1@node ntp.conf Notes 2@section Notes about ntp.conf 3@pindex ntp.conf 4@cindex Network Time Protocol (NTP) daemon configuration file format 5@ignore 6# 7# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) 8# 9# It has been AutoGen-ed October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5 10# From the definitions ntp.conf.def 11# and the template file agtexi-file.tpl 12@end ignore 13 14 15 16The 17@code{ntp.conf} 18configuration file is read at initial startup by the 19@code{ntpd(1ntpdmdoc)} 20daemon in order to specify the synchronization sources, 21modes and other related information. 22Usually, it is installed in the 23@file{/etc} 24directory, 25but could be installed elsewhere 26(see the daemon's 27@code{-c} 28command line option). 29 30The file format is similar to other 31@sc{unix} 32configuration files. 33Comments begin with a 34@quoteleft{}#@quoteright{} 35character and extend to the end of the line; 36blank lines are ignored. 37Configuration commands consist of an initial keyword 38followed by a list of arguments, 39some of which may be optional, separated by whitespace. 40Commands may not be continued over multiple lines. 41Arguments may be host names, 42host addresses written in numeric, dotted-quad form, 43integers, floating point numbers (when specifying times in seconds) 44and text strings. 45 46The rest of this page describes the configuration and control options. 47The 48"Notes on Configuring NTP and Setting up an NTP Subnet" 49page 50(available as part of the HTML documentation 51provided in 52@file{/usr/share/doc/ntp}) 53contains an extended discussion of these options. 54In addition to the discussion of general 55@ref{Configuration Options}, 56there are sections describing the following supported functionality 57and the options used to control it: 58@itemize @bullet 59@item 60@ref{Authentication Support} 61@item 62@ref{Monitoring Support} 63@item 64@ref{Access Control Support} 65@item 66@ref{Automatic NTP Configuration Options} 67@item 68@ref{Reference Clock Support} 69@item 70@ref{Miscellaneous Options} 71@end itemize 72 73Following these is a section describing 74@ref{Miscellaneous Options}. 75While there is a rich set of options available, 76the only required option is one or more 77@code{pool}, 78@code{server}, 79@code{peer}, 80@code{broadcast} 81or 82@code{manycastclient} 83commands. 84@node Configuration Support 85@subsection Configuration Support 86Following is a description of the configuration commands in 87NTPv4. 88These commands have the same basic functions as in NTPv3 and 89in some cases new functions and new arguments. 90There are two 91classes of commands, configuration commands that configure a 92persistent association with a remote server or peer or reference 93clock, and auxiliary commands that specify environmental variables 94that control various related operations. 95@subsubsection Configuration Commands 96The various modes are determined by the command keyword and the 97type of the required IP address. 98Addresses are classed by type as 99(s) a remote server or peer (IPv4 class A, B and C), (b) the 100broadcast address of a local interface, (m) a multicast address (IPv4 101class D), or (r) a reference clock address (127.127.x.x). 102Note that 103only those options applicable to each command are listed below. 104Use 105of options not listed may not be caught as an error, but may result 106in some weird and even destructive behavior. 107 108If the Basic Socket Interface Extensions for IPv6 (RFC-2553) 109is detected, support for the IPv6 address family is generated 110in addition to the default support of the IPv4 address family. 111In a few cases, including the reslist billboard generated 112by ntpdc, IPv6 addresses are automatically generated. 113IPv6 addresses can be identified by the presence of colons 114@quotedblleft{}:@quotedblright{} 115in the address field. 116IPv6 addresses can be used almost everywhere where 117IPv4 addresses can be used, 118with the exception of reference clock addresses, 119which are always IPv4. 120 121Note that in contexts where a host name is expected, a 122@code{-4} 123qualifier preceding 124the host name forces DNS resolution to the IPv4 namespace, 125while a 126@code{-6} 127qualifier forces DNS resolution to the IPv6 namespace. 128See IPv6 references for the 129equivalent classes for that address family. 