}
123qualifier preceding
124the host name forces DNS resolution to the IPv4 namespace,
125while a
126@code{-6}
127qualifier forces DNS resolution to the IPv6 namespace.
128See IPv6 references for the
129equivalent classes for that address family.
130@table @asis
131@item @code{pool} @kbd{address} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
132@item @code{server} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
133@item @code{peer} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
134@item @code{broadcast} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{ttl} @kbd{ttl}]}
135@item @code{manycastclient} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} @code{[@code{ttl} @kbd{ttl}]}
136@end table
137
138These five commands specify the time server name or address to
139be used and the mode in which to operate.
140The
141@kbd{address}
142can be
143either a DNS name or an IP address in dotted-quad notation.
144Additional information on association behavior can be found in the
145"Association Management"
146page
147(available as part of the HTML documentation
148provided in
149@file{/usr/share/doc/ntp}).
150@table @asis
151@item @code{pool}
152For type s addresses, this command mobilizes a persistent
153client mode association with a number of remote servers.
154In this mode the local clock can synchronized to the
155remote server, but the remote server can never be synchronized to
156the local clock.
157@item @code{server}
158For type s and r addresses, this command mobilizes a persistent
159client mode association with the specified remote server or local
160radio clock.
161In this mode the local clock can synchronized to the
162remote server, but the remote server can never be synchronized to
163the local clock.
164This command should
165@emph{not}
166be used for type
167b or m addresses.
168@item @code{peer}
169For type s addresses (only), this command mobilizes a
170persistent symmetric-active mode association with the specified
171remote peer.
172In this mode the local clock can be synchronized to
173the remote peer or the remote peer can be synchronized to the local
174clock.
175This is useful in a network of servers where, depending on
176various failure scenarios, either the local or remote peer may be
177the better source of time.
178This command should NOT be used for type
179b, m or r addresses.
180@item @code{broadcast}
181For type b and m addresses (only), this
182command mobilizes a persistent broadcast mode association.
183Multiple
184commands can be used to specify multiple local broadcast interfaces
185(subnets) and/or multiple multicast groups.
186Note that local
187broadcast messages go only to the interface associated with the
188subnet specified, but multicast messages go to all interfaces.
189In broadcast mode the local server sends periodic broadcast
190messages to a client population at the
191@kbd{address}
192specified, which is usually the broadcast address on (one of) the
193local network(s) or a multicast address assigned to NTP.
194The IANA
195has assigned the multicast group address IPv4 224.0.1.1 and
196IPv6 ff05::101 (site local) exclusively to
197NTP, but other nonconflicting addresses can be used to contain the
198messages within administrative boundaries.
199Ordinarily, this
200specification applies only to the local server operating as a
201sender; for operation as a broadcast client, see the
202@code{broadcastclient}
203or
204@code{multicastclient}
205commands
206below.
207@item @code{manycastclient}
208For type m addresses (only), this command mobilizes a
209manycast client mode association for the multicast address
210specified.
211In this case a specific address must be supplied which
212matches the address used on the
213@code{manycastserver}
214command for
215the designated manycast servers.
216The NTP multicast address
217224.0.1.1 assigned by the IANA should NOT be used, unless specific
218means are taken to avoid spraying large areas of the Internet with
219these messages and causing a possibly massive implosion of replies
220at the sender.
221The
222@code{manycastserver}
223command specifies that the local server
224is to operate in client mode with the remote servers that are
225discovered as the result of broadcast/multicast messages.
226The
227client broadcasts a request message to the group address associated
228with the specified
229@kbd{address}
230and specifically enabled
231servers respond to these messages.
232The client selects the servers
233providing the best time and continues as with the
234@code{server}
235command.
236The remaining servers are discarded as if never
237heard.
238@end table
239
240Options:
241@table @asis
242@item @code{autokey}
243All packets sent to and received from the server or peer are to
244include authentication fields encrypted using the autokey scheme
245described in
246@ref{Authentication Options}.
247@item @code{burst}
248when the server is reachable, send a burst of eight packets
249instead of the usual one.
250The packet spacing is normally 2 s;
251however, the spacing between the first and second packets
252can be changed with the calldelay command to allow
253additional time for a modem or ISDN call to complete.
254This is designed to improve timekeeping quality
255with the
256@code{server}
257command and s addresses.
258@item @code{iburst}
259When the server is unreachable, send a burst of eight packets
260instead of the usual one.
261The packet spacing is normally 2 s;
262however, the spacing between the first two packets can be
263changed with the calldelay command to allow
264additional time for a modem or ISDN call to complete.
265This is designed to speed the initial synchronization
266acquisition with the
267@code{server}
268command and s addresses and when
269@code{ntpd(1ntpdmdoc)}
270is started with the
271@code{-q}
272option.
273@item @code{key} @kbd{key}
274All packets sent to and received from the server or peer are to
275include authentication fields encrypted using the specified
276@kbd{key}
277identifier with values from 1 to 65534, inclusive.
278The
279default is to include no encryption field.
280@item @code{minpoll} @kbd{minpoll}
281@item @code{maxpoll} @kbd{maxpoll}
282These options specify the minimum and maximum poll intervals
283for NTP messages, as a power of 2 in seconds
284The maximum poll
285interval defaults to 10 (1,024 s), but can be increased by the
286@code{maxpoll}
287option to an upper limit of 17 (36.4 h).
288The
289minimum poll interval defaults to 6 (64 s), but can be decreased by
290the
291@code{minpoll}
292option to a lower limit of 4 (16 s).
293@item @code{noselect}
294Marks the server as unused, except for display purposes.
295The server is discarded by the selection algroithm.
296@item @code{prefer}
297Marks the server as preferred.
298All other things being equal,
299this host will be chosen for synchronization among a set of
300correctly operating hosts.
301See the
302"Mitigation Rules and the prefer Keyword"
303page
304(available as part of the HTML documentation
305provided in
306@file{/usr/share/doc/ntp})
307for further information.
308@item @code{ttl} @kbd{ttl}
309This option is used only with broadcast server and manycast
310client modes.
311It specifies the time-to-live
312@kbd{ttl}
313to
314use on broadcast server and multicast server and the maximum
315@kbd{ttl}
316for the expanding ring search with manycast
317client packets.
318Selection of the proper value, which defaults to
319127, is something of a black art and should be coordinated with the
320network administrator.
321@item @code{version} @kbd{version}
322Specifies the version number to be used for outgoing NTP
323packets.
324Versions 1-4 are the choices, with version 4 the
325default.
326@end table
327@subsubsection Auxiliary Commands
328@table @asis
329@item @code{broadcastclient}
330This command enables reception of broadcast server messages to
331any local interface (type b) address.
332Upon receiving a message for
333the first time, the broadcast client measures the nominal server
334propagation delay using a brief client/server exchange with the
335server, then enters the broadcast client mode, in which it
336synchronizes to succeeding broadcast messages.
337Note that, in order
338to avoid accidental or malicious disruption in this mode, both the
339server and client should operate using symmetric-key or public-key
340authentication as described in
341@ref{Authentication Options}.
342@item @code{manycastserver} @kbd{address} @kbd{...}
343This command enables reception of manycast client messages to
344the multicast group address(es) (type m) specified.
345At least one
346address is required, but the NTP multicast address 224.0.1.1
347assigned by the IANA should NOT be used, unless specific means are
348taken to limit the span of the reply and avoid a possibly massive
349implosion at the original sender.
350Note that, in order to avoid
351accidental or malicious disruption in this mode, both the server
352and client should operate using symmetric-key or public-key
353authentication as described in
354@ref{Authentication Options}.
355@item @code{multicastclient} @kbd{address} @kbd{...}
356This command enables reception of multicast server messages to
357the multicast group address(es) (type m) specified.
358Upon receiving
359a message for the first time, the multicast client measures the
360nominal server propagation delay using a brief client/server
361exchange with the server, then enters the broadcast client mode, in
362which it synchronizes to succeeding multicast messages.
363Note that,
364in order to avoid accidental or malicious disruption in this mode,
365both the server and client should operate using symmetric-key or
366public-key authentication as described in
367@ref{Authentication Options}.
368@item @code{mdnstries} @kbd{number}
369If we are participating in mDNS,
370after we have synched for the first time
371we attempt to register with the mDNS system.
372If that registration attempt fails,
373we try again at one minute intervals for up to
374@code{mdnstries}
375times.
376After all,
377@code{ntpd}
378may be starting before mDNS.
379The default value for
380@code{mdnstries}
381is 5.
382@end table
383@node Authentication Support
384@subsection Authentication Support
385Authentication support allows the NTP client to verify that the
386server is in fact known and trusted and not an intruder intending
387accidentally or on purpose to masquerade as that server.
388The NTPv3
389specification RFC-1305 defines a scheme which provides
390cryptographic authentication of received NTP packets.
391Originally,
392this was done using the Data Encryption Standard (DES) algorithm
393operating in Cipher Block Chaining (CBC) mode, commonly called
394DES-CBC.
395Subsequently, this was replaced by the RSA Message Digest
3965 (MD5) algorithm using a private key, commonly called keyed-MD5.
397Either algorithm computes a message digest, or one-way hash, which
398can be used to verify the server has the correct private key and
399key identifier.
400
401NTPv4 retains the NTPv3 scheme, properly described as symmetric key
402cryptography and, in addition, provides a new Autokey scheme
403based on public key cryptography.
404Public key cryptography is generally considered more secure
405than symmetric key cryptography, since the security is based
406on a private value which is generated by each server and
407never revealed.
408With Autokey all key distribution and
409management functions involve only public values, which
410considerably simplifies key distribution and storage.
411Public key management is based on X.509 certificates,
412which can be provided by commercial services or
413produced by utility programs in the OpenSSL software library
414or the NTPv4 distribution.
415
416While the algorithms for symmetric key cryptography are
417included in the NTPv4 distribution, public key cryptography
418requires the OpenSSL software library to be installed
419before building the NTP distribution.
420Directions for doing that
421are on the Building and Installing the Distribution page.
422
423Authentication is configured separately for each association
424using the
425@code{key}
426or
427@code{autokey}
428subcommand on the
429@code{peer},
430@code{server},
431@code{broadcast}
432and
433@code{manycastclient}
434configuration commands as described in
435@ref{Configuration Options}
436page.
437The authentication
438options described below specify the locations of the key files,
439if other than default, which symmetric keys are trusted
440and the interval between various operations, if other than default.
441
442Authentication is always enabled,
443although ineffective if not configured as
444described below.
445If a NTP packet arrives
446including a message authentication
447code (MAC), it is accepted only if it
448passes all cryptographic checks.
449The
450checks require correct key ID, key value
451and message digest.
452If the packet has
453been modified in any way or replayed
454by an intruder, it will fail one or more
455of these checks and be discarded.
456Furthermore, the Autokey scheme requires a
457preliminary protocol exchange to obtain
458the server certificate, verify its
459credentials and initialize the protocol
460
461The
462@code{auth}
463flag controls whether new associations or
464remote configuration commands require cryptographic authentication.