130@table @asis 131@item @code{pool} @kbd{address} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} 132@item @code{server} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} 133@item @code{peer} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} 134@item @code{broadcast} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{ttl} @kbd{ttl}]} 135@item @code{manycastclient} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} @code{[@code{ttl} @kbd{ttl}]} 136@end table 137 138These five commands specify the time server name or address to 139be used and the mode in which to operate. 140The 141@kbd{address} 142can be 143either a DNS name or an IP address in dotted-quad notation. 144Additional information on association behavior can be found in the 145"Association Management" 146page 147(available as part of the HTML documentation 148provided in 149@file{/usr/share/doc/ntp}). 150@table @asis 151@item @code{pool} 152For type s addresses, this command mobilizes a persistent 153client mode association with a number of remote servers. 154In this mode the local clock can synchronized to the 155remote server, but the remote server can never be synchronized to 156the local clock. 157@item @code{server} 158For type s and r addresses, this command mobilizes a persistent 159client mode association with the specified remote server or local 160radio clock. 161In this mode the local clock can synchronized to the 162remote server, but the remote server can never be synchronized to 163the local clock. 164This command should 165@emph{not} 166be used for type 167b or m addresses. 168@item @code{peer} 169For type s addresses (only), this command mobilizes a 170persistent symmetric-active mode association with the specified 171remote peer. 172In this mode the local clock can be synchronized to 173the remote peer or the remote peer can be synchronized to the local 174clock. 175This is useful in a network of servers where, depending on 176various failure scenarios, either the local or remote peer may be 177the better source of time. 178This command should NOT be used for type 179b, m or r addresses. 180@item @code{broadcast} 181For type b and m addresses (only), this 182command mobilizes a persistent broadcast mode association. 183Multiple 184commands can be used to specify multiple local broadcast interfaces 185(subnets) and/or multiple multicast groups. 186Note that local 187broadcast messages go only to the interface associated with the 188subnet specified, but multicast messages go to all interfaces. 189In broadcast mode the local server sends periodic broadcast 190messages to a client population at the 191@kbd{address} 192specified, which is usually the broadcast address on (one of) the 193local network(s) or a multicast address assigned to NTP. 194The IANA 195has assigned the multicast group address IPv4 224.0.1.1 and 196IPv6 ff05::101 (site local) exclusively to 197NTP, but other nonconflicting addresses can be used to contain the 198messages within administrative boundaries. 199Ordinarily, this 200specification applies only to the local server operating as a 201sender; for operation as a broadcast client, see the 202@code{broadcastclient} 203or 204@code{multicastclient} 205commands 206below. 207@item @code{manycastclient} 208For type m addresses (only), this command mobilizes a 209manycast client mode association for the multicast address 210specified. 211In this case a specific address must be supplied which 212matches the address used on the 213@code{manycastserver} 214command for 215the designated manycast servers. 216The NTP multicast address 217224.0.1.1 assigned by the IANA should NOT be used, unless specific 218means are taken to avoid spraying large areas of the Internet with 219these messages and causing a possibly massive implosion of replies 220at the sender. 221The 222@code{manycastserver} 223command specifies that the local server 224is to operate in client mode with the remote servers that are 225discovered as the result of broadcast/multicast messages. 226The 227client broadcasts a request message to the group address associated 228with the specified 229@kbd{address} 230and specifically enabled 231servers respond to these messages. 232The client selects the servers 233providing the best time and continues as with the 234@code{server} 235command. 236The remaining servers are discarded as if never 237heard. 238@end table 239 240Options: 241@table @asis 242@item @code{autokey} 243All packets sent to and received from the server or peer are to 244include authentication fields encrypted using the autokey scheme 245described in 246@ref{Authentication Options}. 247@item @code{burst} 248when the server is reachable, send a burst of eight packets 249instead of the usual one. 250The packet spacing is normally 2 s; 251however, the spacing between the first and second packets 252can be changed with the calldelay command to allow 253additional time for a modem or ISDN call to complete. 254This is designed to improve timekeeping quality 255with the 256@code{server} 257command and s addresses. 258@item @code{iburst} 259When the server is unreachable, send a burst of eight packets 260instead of the usual one. 261The packet spacing is normally 2 s; 262however, the spacing between the first two packets can be 263changed with the calldelay command to allow 264additional time for a modem or ISDN call to complete. 265This is designed to speed the initial synchronization 266acquisition with the 267@code{server} 268command and s addresses and when 269@code{ntpd(1ntpdmdoc)} 270is started with the 271@code{-q} 272option. 273@item @code{key} @kbd{key} 274All packets sent to and received from the server or peer are to 275include authentication fields encrypted using the specified 276@kbd{key} 277identifier with values from 1 to 65534, inclusive. 278The 279default is to include no encryption field. 280@item @code{minpoll} @kbd{minpoll} 281@item @code{maxpoll} @kbd{maxpoll} 282These options specify the minimum and maximum poll intervals 283for NTP messages, as a power of 2 in seconds 284The maximum poll 285interval defaults to 10 (1,024 s), but can be increased by the 286@code{maxpoll} 287option to an upper limit of 17 (36.4 h). 288The 289minimum poll interval defaults to 6 (64 s), but can be decreased by 290the 291@code{minpoll} 292option to a lower limit of 4 (16 s). 293@item @code{noselect} 294Marks the server as unused, except for display purposes. 295The server is discarded by the selection algroithm. 296@item @code{prefer} 297Marks the server as preferred. 298All other things being equal, 299this host will be chosen for synchronization among a set of 300correctly operating hosts. 301See the 302"Mitigation Rules and the prefer Keyword" 303page 304(available as part of the HTML documentation 305provided in 306@file{/usr/share/doc/ntp}) 307for further information. 308@item @code{ttl} @kbd{ttl} 309This option is used only with broadcast server and manycast 310client modes. 311It specifies the time-to-live 312@kbd{ttl} 313to 314use on broadcast server and multicast server and the maximum 315@kbd{ttl} 316for the expanding ring search with manycast 317client packets. 318Selection of the proper value, which defaults to 319127, is something of a black art and should be coordinated with the 320network administrator. 321@item @code{version} @kbd{version} 322Specifies the version number to be used for outgoing NTP 323packets. 324Versions 1-4 are the choices, with version 4 the 325default. 326@end table 327@subsubsection Auxiliary Commands 328@table @asis 329@item @code{broadcastclient} 330This command enables reception of broadcast server messages to 331any local interface (type b) address. 332Upon receiving a message for 333the first time, the broadcast client measures the nominal server 334propagation delay using a brief client/server exchange with the 335server, then enters the broadcast client mode, in which it 336synchronizes to succeeding broadcast messages. 337Note that, in order 338to avoid accidental or malicious disruption in this mode, both the 339server and client should operate using symmetric-key or public-key 340authentication as described in 341@ref{Authentication Options}. 342@item @code{manycastserver} @kbd{address} @kbd{...} 343This command enables reception of manycast client messages to 344the multicast group address(es) (type m) specified. 345At least one 346address is required, but the NTP multicast address 224.0.1.1 347assigned by the IANA should NOT be used, unless specific means are 348taken to limit the span of the reply and avoid a possibly massive 349implosion at the original sender. 350Note that, in order to avoid 351accidental or malicious disruption in this mode, both the server 352and client should operate using symmetric-key or public-key 353authentication as described in 354@ref{Authentication Options}. 355@item @code{multicastclient} @kbd{address} @kbd{...} 356This command enables reception of multicast server messages to 357the multicast group address(es) (type m) specified. 358Upon receiving 359a message for the first time, the multicast client measures the 360nominal server propagation delay using a brief client/server 361exchange with the server, then enters the broadcast client mode, in 362which it synchronizes to succeeding multicast messages. 363Note that, 364in order to avoid accidental or malicious disruption in this mode, 365both the server and client should operate using symmetric-key or 366public-key authentication as described in 367@ref{Authentication Options}. 