465This flag can be set or reset by the
466@code{enable}
467and
468@code{disable}
469commands and also by remote
470configuration commands sent by a
471@code{ntpdc(1ntpdcmdoc)}
472program running in
473another machine.
474If this flag is enabled, which is the default
475case, new broadcast client and symmetric passive associations and
476remote configuration commands must be cryptographically
477authenticated using either symmetric key or public key cryptography.
478If this
479flag is disabled, these operations are effective
480even if not cryptographic
481authenticated.
482It should be understood
483that operating with the
484@code{auth}
485flag disabled invites a significant vulnerability
486where a rogue hacker can
487masquerade as a falseticker and seriously
488disrupt system timekeeping.
489It is
490important to note that this flag has no purpose
491other than to allow or disallow
492a new association in response to new broadcast
493and symmetric active messages
494and remote configuration commands and, in particular,
495the flag has no effect on
496the authentication process itself.
497
498An attractive alternative where multicast support is available
499is manycast mode, in which clients periodically troll
500for servers as described in the
501@ref{Automatic NTP Configuration Options}
502page.
503Either symmetric key or public key
504cryptographic authentication can be used in this mode.
505The principle advantage
506of manycast mode is that potential servers need not be
507configured in advance,
508since the client finds them during regular operation,
509and the configuration
510files for all clients can be identical.
511
512The security model and protocol schemes for
513both symmetric key and public key
514cryptography are summarized below;
515further details are in the briefings, papers
516and reports at the NTP project page linked from
517@code{http://www.ntp.org/}.
518@subsubsection Symmetric-Key Cryptography
519The original RFC-1305 specification allows any one of possibly
52065,534 keys, each distinguished by a 32-bit key identifier, to
521authenticate an association.
522The servers and clients involved must
523agree on the key and key identifier to
524authenticate NTP packets.
525Keys and
526related information are specified in a key
527file, usually called
528@file{ntp.keys},
529which must be distributed and stored using
530secure means beyond the scope of the NTP protocol itself.
531Besides the keys used
532for ordinary NTP associations,
533additional keys can be used as passwords for the
534@code{ntpq(1ntpqmdoc)}
535and
536@code{ntpdc(1ntpdcmdoc)}
537utility programs.
538
539When
540@code{ntpd(1ntpdmdoc)}
541is first started, it reads the key file specified in the
542@code{keys}
543configuration command and installs the keys
544in the key cache.
545However,
546individual keys must be activated with the
547@code{trusted}
548command before use.
549This
550allows, for instance, the installation of possibly
551several batches of keys and
552then activating or deactivating each batch
553remotely using
554@code{ntpdc(1ntpdcmdoc)}.
555This also provides a revocation capability that can be used
556if a key becomes compromised.
557The
558@code{requestkey}
559command selects the key used as the password for the
560@code{ntpdc(1ntpdcmdoc)}
561utility, while the
562@code{controlkey}
563command selects the key used as the password for the
564@code{ntpq(1ntpqmdoc)}
565utility.
566@subsubsection Public Key Cryptography
567NTPv4 supports the original NTPv3 symmetric key scheme
568described in RFC-1305 and in addition the Autokey protocol,
569which is based on public key cryptography.
570The Autokey Version 2 protocol described on the Autokey Protocol
571page verifies packet integrity using MD5 message digests
572and verifies the source with digital signatures and any of several
573digest/signature schemes.
574Optional identity schemes described on the Identity Schemes
575page and based on cryptographic challenge/response algorithms
576are also available.
577Using all of these schemes provides strong security against
578replay with or without modification, spoofing, masquerade
579and most forms of clogging attacks.
580
581The Autokey protocol has several modes of operation
582corresponding to the various NTP modes supported.
583Most modes use a special cookie which can be
584computed independently by the client and server,
585but encrypted in transmission.
586All modes use in addition a variant of the S-KEY scheme,
587in which a pseudo-random key list is generated and used
588in reverse order.
589These schemes are described along with an executive summary,
590current status, briefing slides and reading list on the
591@ref{Autonomous Authentication}
592page.
593
594The specific cryptographic environment used by Autokey servers
595and clients is determined by a set of files
596and soft links generated by the
597@code{ntp-keygen(1ntpkeygenmdoc)}
598program.
599This includes a required host key file,
600required certificate file and optional sign key file,
601leapsecond file and identity scheme files.
602The
603digest/signature scheme is specified in the X.509 certificate
604along with the matching sign key.
605There are several schemes
606available in the OpenSSL software library, each identified
607by a specific string such as
608@code{md5WithRSAEncryption},
609which stands for the MD5 message digest with RSA
610encryption scheme.
611The current NTP distribution supports
612all the schemes in the OpenSSL library, including
613those based on RSA and DSA digital signatures.
614
615NTP secure groups can be used to define cryptographic compartments
616and security hierarchies.
617It is important that every host
618in the group be able to construct a certificate trail to one
619or more trusted hosts in the same group.
620Each group
621host runs the Autokey protocol to obtain the certificates
622for all hosts along the trail to one or more trusted hosts.
623This requires the configuration file in all hosts to be
624engineered so that, even under anticipated failure conditions,
625the NTP subnet will form such that every group host can find
626a trail to at least one trusted host.
627@subsubsection Naming and Addressing
628It is important to note that Autokey does not use DNS to
629resolve addresses, since DNS can't be completely trusted
630until the name servers have synchronized clocks.
631The cryptographic name used by Autokey to bind the host identity
632credentials and cryptographic values must be independent
633of interface, network and any other naming convention.
634The name appears in the host certificate in either or both
635the subject and issuer fields, so protection against
636DNS compromise is essential.
637
638By convention, the name of an Autokey host is the name returned
639by the Unix
640@code{gethostname(2)}
641system call or equivalent in other systems.
642By the system design
643model, there are no provisions to allow alternate names or aliases.
644However, this is not to say that DNS aliases, different names
645for each interface, etc., are constrained in any way.
646
647It is also important to note that Autokey verifies authenticity
648using the host name, network address and public keys,
649all of which are bound together by the protocol specifically
650to deflect masquerade attacks.
651For this reason Autokey
652includes the source and destinatino IP addresses in message digest
653computations and so the same addresses must be available
654at both the server and client.
655For this reason operation
656with network address translation schemes is not possible.
657This reflects the intended robust security model where government
658and corporate NTP servers are operated outside firewall perimeters.
659@subsubsection Operation
660A specific combination of authentication scheme (none,
661symmetric key, public key) and identity scheme is called
662a cryptotype, although not all combinations are compatible.
663There may be management configurations where the clients,
664servers and peers may not all support the same cryptotypes.
665A secure NTPv4 subnet can be configured in many ways while
666keeping in mind the principles explained above and
667in this section.
668Note however that some cryptotype
669combinations may successfully interoperate with each other,
670but may not represent good security practice.
671
672The cryptotype of an association is determined at the time
673of mobilization, either at configuration time or some time
674later when a message of appropriate cryptotype arrives.
675When mobilized by a
676@code{server}
677or
678@code{peer}
679configuration command and no
680@code{key}
681or
682@code{autokey}
683subcommands are present, the association is not
684authenticated; if the
685@code{key}
686subcommand is present, the association is authenticated
687using the symmetric key ID specified; if the
688@code{autokey}
689subcommand is present, the association is authenticated
690using Autokey.
691
692When multiple identity schemes are supported in the Autokey
693protocol, the first message exchange determines which one is used.
694The client request message contains bits corresponding
695to which schemes it has available.
696The server response message
697contains bits corresponding to which schemes it has available.
698Both server and client match the received bits with their own
699and select a common scheme.
700
701Following the principle that time is a public value,
702a server responds to any client packet that matches
703its cryptotype capabilities.
704Thus, a server receiving
705an unauthenticated packet will respond with an unauthenticated
706packet, while the same server receiving a packet of a cryptotype
707it supports will respond with packets of that cryptotype.
708However, unconfigured broadcast or manycast client
709associations or symmetric passive associations will not be
710mobilized unless the server supports a cryptotype compatible
711with the first packet received.
712By default, unauthenticated associations will not be mobilized
713unless overridden in a decidedly dangerous way.
714
715Some examples may help to reduce confusion.
716Client Alice has no specific cryptotype selected.
717Server Bob has both a symmetric key file and minimal Autokey files.
718Alice's unauthenticated messages arrive at Bob, who replies with
719unauthenticated messages.
720Cathy has a copy of Bob's symmetric
721key file and has selected key ID 4 in messages to Bob.
722Bob verifies the message with his key ID 4.
723If it's the
724same key and the message is verified, Bob sends Cathy a reply
725authenticated with that key.
726If verification fails,
727Bob sends Cathy a thing called a crypto-NAK, which tells her
728something broke.
729She can see the evidence using the
730@code{ntpq(1ntpqmdoc)}
731program.
732
733Denise has rolled her own host key and certificate.
734She also uses one of the identity schemes as Bob.
735She sends the first Autokey message to Bob and they
736both dance the protocol authentication and identity steps.
737If all comes out okay, Denise and Bob continue as described above.
738
739It should be clear from the above that Bob can support
740all the girls at the same time, as long as he has compatible
741authentication and identity credentials.
742Now, Bob can act just like the girls in his own choice of servers;
743he can run multiple configured associations with multiple different
744servers (or the same server, although that might not be useful).
745But, wise security policy might preclude some cryptotype
746combinations; for instance, running an identity scheme
747with one server and no authentication with another might not be wise.
748@subsubsection Key Management
749The cryptographic values used by the Autokey protocol are
750incorporated as a set of files generated by the
751@code{ntp-keygen(1ntpkeygenmdoc)}
752utility program, including symmetric key, host key and
753public certificate files, as well as sign key, identity parameters
754and leapseconds files.
755Alternatively, host and sign keys and
756certificate files can be generated by the OpenSSL utilities
757and certificates can be imported from public certificate
758authorities.
759Note that symmetric keys are necessary for the
760@code{ntpq(1ntpqmdoc)}
761and
762@code{ntpdc(1ntpdcmdoc)}
763utility programs.
764The remaining files are necessary only for the
765Autokey protocol.
766
767Certificates imported from OpenSSL or public certificate
768authorities have certian limitations.
769The certificate should be in ASN.1 syntax, X.509 Version 3
770format and encoded in PEM, which is the same format
771used by OpenSSL.
772The overall length of the certificate encoded
773in ASN.1 must not exceed 1024 bytes.
774The subject distinguished
775name field (CN) is the fully qualified name of the host
776on which it is used; the remaining subject fields are ignored.
777The certificate extension fields must not contain either
778a subject key identifier or a issuer key identifier field;
779however, an extended key usage field for a trusted host must
780contain the value
781@code{trustRoot};.
782Other extension fields are ignored.
783@subsubsection Authentication Commands
784@table @asis
785@item @code{autokey} @code{[@kbd{logsec}]}
786Specifies the interval between regenerations of the session key
787list used with the Autokey protocol.