368@item @code{mdnstries} @kbd{number} 369If we are participating in mDNS, 370after we have synched for the first time 371we attempt to register with the mDNS system. 372If that registration attempt fails, 373we try again at one minute intervals for up to 374@code{mdnstries} 375times. 376After all, 377@code{ntpd} 378may be starting before mDNS. 379The default value for 380@code{mdnstries} 381is 5. 382@end table 383@node Authentication Support 384@subsection Authentication Support 385Authentication support allows the NTP client to verify that the 386server is in fact known and trusted and not an intruder intending 387accidentally or on purpose to masquerade as that server. 388The NTPv3 389specification RFC-1305 defines a scheme which provides 390cryptographic authentication of received NTP packets. 391Originally, 392this was done using the Data Encryption Standard (DES) algorithm 393operating in Cipher Block Chaining (CBC) mode, commonly called 394DES-CBC. 395Subsequently, this was replaced by the RSA Message Digest 3965 (MD5) algorithm using a private key, commonly called keyed-MD5. 397Either algorithm computes a message digest, or one-way hash, which 398can be used to verify the server has the correct private key and 399key identifier. 400 401NTPv4 retains the NTPv3 scheme, properly described as symmetric key 402cryptography and, in addition, provides a new Autokey scheme 403based on public key cryptography. 404Public key cryptography is generally considered more secure 405than symmetric key cryptography, since the security is based 406on a private value which is generated by each server and 407never revealed. 408With Autokey all key distribution and 409management functions involve only public values, which 410considerably simplifies key distribution and storage. 411Public key management is based on X.509 certificates, 412which can be provided by commercial services or 413produced by utility programs in the OpenSSL software library 414or the NTPv4 distribution. 415 416While the algorithms for symmetric key cryptography are 417included in the NTPv4 distribution, public key cryptography 418requires the OpenSSL software library to be installed 419before building the NTP distribution. 420Directions for doing that 421are on the Building and Installing the Distribution page. 422 423Authentication is configured separately for each association 424using the 425@code{key} 426or 427@code{autokey} 428subcommand on the 429@code{peer}, 430@code{server}, 431@code{broadcast} 432and 433@code{manycastclient} 434configuration commands as described in 435@ref{Configuration Options} 436page. 437The authentication 438options described below specify the locations of the key files, 439if other than default, which symmetric keys are trusted 440and the interval between various operations, if other than default. 441 442Authentication is always enabled, 443although ineffective if not configured as 444described below. 445If a NTP packet arrives 446including a message authentication 447code (MAC), it is accepted only if it 448passes all cryptographic checks. 449The 450checks require correct key ID, key value 451and message digest. 452If the packet has 453been modified in any way or replayed 454by an intruder, it will fail one or more 455of these checks and be discarded. 456Furthermore, the Autokey scheme requires a 457preliminary protocol exchange to obtain 458the server certificate, verify its 459credentials and initialize the protocol 460 461The 462@code{auth} 463flag controls whether new associations or 464remote configuration commands require cryptographic authentication. 465This flag can be set or reset by the 466@code{enable} 467and 468@code{disable} 469commands and also by remote 470configuration commands sent by a 471@code{ntpdc(1ntpdcmdoc)} 472program running in 473another machine. 474If this flag is enabled, which is the default 475case, new broadcast client and symmetric passive associations and 476remote configuration commands must be cryptographically 477authenticated using either symmetric key or public key cryptography. 478If this 479flag is disabled, these operations are effective 480even if not cryptographic 481authenticated. 482It should be understood 483that operating with the 484@code{auth} 485flag disabled invites a significant vulnerability 486where a rogue hacker can 487masquerade as a falseticker and seriously 488disrupt system timekeeping. 