788Note that the size of the key
789list for each association depends on this interval and the current
790poll interval.
791The default value is 12 (4096 s or about 1.1 hours).
792For poll intervals above the specified interval, a session key list
793with a single entry will be regenerated for every message
794sent.
795@item @code{controlkey} @kbd{key}
796Specifies the key identifier to use with the
797@code{ntpq(1ntpqmdoc)}
798utility, which uses the standard
799protocol defined in RFC-1305.
800The
801@kbd{key}
802argument is
803the key identifier for a trusted key, where the value can be in the
804range 1 to 65,534, inclusive.
805@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]}
806This command requires the OpenSSL library.
807It activates public key
808cryptography, selects the message digest and signature
809encryption scheme and loads the required private and public
810values described above.
811If one or more files are left unspecified,
812the default names are used as described above.
813Unless the complete path and name of the file are specified, the
814location of a file is relative to the keys directory specified
815in the
816@code{keysdir}
817command or default
818@file{/usr/local/etc}.
819Following are the subcommands:
820@table @asis
821@item @code{cert} @kbd{file}
822Specifies the location of the required host public certificate file.
823This overrides the link
824@file{ntpkey_cert_}@kbd{hostname}
825in the keys directory.
826@item @code{gqpar} @kbd{file}
827Specifies the location of the optional GQ parameters file.
828This
829overrides the link
830@file{ntpkey_gq_}@kbd{hostname}
831in the keys directory.
832@item @code{host} @kbd{file}
833Specifies the location of the required host key file.
834This overrides
835the link
836@file{ntpkey_key_}@kbd{hostname}
837in the keys directory.
838@item @code{iffpar} @kbd{file}
839Specifies the location of the optional IFF parameters file.This
840overrides the link
841@file{ntpkey_iff_}@kbd{hostname}
842in the keys directory.
843@item @code{leap} @kbd{file}
844Specifies the location of the optional leapsecond file.
845This overrides the link
846@file{ntpkey_leap}
847in the keys directory.
848@item @code{mvpar} @kbd{file}
849Specifies the location of the optional MV parameters file.
850This
851overrides the link
852@file{ntpkey_mv_}@kbd{hostname}
853in the keys directory.
854@item @code{pw} @kbd{password}
855Specifies the password to decrypt files containing private keys and
856identity parameters.
857This is required only if these files have been
858encrypted.
859@item @code{randfile} @kbd{file}
860Specifies the location of the random seed file used by the OpenSSL
861library.
862The defaults are described in the main text above.
863@item @code{sign} @kbd{file}
864Specifies the location of the optional sign key file.
865This overrides
866the link
867@file{ntpkey_sign_}@kbd{hostname}
868in the keys directory.
869If this file is
870not found, the host key is also the sign key.
871@end table
872@item @code{keys} @kbd{keyfile}
873Specifies the complete path and location of the MD5 key file
874containing the keys and key identifiers used by
875@code{ntpd(1ntpdmdoc)},
876@code{ntpq(1ntpqmdoc)}
877and
878@code{ntpdc(1ntpdcmdoc)}
879when operating with symmetric key cryptography.
880This is the same operation as the
881@code{-k}
882command line option.
883@item @code{keysdir} @kbd{path}
884This command specifies the default directory path for
885cryptographic keys, parameters and certificates.
886The default is
887@file{/usr/local/etc/}.
888@item @code{requestkey} @kbd{key}
889Specifies the key identifier to use with the
890@code{ntpdc(1ntpdcmdoc)}
891utility program, which uses a
892proprietary protocol specific to this implementation of
893@code{ntpd(1ntpdmdoc)}.
894The
895@kbd{key}
896argument is a key identifier
897for the trusted key, where the value can be in the range 1 to
89865,534, inclusive.
899@item @code{revoke} @kbd{logsec}
900Specifies the interval between re-randomization of certain
901cryptographic values used by the Autokey scheme, as a power of 2 in
902seconds.
903These values need to be updated frequently in order to
904deflect brute-force attacks on the algorithms of the scheme;
905however, updating some values is a relatively expensive operation.
906The default interval is 16 (65,536 s or about 18 hours).
907For poll
908intervals above the specified interval, the values will be updated
909for every message sent.
910@item @code{trustedkey} @kbd{key} @kbd{...}
911Specifies the key identifiers which are trusted for the
912purposes of authenticating peers with symmetric key cryptography,
913as well as keys used by the
914@code{ntpq(1ntpqmdoc)}
915and
916@code{ntpdc(1ntpdcmdoc)}
917programs.
918The authentication procedures require that both the local
919and remote servers share the same key and key identifier for this
920purpose, although different keys can be used with different
921servers.
922The
923@kbd{key}
924arguments are 32-bit unsigned
925integers with values from 1 to 65,534.
926@end table
927@subsubsection Error Codes
928The following error codes are reported via the NTP control
929and monitoring protocol trap mechanism.
930@table @asis
931@item 101
932(bad field format or length)
933The packet has invalid version, length or format.
934@item 102
935(bad timestamp)
936The packet timestamp is the same or older than the most recent received.
937This could be due to a replay or a server clock time step.
938@item 103
939(bad filestamp)
940The packet filestamp is the same or older than the most recent received.
941This could be due to a replay or a key file generation error.
942@item 104
943(bad or missing public key)
944The public key is missing, has incorrect format or is an unsupported type.
945@item 105
946(unsupported digest type)
947The server requires an unsupported digest/signature scheme.
948@item 106
949(mismatched digest types)
950Not used.
951@item 107
952(bad signature length)
953The signature length does not match the current public key.
954@item 108
955(signature not verified)
956The message fails the signature check.
957It could be bogus or signed by a
958different private key.
959@item 109
960(certificate not verified)
961The certificate is invalid or signed with the wrong key.
962@item 110
963(certificate not verified)
964The certificate is not yet valid or has expired or the signature could not
965be verified.
966@item 111
967(bad or missing cookie)
968The cookie is missing, corrupted or bogus.
969@item 112
970(bad or missing leapseconds table)
971The leapseconds table is missing, corrupted or bogus.
972@item 113
973(bad or missing certificate)
974The certificate is missing, corrupted or bogus.
975@item 114
976(bad or missing identity)
977The identity key is missing, corrupt or bogus.
978@end table
979@node Monitoring Support
980@subsection Monitoring Support
981@code{ntpd(1ntpdmdoc)}
982includes a comprehensive monitoring facility suitable
983for continuous, long term recording of server and client
984timekeeping performance.
985See the
986@code{statistics}
987command below
988for a listing and example of each type of statistics currently
989supported.
990Statistic files are managed using file generation sets
991and scripts in the
992@file{./scripts}
993directory of this distribution.
994Using
995these facilities and
996@sc{unix}
997@code{cron(8)}
998jobs, the data can be
999automatically summarized and archived for retrospective analysis.
1000@subsubsection Monitoring Commands
1001@table @asis
1002@item @code{statistics} @kbd{name} @kbd{...}
1003Enables writing of statistics records.
1004Currently, eight kinds of
1005@kbd{name}
1006statistics are supported.
1007@table @asis
1008@item @code{clockstats}
1009Enables recording of clock driver statistics information.
1010Each update
1011received from a clock driver appends a line of the following form to
1012the file generation set named
1013@code{clockstats}:
1014@verbatim
101549213 525.624 127.127.4.1 93 226 00:08:29.606 D
1016@end verbatim
1017
1018The first two fields show the date (Modified Julian Day) and time
1019(seconds and fraction past UTC midnight).
1020The next field shows the
1021clock address in dotted-quad notation.
1022The final field shows the last
1023timecode received from the clock in decoded ASCII format, where
1024meaningful.
1025In some clock drivers a good deal of additional information
1026can be gathered and displayed as well.
1027See information specific to each
1028clock for further details.
1029@item @code{cryptostats}
1030This option requires the OpenSSL cryptographic software library.
1031It
1032enables recording of cryptographic public key protocol information.
1033Each message received by the protocol module appends a line of the
1034following form to the file generation set named
1035@code{cryptostats}:
1036@verbatim
103749213 525.624 127.127.4.1 message
1038@end verbatim
1039
1040The first two fields show the date (Modified Julian Day) and time
1041(seconds and fraction past UTC midnight).
1042The next field shows the peer
1043address in dotted-quad notation, The final message field includes the
1044message type and certain ancillary information.
1045See the
1046@ref{Authentication Options}
1047section for further information.
1048@item @code{loopstats}
1049Enables recording of loop filter statistics information.
1050Each
1051update of the local clock outputs a line of the following form to
1052the file generation set named
1053@code{loopstats}:
1054@verbatim
105550935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
1056@end verbatim
1057
1058The first two fields show the date (Modified Julian Day) and
1059time (seconds and fraction past UTC midnight).
1060The next five fields
1061show time offset (seconds), frequency offset (parts per million -
1062PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
1063discipline time constant.
1064@item @code{peerstats}
1065Enables recording of peer statistics information.
1066This includes
1067statistics records of all peers of a NTP server and of special
1068signals, where present and configured.
1069Each valid update appends a
1070line of the following form to the current element of a file
1071generation set named
1072@code{peerstats}:
1073@verbatim
107448773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
1075@end verbatim
1076
1077The first two fields show the date (Modified Julian Day) and
1078time (seconds and fraction past UTC midnight).
1079The next two fields
1080show the peer address in dotted-quad notation and status,
1081respectively.
1082The status field is encoded in hex in the format
1083described in Appendix A of the NTP specification RFC 1305.
1084The final four fields show the offset,
1085delay, dispersion and RMS jitter, all in seconds.
1086@item @code{rawstats}
1087Enables recording of raw-timestamp statistics information.
1088This
1089includes statistics records of all peers of a NTP server and of
1090special signals, where present and configured.
1091Each NTP message
1092received from a peer or clock driver appends a line of the
1093following form to the file generation set named
1094@code{rawstats}:
1095@verbatim
109650928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
1097@end verbatim
1098
1099The first two fields show the date (Modified Julian Day) and
1100time (seconds and fraction past UTC midnight).
1101The next two fields
1102show the remote peer or clock address followed by the local address
1103in dotted-quad notation.
1104The final four fields show the originate,
1105receive, transmit and final NTP timestamps in order.
1106The timestamp
1107values are as received and before processing by the various data
1108smoothing and mitigation algorithms.
1109@item @code{sysstats}
1110Enables recording of ntpd statistics counters on a periodic basis.
1111Each
1112hour a line of the following form is appended to the file generation
1113set named
1114@code{sysstats}:
1115@verbatim
111650928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
1117@end verbatim
1118
1119The first two fields show the date (Modified Julian Day) and time
1120(seconds and fraction past UTC midnight).
1121The remaining ten fields show
1122the statistics counter values accumulated since the last generated
1123line.
1124@table @asis
1125@item Time since restart @code{36000}
1126Time in hours since the system was last rebooted.
1127@item Packets received @code{81965}
1128Total number of packets received.
1129@item Packets processed @code{0}
1130Number of packets received in response to previous packets sent
1131@item Current version @code{9546}
1132Number of packets matching the current NTP version.
1133@item Previous version @code{56}
1134Number of packets matching the previous NTP version.
1135@item Bad version @code{71793}
1136Number of packets matching neither NTP version.
1137@item Access denied @code{512}
1138Number of packets denied access for any reason.
1139@item Bad length or format @code{540}
1140Number of packets with invalid length, format or port number.
1141@item Bad authentication @code{10}
1142Number of packets not verified as authentic.
1143@item Rate exceeded @code{147}
1144Number of packets discarded due to rate limitation.
1145@end table
1146@item @code{statsdir} @kbd{directory_path}
1147Indicates the full path of a directory where statistics files
1148should be created (see below).
1149This keyword allows
1150the (otherwise constant)
1151@code{filegen}
1152filename prefix to be modified for file generation sets, which
1153is useful for handling statistics logs.
1154@item @code{filegen} @kbd{name} @code{[@code{file} @kbd{filename}]} @code{[@code{type} @kbd{typename}]} @code{[@code{link} | @code{nolink}]} @code{[@code{enable} | @code{disable}]}
1155Configures setting of generation file set name.
1156Generation
1157file sets provide a means for handling files that are
1158continuously growing during the lifetime of a server.
1159Server statistics are a typical example for such files.
1160Generation file sets provide access to a set of files used
1161to store the actual data.
1162At any time at most one element
1163of the set is being written to.
1164The type given specifies
1165when and how data will be directed to a new element of the set.
1166This way, information stored in elements of a file set
1167that are currently unused are available for administrational
1168operations without the risk of disturbing the operation of ntpd.
1169(Most important: they can be removed to free space for new data
1170produced.)
1171
1172Note that this command can be sent from the
1173@code{ntpdc(1ntpdcmdoc)}
1174program running at a remote location.
1175@table @asis
1176@item @code{name}
1177This is the type of the statistics records, as shown in the
1178@code{statistics}
1179command.
1180@item @code{file} @kbd{filename}
1181This is the file name for the statistics records.
1182Filenames of set
1183members are built from three concatenated elements
1184@code{prefix},
1185@code{filename}
1186and
1187@code{suffix}:
1188@table @asis
1189@item @code{prefix}
1190This is a constant filename path.
1191It is not subject to
1192modifications via the
1193@kbd{filegen}
1194option.
1195It is defined by the
1196server, usually specified as a compile-time constant.
1197It may,
1198however, be configurable for individual file generation sets
1199via other commands.
1200For example, the prefix used with
1201@kbd{loopstats}
1202and
1203@kbd{peerstats}
1204generation can be configured using the
1205@kbd{statsdir}
1206option explained above.
1207@item @code{filename}
1208This string is directly concatenated to the prefix mentioned
1209above (no intervening
1210@quoteleft{}/@quoteright{}).
1211This can be modified using
1212the file argument to the
1213@kbd{filegen}
1214statement.
1215No
1216@file{..}
1217elements are
1218allowed in this component to prevent filenames referring to
1219parts outside the filesystem hierarchy denoted by
1220@kbd{prefix}.
1221@item @code{suffix}
1222This part is reflects individual elements of a file set.
1223It is
1224generated according to the type of a file set.
1225@end table
1226@item @code{type} @kbd{typename}
1227A file generation set is characterized by its type.
1228The following
1229types are supported:
1230@table @asis
1231@item @code{none}
1232The file set is actually a single plain file.
1233@item @code{pid}
1234One element of file set is used per incarnation of a ntpd
1235server.
1236This type does not perform any changes to file set
1237members during runtime, however it provides an easy way of
1238separating files belonging to different
1239@code{ntpd(1ntpdmdoc)}
1240server incarnations.
1241The set member filename is built by appending a
1242@quoteleft{}.@quoteright{}
1243to concatenated
1244@kbd{prefix}
1245and
1246@kbd{filename}
1247strings, and
1248appending the decimal representation of the process ID of the
1249@code{ntpd(1ntpdmdoc)}
1250server process.
1251@item @code{day}
1252One file generation set element is created per day.
1253A day is
1254defined as the period between 00:00 and 24:00 UTC.
1255The file set
1256member suffix consists of a
1257@quoteleft{}.@quoteright{}
1258and a day specification in
1259the form
1260@code{YYYYMMdd}.
1261@code{YYYY}
1262is a 4-digit year number (e.g., 1992).
1263@code{MM}
1264is a two digit month number.
1265@code{dd}
1266is a two digit day number.
1267Thus, all information written at 10 December 1992 would end up
1268in a file named
1269@kbd{prefix}
1270@kbd{filename}.19921210.
1271@item @code{week}
1272Any file set member contains data related to a certain week of
1273a year.
1274The term week is defined by computing day-of-year
1275modulo 7.
1276Elements of such a file generation set are
1277distinguished by appending the following suffix to the file set
1278filename base: A dot, a 4-digit year number, the letter
1279@code{W},
1280and a 2-digit week number.
1281For example, information from January,
128210th 1992 would end up in a file with suffix
1283.No . Ns Ar 1992W1 .
1284@item @code{month}
1285One generation file set element is generated per month.
1286The
1287file name suffix consists of a dot, a 4-digit year number, and
1288a 2-digit month.
1289@item @code{year}
1290One generation file element is generated per year.
1291The filename
1292suffix consists of a dot and a 4 digit year number.
1293@item @code{age}
1294This type of file generation sets changes to a new element of
1295the file set every 24 hours of server operation.
1296The filename
1297suffix consists of a dot, the letter
1298@code{a},
1299and an 8-digit number.
1300This number is taken to be the number of seconds the server is
1301running at the start of the corresponding 24-hour period.
1302Information is only written to a file generation by specifying
1303@code{enable};
1304output is prevented by specifying
1305@code{disable}.
1306@end table
1307@item @code{link} | @code{nolink}
1308It is convenient to be able to access the current element of a file
1309generation set by a fixed name.
1310This feature is enabled by
1311specifying
1312@code{link}
1313and disabled using
1314@code{nolink}.
1315If link is specified, a
1316hard link from the current file set element to a file without
1317suffix is created.
1318When there is already a file with this name and
1319the number of links of this file is one, it is renamed appending a
1320dot, the letter
1321@code{C},
1322and the pid of the ntpd server process.
1323When the
1324number of links is greater than one, the file is unlinked.
1325This
1326allows the current file to be accessed by a constant name.
1327@item @code{enable} @code{|} @code{disable}
1328Enables or disables the recording function.
1329@end table
1330@end table
1331@end table
1332@node Access Control Support
1333@subsection Access Control Support
1334The
1335@code{ntpd(1ntpdmdoc)}
1336daemon implements a general purpose address/mask based restriction
1337list.
1338The list contains address/match entries sorted first
1339by increasing address values and and then by increasing mask values.
1340A match occurs when the bitwise AND of the mask and the packet
1341source address is equal to the bitwise AND of the mask and
1342address in the list.
1343The list is searched in order with the
1344last match found defining the restriction flags associated
1345with the entry.
1346Additional information and examples can be found in the
1347"Notes on Configuring NTP and Setting up a NTP Subnet"
1348page
1349(available as part of the HTML documentation
1350provided in
1351@file{/usr/share/doc/ntp}).
1352
1353The restriction facility was implemented in conformance
1354with the access policies for the original NSFnet backbone
1355time servers.
1356Later the facility was expanded to deflect
1357cryptographic and clogging attacks.
1358While this facility may
1359be useful for keeping unwanted or broken or malicious clients
1360from congesting innocent servers, it should not be considered
1361an alternative to the NTP authentication facilities.
1362Source address based restrictions are easily circumvented
1363by a determined cracker.
1364
1365Clients can be denied service because they are explicitly
1366included in the restrict list created by the restrict command
1367or implicitly as the result of cryptographic or rate limit
1368violations.
1369Cryptographic violations include certificate
1370or identity verification failure; rate limit violations generally
1371result from defective NTP implementations that send packets
1372at abusive rates.
1373Some violations cause denied service
1374only for the offending packet, others cause denied service
1375for a timed period and others cause the denied service for
1376an indefinate period.
1377When a client or network is denied access
1378for an indefinate period, the only way at present to remove
1379the restrictions is by restarting the server.
1380@subsubsection The Kiss-of-Death Packet
1381Ordinarily, packets denied service are simply dropped with no
1382further action except incrementing statistics counters.
1383Sometimes a
1384more proactive response is needed, such as a server message that
1385explicitly requests the client to stop sending and leave a message
1386for the system operator.
1387A special packet format has been created
1388for this purpose called the "kiss-of-death" (KoD) packet.
1389KoD packets have the leap bits set unsynchronized and stratum set
1390to zero and the reference identifier field set to a four-byte
1391ASCII code.
1392If the
1393@code{noserve}
1394or
1395@code{notrust}
1396flag of the matching restrict list entry is set,
1397the code is "DENY"; if the
1398@code{limited}
1399flag is set and the rate limit
1400is exceeded, the code is "RATE".
1401Finally, if a cryptographic violation occurs, the code is "CRYP".
1402
1403A client receiving a KoD performs a set of sanity checks to
1404minimize security exposure, then updates the stratum and
1405reference identifier peer variables, sets the access
1406denied (TEST4) bit in the peer flash variable and sends
1407a message to the log.
1408As long as the TEST4 bit is set,
1409the client will send no further packets to the server.
1410The only way at present to recover from this condition is
1411to restart the protocol at both the client and server.
1412This
1413happens automatically at the client when the association times out.
1414It will happen at the server only if the server operator cooperates.
1415@subsubsection Access Control Commands
1416@table @asis
1417@item @code{discard} @code{[@code{average} @kbd{avg}]} @code{[@code{minimum} @kbd{min}]} @code{[@code{monitor} @kbd{prob}]}
1418Set the parameters of the
1419@code{limited}
1420facility which protects the server from
1421client abuse.
1422The
1423@code{average}
1424subcommand specifies the minimum average packet
1425spacing, while the
1426@code{minimum}
1427subcommand specifies the minimum packet spacing.
1428Packets that violate these minima are discarded
1429and a kiss-o'-death packet returned if enabled.
1430The default
1431minimum average and minimum are 5 and 2, respectively.
1432The monitor subcommand specifies the probability of discard
1433for packets that overflow the rate-control window.
1434@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@kbd{flag} @kbd{...}]}
1435The
1436@kbd{address}
1437argument expressed in
1438dotted-quad form is the address of a host or network.
1439Alternatively, the
1440@kbd{address}
1441argument can be a valid host DNS name.
1442The
1443@kbd{mask}
1444argument expressed in dotted-quad form defaults to
1445@code{255.255.255.255},
1446meaning that the
1447@kbd{address}
1448is treated as the address of an individual host.
1449A default entry (address
1450@code{0.0.0.0},
1451mask
1452@code{0.0.0.0})
1453is always included and is always the first entry in the list.
1454Note that text string
1455@code{default},
1456with no mask option, may
1457be used to indicate the default entry.
1458In the current implementation,
1459@code{flag}
1460always
1461restricts access, i.e., an entry with no flags indicates that free
1462access to the server is to be given.
1463The flags are not orthogonal,
1464in that more restrictive flags will often make less restrictive
1465ones redundant.
1466The flags can generally be classed into two
1467categories, those which restrict time service and those which
1468restrict informational queries and attempts to do run-time
1469reconfiguration of the server.
1470One or more of the following flags
1471may be specified:
1472@table @asis
1473@item @code{ignore}
1474Deny packets of all kinds, including
1475@code{ntpq(1ntpqmdoc)}
1476and
1477@code{ntpdc(1ntpdcmdoc)}
1478queries.
1479@item @code{kod}
1480If this flag is set when an access violation occurs, a kiss-o'-death
1481(KoD) packet is sent.
1482KoD packets are rate limited to no more than one
1483per second.
1484If another KoD packet occurs within one second after the
1485last one, the packet is dropped.
1486@item @code{limited}
1487Deny service if the packet spacing violates the lower limits specified
1488in the discard command.
1489A history of clients is kept using the
1490monitoring capability of
1491@code{ntpd(1ntpdmdoc)}.
1492Thus, monitoring is always active as
1493long as there is a restriction entry with the
1494@code{limited}
1495flag.
1496@item @code{lowpriotrap}
1497Declare traps set by matching hosts to be low priority.
1498The
1499number of traps a server can maintain is limited (the current limit
1500is 3).
1501Traps are usually assigned on a first come, first served
1502basis, with later trap requestors being denied service.
1503This flag
1504modifies the assignment algorithm by allowing low priority traps to
1505be overridden by later requests for normal priority traps.
1506@item @code{nomodify}
1507Deny
1508@code{ntpq(1ntpqmdoc)}
1509and
1510@code{ntpdc(1ntpdcmdoc)}
1511queries which attempt to modify the state of the
1512server (i.e., run time reconfiguration).
1513Queries which return
1514information are permitted.
1515@item @code{noquery}
1516Deny
1517@code{ntpq(1ntpqmdoc)}
1518and
1519@code{ntpdc(1ntpdcmdoc)}
1520queries.
1521Time service is not affected.
1522@item @code{nopeer}
1523Deny packets which would result in mobilizing a new association.
1524This
1525includes broadcast and symmetric active packets when a configured
1526association does not exist.
1527It also includes
1528@code{pool}
1529associations, so if you want to use servers from a
1530@code{pool}
1531directive and also want to use
1532@code{nopeer}
1533by default, you'll want a
1534@code{restrict source ...} @code{line} @code{as} @code{well} @code{that} @code{does}
1535@item not
1536include the
1537@code{nopeer}
1538directive.
1539@item @code{noserve}
1540Deny all packets except
1541@code{ntpq(1ntpqmdoc)}
1542and
1543@code{ntpdc(1ntpdcmdoc)}
1544queries.
1545@item @code{notrap}
1546Decline to provide mode 6 control message trap service to matching
1547hosts.
1548The trap service is a subsystem of the ntpdq control message
1549protocol which is intended for use by remote event logging programs.
1550@item @code{notrust}
1551Deny service unless the packet is cryptographically authenticated.
1552@item @code{ntpport}
1553This is actually a match algorithm modifier, rather than a
1554restriction flag.
1555Its presence causes the restriction entry to be
1556matched only if the source port in the packet is the standard NTP
1557UDP port (123).
1558Both
1559@code{ntpport}
1560and
1561@code{non-ntpport}
1562may
1563be specified.
1564The
1565@code{ntpport}
1566is considered more specific and
1567is sorted later in the list.
1568@item @code{version}
1569Deny packets that do not match the current NTP version.
1570@end table
1571
1572Default restriction list entries with the flags ignore, interface,
1573ntpport, for each of the local host's interface addresses are
1574inserted into the table at startup to prevent the server
1575from attempting to synchronize to its own time.
1576A default entry is also always present, though if it is
1577otherwise unconfigured; no flags are associated
1578with the default entry (i.e., everything besides your own
1579NTP server is unrestricted).
1580@end table
1581@node Automatic NTP Configuration Options
1582@subsection Automatic NTP Configuration Options
1583@subsubsection Manycasting
1584Manycasting is a automatic discovery and configuration paradigm
1585new to NTPv4.
1586It is intended as a means for a multicast client
1587to troll the nearby network neighborhood to find cooperating
1588manycast servers, validate them using cryptographic means
1589and evaluate their time values with respect to other servers
1590that might be lurking in the vicinity.
1591The intended result is that each manycast client mobilizes
1592client associations with some number of the "best"
1593of the nearby manycast servers, yet automatically reconfigures
1594to sustain this number of servers should one or another fail.
1595
1596Note that the manycasting paradigm does not coincide
1597with the anycast paradigm described in RFC-1546,
1598which is designed to find a single server from a clique
1599of servers providing the same service.
1600The manycast paradigm is designed to find a plurality
1601of redundant servers satisfying defined optimality criteria.
1602
1603Manycasting can be used with either symmetric key
1604or public key cryptography.
1605The public key infrastructure (PKI)
1606offers the best protection against compromised keys
1607and is generally considered stronger, at least with relatively
1608large key sizes.
1609It is implemented using the Autokey protocol and
1610the OpenSSL cryptographic library available from
1611@code{http://www.openssl.org/}.
1612The library can also be used with other NTPv4 modes
1613as well and is highly recommended, especially for broadcast modes.
1614
1615A persistent manycast client association is configured
1616using the manycastclient command, which is similar to the
1617server command but with a multicast (IPv4 class
1618@code{D}
1619or IPv6 prefix
1620@code{FF})
1621group address.
1622The IANA has designated IPv4 address 224.1.1.1
1623and IPv6 address FF05::101 (site local) for NTP.
1624When more servers are needed, it broadcasts manycast
1625client messages to this address at the minimum feasible rate
1626and minimum feasible time-to-live (TTL) hops, depending
1627on how many servers have already been found.
1628There can be as many manycast client associations
1629as different group address, each one serving as a template
1630for a future ephemeral unicast client/server association.
1631
1632Manycast servers configured with the
1633@code{manycastserver}
1634command listen on the specified group address for manycast
1635client messages.
1636Note the distinction between manycast client,
1637which actively broadcasts messages, and manycast server,
1638which passively responds to them.
1639If a manycast server is
1640in scope of the current TTL and is itself synchronized
1641to a valid source and operating at a stratum level equal
1642to or lower than the manycast client, it replies to the
1643manycast client message with an ordinary unicast server message.
1644
1645The manycast client receiving this message mobilizes
1646an ephemeral client/server association according to the
1647matching manycast client template, but only if cryptographically
1648authenticated and the server stratum is less than or equal
1649to the client stratum.
1650Authentication is explicitly required
1651and either symmetric key or public key (Autokey) can be used.
1652Then, the client polls the server at its unicast address
1653in burst mode in order to reliably set the host clock
1654and validate the source.
1655This normally results
1656in a volley of eight client/server at 2-s intervals
1657during which both the synchronization and cryptographic
1658protocols run concurrently.
1659Following the volley,
1660the client runs the NTP intersection and clustering
1661algorithms, which act to discard all but the "best"
1662associations according to stratum and synchronization
1663distance.
1664The surviving associations then continue
1665in ordinary client/server mode.
1666
1667The manycast client polling strategy is designed to reduce
1668as much as possible the volume of manycast client messages
1669and the effects of implosion due to near-simultaneous
1670arrival of manycast server messages.
1671The strategy is determined by the
1672@code{manycastclient},
1673@code{tos}
1674and
1675@code{ttl}
1676configuration commands.
1677The manycast poll interval is
1678normally eight times the system poll interval,
1679which starts out at the
1680@code{minpoll}
1681value specified in the
1682@code{manycastclient},
1683command and, under normal circumstances, increments to the
1684@code{maxpolll}
1685value specified in this command.
1686Initially, the TTL is
1687set at the minimum hops specified by the ttl command.
1688At each retransmission the TTL is increased until reaching
1689the maximum hops specified by this command or a sufficient
1690number client associations have been found.
1691Further retransmissions use the same TTL.
1692
1693The quality and reliability of the suite of associations
1694discovered by the manycast client is determined by the NTP
1695mitigation algorithms and the
1696@code{minclock}
1697and
1698@code{minsane}
1699values specified in the
1700@code{tos}
1701configuration command.
1702At least
1703@code{minsane}
1704candidate servers must be available and the mitigation
1705algorithms produce at least
1706@code{minclock}
1707survivors in order to synchronize the clock.
1708Byzantine agreement principles require at least four
1709candidates in order to correctly discard a single falseticker.
1710For legacy purposes,
1711@code{minsane}
1712defaults to 1 and
1713@code{minclock}
1714defaults to 3.
1715For manycast service
1716@code{minsane}
1717should be explicitly set to 4, assuming at least that
1718number of servers are available.
1719
1720If at least
1721@code{minclock}
1722servers are found, the manycast poll interval is immediately
1723set to eight times
1724@code{maxpoll}.
1725If less than
1726@code{minclock}
1727servers are found when the TTL has reached the maximum hops,
1728the manycast poll interval is doubled.
1729For each transmission
1730after that, the poll interval is doubled again until
1731reaching the maximum of eight times
1732@code{maxpoll}.
1733Further transmissions use the same poll interval and
1734TTL values.
1735Note that while all this is going on,
1736each client/server association found is operating normally
1737it the system poll interval.
1738
1739Administratively scoped multicast boundaries are normally
1740specified by the network router configuration and,
1741in the case of IPv6, the link/site scope prefix.
1742By default, the increment for TTL hops is 32 starting
1743from 31; however, the
1744@code{ttl}
1745configuration command can be
1746used to modify the values to match the scope rules.
1747
1748It is often useful to narrow the range of acceptable
1749servers which can be found by manycast client associations.
1750Because manycast servers respond only when the client
1751stratum is equal to or greater than the server stratum,
1752primary (stratum 1) servers fill find only primary servers
1753in TTL range, which is probably the most common objective.
1754However, unless configured otherwise, all manycast clients
1755in TTL range will eventually find all primary servers
1756in TTL range, which is probably not the most common
1757objective in large networks.
1758The
1759@code{tos}
1760command can be used to modify this behavior.
1761Servers with stratum below
1762@code{floor}
1763or above
1764@code{ceiling}
1765specified in the
1766@code{tos}
1767command are strongly discouraged during the selection
1768process; however, these servers may be temporally
1769accepted if the number of servers within TTL range is
1770less than
1771@code{minclock}.
1772
1773The above actions occur for each manycast client message,
1774which repeats at the designated poll interval.
1775However, once the ephemeral client association is mobilized,
1776subsequent manycast server replies are discarded,
1777since that would result in a duplicate association.
1778If during a poll interval the number of client associations
1779falls below
1780@code{minclock},
1781all manycast client prototype associations are reset
1782to the initial poll interval and TTL hops and operation
1783resumes from the beginning.
1784It is important to avoid
1785frequent manycast client messages, since each one requires
1786all manycast servers in TTL range to respond.
1787The result could well be an implosion, either minor or major,
1788depending on the number of servers in range.
1789The recommended value for
1790@code{maxpoll}
1791is 12 (4,096 s).
1792
1793It is possible and frequently useful to configure a host
1794as both manycast client and manycast server.
1795A number of hosts configured this way and sharing a common
1796group address will automatically organize themselves
1797in an optimum configuration based on stratum and
1798synchronization distance.
1799For example, consider an NTP
1800subnet of two primary servers and a hundred or more
1801dependent clients.
1802With two exceptions, all servers
1803and clients have identical configuration files including both
1804@code{multicastclient}
1805and
1806@code{multicastserver}
1807commands using, for instance, multicast group address
1808239.1.1.1.
1809The only exception is that each primary server
1810configuration file must include commands for the primary
1811reference source such as a GPS receiver.
1812
1813The remaining configuration files for all secondary
1814servers and clients have the same contents, except for the
1815@code{tos}
1816command, which is specific for each stratum level.
1817For stratum 1 and stratum 2 servers, that command is
1818not necessary.
1819For stratum 3 and above servers the
1820@code{floor}
1821value is set to the intended stratum number.
1822Thus, all stratum 3 configuration files are identical,
1823all stratum 4 files are identical and so forth.
1824
1825Once operations have stabilized in this scenario,
1826the primary servers will find the primary reference source
1827and each other, since they both operate at the same
1828stratum (1), but not with any secondary server or client,
1829since these operate at a higher stratum.
1830The secondary
1831servers will find the servers at the same stratum level.
1832If one of the primary servers loses its GPS receiver,
1833it will continue to operate as a client and other clients
1834will time out the corresponding association and
1835re-associate accordingly.
1836
1837Some administrators prefer to avoid running
1838@code{ntpd(1ntpdmdoc)}
1839continuously and run either
1840@code{sntp(1sntpmdoc)}
1841or
1842@code{ntpd(1ntpdmdoc)}
1843@code{-q}
1844as a cron job.
1845In either case the servers must be
1846configured in advance and the program fails if none are
1847available when the cron job runs.
1848A really slick
1849application of manycast is with
1850@code{ntpd(1ntpdmdoc)}
1851@code{-q}.
1852The program wakes up, scans the local landscape looking
1853for the usual suspects, selects the best from among
1854the rascals, sets the clock and then departs.
1855Servers do not have to be configured in advance and
1856all clients throughout the network can have the same
1857configuration file.
1858@subsubsection Manycast Interactions with Autokey
1859Each time a manycast client sends a client mode packet
1860to a multicast group address, all manycast servers
1861in scope generate a reply including the host name
1862and status word.
1863The manycast clients then run
1864the Autokey protocol, which collects and verifies
1865all certificates involved.
1866Following the burst interval
1867all but three survivors are cast off,
1868but the certificates remain in the local cache.
1869It often happens that several complete signing trails
1870from the client to the primary servers are collected in this way.
1871
1872About once an hour or less often if the poll interval
1873exceeds this, the client regenerates the Autokey key list.
1874This is in general transparent in client/server mode.
1875However, about once per day the server private value
1876used to generate cookies is refreshed along with all
1877manycast client associations.
1878In this case all
1879cryptographic values including certificates is refreshed.
1880If a new certificate has been generated since
1881the last refresh epoch, it will automatically revoke
1882all prior certificates that happen to be in the
1883certificate cache.
1884At the same time, the manycast
1885scheme starts all over from the beginning and
1886the expanding ring shrinks to the minimum and increments
1887from there while collecting all servers in scope.
1888@subsubsection Manycast Options
1889@table @asis
1890@item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]}
1891This command affects the clock selection and clustering
1892algorithms.
1893It can be used to select the quality and
1894quantity of peers used to synchronize the system clock
1895and is most useful in manycast mode.
1896The variables operate
1897as follows:
1898@table @asis
1899@item @code{ceiling} @kbd{ceiling}
1900Peers with strata above
1901@code{ceiling}
1902will be discarded if there are at least
1903@code{minclock}
1904peers remaining.
1905This value defaults to 15, but can be changed
1906to any number from 1 to 15.
1907@item @code{cohort} @code{@{0 | 1@}}
1908This is a binary flag which enables (0) or disables (1)
1909manycast server replies to manycast clients with the same
1910stratum level.
1911This is useful to reduce implosions where
1912large numbers of clients with the same stratum level
1913are present.
1914The default is to enable these replies.
1915@item @code{floor} @kbd{floor}
1916Peers with strata below
1917@code{floor}
1918will be discarded if there are at least
1919@code{minclock}
1920peers remaining.
1921This value defaults to 1, but can be changed
1922to any number from 1 to 15.
1923@item @code{minclock} @kbd{minclock}
1924The clustering algorithm repeatedly casts out outlier
1925associations until no more than
1926@code{minclock}
1927associations remain.
1928This value defaults to 3,
1929but can be changed to any number from 1 to the number of
1930configured sources.
1931@item @code{minsane} @kbd{minsane}
1932This is the minimum number of candidates available
1933to the clock selection algorithm in order to produce
1934one or more truechimers for the clustering algorithm.
1935If fewer than this number are available, the clock is
1936undisciplined and allowed to run free.
1937The default is 1
1938for legacy purposes.
1939However, according to principles of
1940Byzantine agreement,
1941@code{minsane}
1942should be at least 4 in order to detect and discard
1943a single falseticker.
1944@end table
1945@item @code{ttl} @kbd{hop} @kbd{...}
1946This command specifies a list of TTL values in increasing
1947order, up to 8 values can be specified.
1948In manycast mode these values are used in turn
1949in an expanding-ring search.
1950The default is eight
1951multiples of 32 starting at 31.
1952@end table
1953@node Reference Clock Support
1954@subsection Reference Clock Support
1955The NTP Version 4 daemon supports some three dozen different radio,
1956satellite and modem reference clocks plus a special pseudo-clock
1957used for backup or when no other clock source is available.
1958Detailed descriptions of individual device drivers and options can
1959be found in the
1960"Reference Clock Drivers"
1961page
1962(available as part of the HTML documentation
1963provided in
1964@file{/usr/share/doc/ntp}).
1965Additional information can be found in the pages linked
1966there, including the
1967"Debugging Hints for Reference Clock Drivers"
1968and
1969"How To Write a Reference Clock Driver"
1970pages
1971(available as part of the HTML documentation
1972provided in
1973@file{/usr/share/doc/ntp}).
1974In addition, support for a PPS
1975signal is available as described in the
1976"Pulse-per-second (PPS) Signal Interfacing"
1977page
1978(available as part of the HTML documentation
1979provided in
1980@file{/usr/share/doc/ntp}).
1981Many
1982drivers support special line discipline/streams modules which can
1983significantly improve the accuracy using the driver.
1984These are
1985described in the
1986"Line Disciplines and Streams Drivers"
1987page
1988(available as part of the HTML documentation
1989provided in
1990@file{/usr/share/doc/ntp}).
1991
1992A reference clock will generally (though not always) be a radio
1993timecode receiver which is synchronized to a source of standard
1994time such as the services offered by the NRC in Canada and NIST and
1995USNO in the US.
1996The interface between the computer and the timecode
1997receiver is device dependent, but is usually a serial port.
1998A
1999device driver specific to each reference clock must be selected and
2000compiled in the distribution; however, most common radio, satellite
2001and modem clocks are included by default.
2002Note that an attempt to
2003configure a reference clock when the driver has not been compiled
2004or the hardware port has not been appropriately configured results
2005in a scalding remark to the system log file, but is otherwise non
2006hazardous.
2007
2008For the purposes of configuration,
2009@code{ntpd(1ntpdmdoc)}
2010treats
2011reference clocks in a manner analogous to normal NTP peers as much
2012as possible.
2013Reference clocks are identified by a syntactically
2014correct but invalid IP address, in order to distinguish them from
2015normal NTP peers.
2016Reference clock addresses are of the form
2017@code{127.127.}@kbd{t}.@kbd{u},
2018where
2019@kbd{t}
2020is an integer
2021denoting the clock type and
2022@kbd{u}
2023indicates the unit
2024number in the range 0-3.
2025While it may seem overkill, it is in fact
2026sometimes useful to configure multiple reference clocks of the same
2027type, in which case the unit numbers must be unique.
2028
2029The
2030@code{server}
2031command is used to configure a reference
2032clock, where the
2033@kbd{address}
2034argument in that command
2035is the clock address.
2036The
2037@code{key},
2038@code{version}
2039and
2040@code{ttl}
2041options are not used for reference clock support.
2042The
2043@code{mode}
2044option is added for reference clock support, as
2045described below.
2046The
2047@code{prefer}
2048option can be useful to
2049persuade the server to cherish a reference clock with somewhat more
2050enthusiasm than other reference clocks or peers.
2051Further
2052information on this option can be found in the
2053"Mitigation Rules and the prefer Keyword"
2054(available as part of the HTML documentation
2055provided in
2056@file{/usr/share/doc/ntp})
2057page.
2058The
2059@code{minpoll}
2060and
2061@code{maxpoll}
2062options have
2063meaning only for selected clock drivers.
2064See the individual clock
2065driver document pages for additional information.
2066
2067The
2068@code{fudge}
2069command is used to provide additional
2070information for individual clock drivers and normally follows
2071immediately after the
2072@code{server}
2073command.
2074The
2075@kbd{address}
2076argument specifies the clock address.
2077The
2078@code{refid}
2079and
2080@code{stratum}
2081options can be used to
2082override the defaults for the device.
2083There are two optional
2084device-dependent time offsets and four flags that can be included
2085in the
2086@code{fudge}
2087command as well.
2088
2089The stratum number of a reference clock is by default zero.
2090Since the
2091@code{ntpd(1ntpdmdoc)}
2092daemon adds one to the stratum of each
2093peer, a primary server ordinarily displays an external stratum of
2094one.
2095In order to provide engineered backups, it is often useful to
2096specify the reference clock stratum as greater than zero.
2097The
2098@code{stratum}
2099option is used for this purpose.
2100Also, in cases
2101involving both a reference clock and a pulse-per-second (PPS)
2102discipline signal, it is useful to specify the reference clock
2103identifier as other than the default, depending on the driver.
2104The
2105@code{refid}
2106option is used for this purpose.
2107Except where noted,
2108these options apply to all clock drivers.
2109@subsubsection Reference Clock Commands
2110@table @asis
2111@item @code{server} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{prefer}]} @code{[@code{mode} @kbd{int}]} @code{[@code{minpoll} @kbd{int}]} @code{[@code{maxpoll} @kbd{int}]}
2112This command can be used to configure reference clocks in
2113special ways.
2114The options are interpreted as follows:
2115@table @asis
2116@item @code{prefer}
2117Marks the reference clock as preferred.
2118All other things being
2119equal, this host will be chosen for synchronization among a set of
2120correctly operating hosts.
2121See the
2122"Mitigation Rules and the prefer Keyword"
2123page
2124(available as part of the HTML documentation
2125provided in
2126@file{/usr/share/doc/ntp})
2127for further information.
2128@item @code{mode} @kbd{int}
2129Specifies a mode number which is interpreted in a
2130device-specific fashion.
2131For instance, it selects a dialing
2132protocol in the ACTS driver and a device subtype in the
2133parse
2134drivers.
2135@item @code{minpoll} @kbd{int}
2136@item @code{maxpoll} @kbd{int}
2137These options specify the minimum and maximum polling interval
2138for reference clock messages, as a power of 2 in seconds
2139For
2140most directly connected reference clocks, both
2141@code{minpoll}
2142and
2143@code{maxpoll}
2144default to 6 (64 s).
2145For modem reference clocks,
2146@code{minpoll}
2147defaults to 10 (17.1 m) and
2148@code{maxpoll}
2149defaults to 14 (4.5 h).
2150The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
2151@end table
2152@item @code{fudge} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{time1} @kbd{sec}]} @code{[@code{time2} @kbd{sec}]} @code{[@code{stratum} @kbd{int}]} @code{[@code{refid} @kbd{string}]} @code{[@code{mode} @kbd{int}]} @code{[@code{flag1} @code{0} @code{|} @code{1}]} @code{[@code{flag2} @code{0} @code{|} @code{1}]} @code{[@code{flag3} @code{0} @code{|} @code{1}]} @code{[@code{flag4} @code{0} @code{|} @code{1}]}
2153This command can be used to configure reference clocks in
2154special ways.
2155It must immediately follow the
2156@code{server}
2157command which configures the driver.
2158Note that the same capability
2159is possible at run time using the
2160@code{ntpdc(1ntpdcmdoc)}
2161program.
2162The options are interpreted as
2163follows:
2164@table @asis
2165@item @code{time1} @kbd{sec}
2166Specifies a constant to be added to the time offset produced by
2167the driver, a fixed-point decimal number in seconds.
2168This is used
2169as a calibration constant to adjust the nominal time offset of a
2170particular clock to agree with an external standard, such as a
2171precision PPS signal.
2172It also provides a way to correct a
2173systematic error or bias due to serial port or operating system
2174latencies, different cable lengths or receiver internal delay.
2175The
2176specified offset is in addition to the propagation delay provided
2177by other means, such as internal DIPswitches.
2178Where a calibration
2179for an individual system and driver is available, an approximate
2180correction is noted in the driver documentation pages.
2181Note: in order to facilitate calibration when more than one
2182radio clock or PPS signal is supported, a special calibration
2183feature is available.
2184It takes the form of an argument to the
2185@code{enable}
2186command described in
2187@ref{Miscellaneous Options}
2188page and operates as described in the
2189"Reference Clock Drivers"
2190page
2191(available as part of the HTML documentation
2192provided in
2193@file{/usr/share/doc/ntp}).
2194@item @code{time2} @kbd{secs}
2195Specifies a fixed-point decimal number in seconds, which is
2196interpreted in a driver-dependent way.
2197See the descriptions of
2198specific drivers in the
2199"Reference Clock Drivers"
2200page
2201(available as part of the HTML documentation
2202provided in
2203@file{/usr/share/doc/ntp}).
2204@item @code{stratum} @kbd{int}
2205Specifies the stratum number assigned to the driver, an integer
2206between 0 and 15.
2207This number overrides the default stratum number
2208ordinarily assigned by the driver itself, usually zero.
2209@item @code{refid} @kbd{string}
2210Specifies an ASCII string of from one to four characters which
2211defines the reference identifier used by the driver.
2212This string
2213overrides the default identifier ordinarily assigned by the driver
2214itself.
2215@item @code{mode} @kbd{int}
2216Specifies a mode number which is interpreted in a
2217device-specific fashion.
2218For instance, it selects a dialing
2219protocol in the ACTS driver and a device subtype in the
2220parse
2221drivers.
2222@item @code{flag1} @code{0} @code{|} @code{1}
2223@item @code{flag2} @code{0} @code{|} @code{1}
2224@item @code{flag3} @code{0} @code{|} @code{1}
2225@item @code{flag4} @code{0} @code{|} @code{1}
2226These four flags are used for customizing the clock driver.
2227The
2228interpretation of these values, and whether they are used at all,
2229is a function of the particular clock driver.
2230However, by
2231convention
2232@code{flag4}
2233is used to enable recording monitoring
2234data to the
2235@code{clockstats}
2236file configured with the
2237@code{filegen}
2238command.
2239Further information on the
2240@code{filegen}
2241command can be found in
2242@ref{Monitoring Options}.
2243@end table
2244@end table
2245@node Miscellaneous Options
2246@subsection Miscellaneous Options
2247@table @asis
2248@item @code{broadcastdelay} @kbd{seconds}
2249The broadcast and multicast modes require a special calibration
2250to determine the network delay between the local and remote
2251servers.
2252Ordinarily, this is done automatically by the initial
2253protocol exchanges between the client and server.
2254In some cases,
2255the calibration procedure may fail due to network or server access
2256controls, for example.
2257This command specifies the default delay to
2258be used under these circumstances.
2259Typically (for Ethernet), a
2260number between 0.003 and 0.007 seconds is appropriate.
2261The default
2262when this command is not used is 0.004 seconds.
2263@item @code{calldelay} @kbd{delay}
2264This option controls the delay in seconds between the first and second
2265packets sent in burst or iburst mode to allow additional time for a modem
2266or ISDN call to complete.
2267@item @code{driftfile} @kbd{driftfile}
2268This command specifies the complete path and name of the file used to
2269record the frequency of the local clock oscillator.
2270This is the same
2271operation as the
2272@code{-f}
2273command line option.
2274If the file exists, it is read at
2275startup in order to set the initial frequency and then updated once per
2276hour with the current frequency computed by the daemon.
2277If the file name is
2278specified, but the file itself does not exist, the starts with an initial
2279frequency of zero and creates the file when writing it for the first time.
2280If this command is not given, the daemon will always start with an initial
2281frequency of zero.
2282
2283The file format consists of a single line containing a single
2284floating point number, which records the frequency offset measured
2285in parts-per-million (PPM).
2286The file is updated by first writing
2287the current drift value into a temporary file and then renaming
2288this file to replace the old version.
2289This implies that
2290@code{ntpd(1ntpdmdoc)}
2291must have write permission for the directory the
2292drift file is located in, and that file system links, symbolic or
2293otherwise, should be avoided.
2294@item @code{dscp} @kbd{value}
2295This option specifies the Differentiated Services Control Point (DSCP) value,
2296a 6-bit code.  The default value is 46, signifying Expedited Forwarding.
2297@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
2298@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
2299Provides a way to enable or disable various server options.
2300Flags not mentioned are unaffected.
2301Note that all of these flags
2302can be controlled remotely using the
2303@code{ntpdc(1ntpdcmdoc)}
2304utility program.
2305@table @asis
2306@item @code{auth}
2307Enables the server to synchronize with unconfigured peers only if the
2308peer has been correctly authenticated using either public key or
2309private key cryptography.
2310The default for this flag is
2311@code{enable}.
2312@item @code{bclient}
2313Enables the server to listen for a message from a broadcast or
2314multicast server, as in the
2315@code{multicastclient}
2316command with default
2317address.
2318The default for this flag is
2319@code{disable}.
2320@item @code{calibrate}
2321Enables the calibrate feature for reference clocks.
2322The default for
2323this flag is
2324@code{disable}.
2325@item @code{kernel}
2326Enables the kernel time discipline, if available.
2327The default for this
2328flag is
2329@code{enable}
2330if support is available, otherwise
2331@code{disable}.
2332@item @code{mode7}
2333Enables processing of NTP mode 7 implementation-specific requests
2334which are used by the deprecated
2335@code{ntpdc(1ntpdcmdoc)}
2336program.
2337The default for this flag is disable.
2338This flag is excluded from runtime configuration using
2339@code{ntpq(1ntpqmdoc)}.
2340The
2341@code{ntpq(1ntpqmdoc)}
2342program provides the same capabilities as
2343@code{ntpdc(1ntpdcmdoc)}
2344using standard mode 6 requests.
2345@item @code{monitor}
2346Enables the monitoring facility.
2347See the
2348@code{ntpdc(1ntpdcmdoc)}
2349program
2350and the
2351@code{monlist}
2352command or further information.
2353The
2354default for this flag is
2355@code{enable}.
2356@item @code{ntp}
2357Enables time and frequency discipline.
2358In effect, this switch opens and
2359closes the feedback loop, which is useful for testing.
2360The default for
2361this flag is
2362@code{enable}.
2363@item @code{stats}
2364Enables the statistics facility.
2365See the
2366@ref{Monitoring Options}
2367section for further information.
2368The default for this flag is
2369@code{disable}.
2370@item @code{unpeer_crypto_early}
2371By default, if
2372@code{ntpd(1ntpdmdoc)}
2373receives an autokey packet that fails TEST9,
2374a crypto failure,
2375the association is immediately cleared.
2376This is almost certainly a feature,
2377but if, in spite of the current recommendation of not using autokey,
2378you are
2379.B still
2380using autokey
2381.B and
2382you are seeing this sort of DoS attack
2383disabling this flag will delay
2384tearing down the association until the reachability counter
2385becomes zero.
2386You can check your
2387@code{peerstats}
2388file for evidence of any of these attacks.
2389The
2390default for this flag is
2391@code{enable}.
2392@item @code{unpeer_crypto_nak_early}
2393By default, if
2394@code{ntpd(1ntpdmdoc)}
2395receives a crypto-NAK packet that
2396passes the duplicate packet and origin timestamp checks
2397the association is immediately cleared.
2398While this is generally a feature
2399as it allows for quick recovery if a server key has changed,
2400a properly forged and appropriately delivered crypto-NAK packet
2401can be used in a DoS attack.
2402If you have active noticable problems with this type of DoS attack
2403then you should consider
2404disabling this option.
2405You can check your
2406@code{peerstats}
2407file for evidence of any of these attacks.
2408The
2409default for this flag is
2410@code{enable}.
2411@item @code{unpeer_digest_early}
2412By default, if
2413@code{ntpd(1ntpdmdoc)}
2414receives what should be an authenticated packet
2415that passes other packet sanity checks but
2416contains an invalid digest
2417the association is immediately cleared.
2418While this is generally a feature
2419as it allows for quick recovery,
2420if this type of packet is carefully forged and sent
2421during an appropriate window it can be used for a DoS attack.
2422If you have active noticable problems with this type of DoS attack
2423then you should consider
2424disabling this option.
2425You can check your
2426@code{peerstats}
2427file for evidence of any of these attacks.
2428The
2429default for this flag is
2430@code{enable}.
2431@end table
2432@item @code{includefile} @kbd{includefile}
2433This command allows additional configuration commands
2434to be included from a separate file.
2435Include files may
2436be nested to a depth of five; upon reaching the end of any
2437include file, command processing resumes in the previous
2438configuration file.
2439This option is useful for sites that run
2440@code{ntpd(1ntpdmdoc)}
2441on multiple hosts, with (mostly) common options (e.g., a
2442restriction list).
2443@item @code{leapsmearinterval} @kbd{seconds}
2444This EXPERIMENTAL option is only available if
2445@code{ntpd(1ntpdmdoc)}
2446was built with the
2447@code{--enable-leap-smear}
2448option to the
2449@code{configure}
2450script.
2451It specifies the interval over which a leap second correction will be applied.
2452Recommended values for this option are between
24537200 (2 hours) and 86400 (24 hours).
2454.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS!
2455See http://bugs.ntp.org/2855 for more information.
2456@item @code{logconfig} @kbd{configkeyword}
2457This command controls the amount and type of output written to
2458the system
2459@code{syslog(3)}
2460facility or the alternate
2461@code{logfile}
2462log file.
2463By default, all output is turned on.
2464All
2465@kbd{configkeyword}
2466keywords can be prefixed with
2467@quoteleft{}=@quoteright{},
2468@quoteleft{}+@quoteright{}
2469and
2470@quoteleft{}-@quoteright{},
2471where
2472@quoteleft{}=@quoteright{}
2473sets the
2474@code{syslog(3)}
2475priority mask,
2476@quoteleft{}+@quoteright{}
2477adds and
2478@quoteleft{}-@quoteright{}
2479removes
2480messages.
2481@code{syslog(3)}
2482messages can be controlled in four
2483classes
2484(@code{clock}, @code{peer}, @code{sys} and @code{sync}).
2485Within these classes four types of messages can be
2486controlled: informational messages
2487(@code{info}),
2488event messages
2489(@code{events}),
2490statistics messages
2491(@code{statistics})
2492and
2493status messages
2494(@code{status}).
2495
2496Configuration keywords are formed by concatenating the message class with
2497the event class.
2498The
2499@code{all}
2500prefix can be used instead of a message class.
2501A
2502message class may also be followed by the
2503@code{all}
2504keyword to enable/disable all
2505messages of the respective message class.Thus, a minimal log configuration
2506could look like this:
2507@verbatim
2508logconfig =syncstatus +sysevents
2509@end verbatim
2510
2511This would just list the synchronizations state of
2512@code{ntpd(1ntpdmdoc)}
2513and the major system events.
2514For a simple reference server, the
2515following minimum message configuration could be useful:
2516@verbatim
2517logconfig =syncall +clockall
2518@end verbatim
2519
2520This configuration will list all clock information and
2521synchronization information.
2522All other events and messages about
2523peers, system events and so on is suppressed.
2524@item @code{logfile} @kbd{logfile}
2525This command specifies the location of an alternate log file to
2526be used instead of the default system
2527@code{syslog(3)}
2528facility.
2529This is the same operation as the -l command line option.
2530@item @code{setvar} @kbd{variable} @code{[@code{default}]}
2531This command adds an additional system variable.
2532These
2533variables can be used to distribute additional information such as
2534the access policy.
2535If the variable of the form
2536@code{name}@code{=}@kbd{value}
2537is followed by the
2538@code{default}
2539keyword, the
2540variable will be listed as part of the default system variables
2541(@code{rv} command)).
2542These additional variables serve
2543informational purposes only.
2544They are not related to the protocol
2545other that they can be listed.
2546The known protocol variables will
2547always override any variables defined via the
2548@code{setvar}
2549mechanism.
2550There are three special variables that contain the names
2551of all variable of the same group.
2552The
2553@code{sys_var_list}
2554holds
2555the names of all system variables.
2556The
2557@code{peer_var_list}
2558holds
2559the names of all peer variables and the
2560@code{clock_var_list}
2561holds the names of the reference clock variables.
2562@item @code{tinker} @code{[@code{allan} @kbd{allan} | @code{dispersion} @kbd{dispersion} | @code{freq} @kbd{freq} | @code{huffpuff} @kbd{huffpuff} | @code{panic} @kbd{panic} | @code{step} @kbd{step} | @code{stepback} @kbd{stepback} | @code{stepfwd} @kbd{stepfwd} | @code{stepout} @kbd{stepout}]}
2563This command can be used to alter several system variables in
2564very exceptional circumstances.
2565It should occur in the
2566configuration file before any other configuration options.
2567The
2568default values of these variables have been carefully optimized for
2569a wide range of network speeds and reliability expectations.
2570In
2571general, they interact in intricate ways that are hard to predict
2572and some combinations can result in some very nasty behavior.
2573Very
2574rarely is it necessary to change the default values; but, some
2575folks cannot resist twisting the knobs anyway and this command is
2576for them.
2577Emphasis added: twisters are on their own and can expect
2578no help from the support group.
2579
2580The variables operate as follows:
2581@table @asis
2582@item @code{allan} @kbd{allan}
2583The argument becomes the new value for the minimum Allan
2584intercept, which is a parameter of the PLL/FLL clock discipline
2585algorithm.
2586The value in log2 seconds defaults to 7 (1024 s), which is also the lower
2587limit.
2588@item @code{dispersion} @kbd{dispersion}
2589The argument becomes the new value for the dispersion increase rate,
2590normally .000015 s/s.
2591@item @code{freq} @kbd{freq}
2592The argument becomes the initial value of the frequency offset in
2593parts-per-million.
2594This overrides the value in the frequency file, if
2595present, and avoids the initial training state if it is not.
2596@item @code{huffpuff} @kbd{huffpuff}
2597The argument becomes the new value for the experimental
2598huff-n'-puff filter span, which determines the most recent interval
2599the algorithm will search for a minimum delay.
2600The lower limit is
2601900 s (15 m), but a more reasonable value is 7200 (2 hours).
2602There
2603is no default, since the filter is not enabled unless this command
2604is given.
2605@item @code{panic} @kbd{panic}
2606The argument is the panic threshold, normally 1000 s.
2607If set to zero,
2608the panic sanity check is disabled and a clock offset of any value will
2609be accepted.
2610@item @code{step} @kbd{step}
2611The argument is the step threshold, which by default is 0.128 s.
2612It can
2613be set to any positive number in seconds.
2614If set to zero, step
2615adjustments will never occur.
2616Note: The kernel time discipline is
2617disabled if the step threshold is set to zero or greater than the
2618default.
2619@item @code{stepback} @kbd{stepback}
2620The argument is the step threshold for the backward direction,
2621which by default is 0.128 s.
2622It can
2623be set to any positive number in seconds.
2624If both the forward and backward step thresholds are set to zero, step
2625adjustments will never occur.
2626Note: The kernel time discipline is
2627disabled if
2628each direction of step threshold are either
2629set to zero or greater than .5 second.
2630@item @code{stepfwd} @kbd{stepfwd}
2631As for stepback, but for the forward direction.
2632@item @code{stepout} @kbd{stepout}
2633The argument is the stepout timeout, which by default is 900 s.
2634It can
2635be set to any positive number in seconds.
2636If set to zero, the stepout
2637pulses will not be suppressed.
2638@end table
2639@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
2640@table @asis
2641@item @code{memlock} @kbd{Nmegabytes}
2642Specify the number of megabytes of memory that should be
2643allocated and locked.
2644Probably only available under Linux, this option may be useful
2645when dropping root (the
2646@code{-i}
2647option).
2648The default is 32 megabytes on non-Linux machines, and -1 under Linux.
2649-1 means "do not lock the process into memory".
26500 means "lock whatever memory the process wants into memory".
2651@item @code{stacksize} @kbd{N4kPages}
2652Specifies the maximum size of the process stack on systems with the
2653@code{mlockall()}
2654function.
2655Defaults to 50 4k pages (200 4k pages in OpenBSD).
2656@item @code{filenum} @kbd{Nfiledescriptors}
2657Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
2658@end table
2659@item @code{trap} @kbd{host_address} @code{[@code{port} @kbd{port_number}]} @code{[@code{interface} @kbd{interface_address}]}
2660This command configures a trap receiver at the given host
2661address and port number for sending messages with the specified
2662local interface address.
2663If the port number is unspecified, a value
2664of 18447 is used.
2665If the interface address is not specified, the
2666message is sent with a source address of the local interface the
2667message is sent through.
2668Note that on a multihomed host the
2669interface used may vary from time to time with routing changes.
2670
2671The trap receiver will generally log event messages and other
2672information from the server in a log file.
2673While such monitor
2674programs may also request their own trap dynamically, configuring a
2675trap receiver will ensure that no messages are lost when the server
2676is started.
2677@item @code{hop} @kbd{...}
2678This command specifies a list of TTL values in increasing order, up to 8
2679values can be specified.
2680In manycast mode these values are used in turn in
2681an expanding-ring search.
2682The default is eight multiples of 32 starting at
268331.
2684@end table
2685
2686This section was generated by @strong{AutoGen},
2687using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.conf} program.
2688This software is released under the NTP license, <http://ntp.org/license>.
2689
2690@menu
2691* ntp.conf Files::                  Files
2692* ntp.conf See Also::               See Also
2693* ntp.conf Bugs::                   Bugs
2694* ntp.conf Notes::                  Notes
2695@end menu
2696
2697@node ntp.conf Files
2698@subsection ntp.conf Files
2699@table @asis
2700@item @file{/etc/ntp.conf}
2701the default name of the configuration file
2702@item @file{ntp.keys}
2703private MD5 keys
2704@item @file{ntpkey}
2705RSA private key
2706@item @file{ntpkey_}@kbd{host}
2707RSA public key
2708@item @file{ntp_dh}
2709Diffie-Hellman agreement parameters
2710@end table
2711@node ntp.conf See Also
2712@subsection ntp.conf See Also
2713@code{ntpd(1ntpdmdoc)},
2714@code{ntpdc(1ntpdcmdoc)},
2715@code{ntpq(1ntpqmdoc)}
2716
2717In addition to the manual pages provided,
2718comprehensive documentation is available on the world wide web
2719at
2720@code{http://www.ntp.org/}.
2721A snapshot of this documentation is available in HTML format in
2722@file{/usr/share/doc/ntp}.
2723@*
2724
2725@*
2726David L. Mills, @emph{Network Time Protocol (Version 4)}, RFC5905
2727@node ntp.conf Bugs
2728@subsection ntp.conf Bugs
2729The syntax checking is not picky; some combinations of
2730ridiculous and even hilarious options and modes may not be
2731detected.
2732
2733The
2734@file{ntpkey_}@kbd{host}
2735files are really digital
2736certificates.
2737These should be obtained via secure directory
2738services when they become universally available.
2739@node ntp.conf Notes
2740@subsection ntp.conf Notes
2741This document was derived from FreeBSD.
2742