489It is 490important to note that this flag has no purpose 491other than to allow or disallow 492a new association in response to new broadcast 493and symmetric active messages 494and remote configuration commands and, in particular, 495the flag has no effect on 496the authentication process itself. 497 498An attractive alternative where multicast support is available 499is manycast mode, in which clients periodically troll 500for servers as described in the 501@ref{Automatic NTP Configuration Options} 502page. 503Either symmetric key or public key 504cryptographic authentication can be used in this mode. 505The principle advantage 506of manycast mode is that potential servers need not be 507configured in advance, 508since the client finds them during regular operation, 509and the configuration 510files for all clients can be identical. 511 512The security model and protocol schemes for 513both symmetric key and public key 514cryptography are summarized below; 515further details are in the briefings, papers 516and reports at the NTP project page linked from 517@code{http://www.ntp.org/}. 518@subsubsection Symmetric-Key Cryptography 519The original RFC-1305 specification allows any one of possibly 52065,534 keys, each distinguished by a 32-bit key identifier, to 521authenticate an association. 522The servers and clients involved must 523agree on the key and key identifier to 524authenticate NTP packets. 525Keys and 526related information are specified in a key 527file, usually called 528@file{ntp.keys}, 529which must be distributed and stored using 530secure means beyond the scope of the NTP protocol itself. 531Besides the keys used 532for ordinary NTP associations, 533additional keys can be used as passwords for the 534@code{ntpq(1ntpqmdoc)} 535and 536@code{ntpdc(1ntpdcmdoc)} 537utility programs. 538 539When 540@code{ntpd(1ntpdmdoc)} 541is first started, it reads the key file specified in the 542@code{keys} 543configuration command and installs the keys 544in the key cache. 545However, 546individual keys must be activated with the 547@code{trusted} 548command before use. 549This 550allows, for instance, the installation of possibly 551several batches of keys and 552then activating or deactivating each batch 553remotely using 554@code{ntpdc(1ntpdcmdoc)}. 555This also provides a revocation capability that can be used 556if a key becomes compromised. 557The 558@code{requestkey} 559command selects the key used as the password for the 560@code{ntpdc(1ntpdcmdoc)} 561utility, while the 562@code{controlkey} 563command selects the key used as the password for the 564@code{ntpq(1ntpqmdoc)} 565utility. 566@subsubsection Public Key Cryptography 567NTPv4 supports the original NTPv3 symmetric key scheme 568described in RFC-1305 and in addition the Autokey protocol, 569which is based on public key cryptography. 570The Autokey Version 2 protocol described on the Autokey Protocol 571page verifies packet integrity using MD5 message digests 572and verifies the source with digital signatures and any of several 573digest/signature schemes. 574Optional identity schemes described on the Identity Schemes 575page and based on cryptographic challenge/response algorithms 576are also available. 577Using all of these schemes provides strong security against 578replay with or without modification, spoofing, masquerade 579and most forms of clogging attacks. 580 581The Autokey protocol has several modes of operation 582corresponding to the various NTP modes supported. 583Most modes use a special cookie which can be 584computed independently by the client and server, 585but encrypted in transmission. 586All modes use in addition a variant of the S-KEY scheme, 587in which a pseudo-random key list is generated and used 588in reverse order. 589These schemes are described along with an executive summary, 590current status, briefing slides and reading list on the 591@ref{Autonomous Authentication} 592page. 593 594The specific cryptographic environment used by Autokey servers 595and clients is determined by a set of files 596and soft links generated by the 597@code{ntp-keygen(1ntpkeygenmdoc)} 598program. 599This includes a required host key file, 600required certificate file and optional sign key file, 601leapsecond file and identity scheme files. 602The 603digest/signature scheme is specified in the X.509 certificate 604along with the matching sign key. 605There are several schemes 606available in the OpenSSL software library, each identified 607by a specific string such as 608@code{md5WithRSAEncryption}, 609which stands for the MD5 message digest with RSA 610encryption scheme. 611The current NTP distribution supports 612all the schemes in the OpenSSL library, including 613those based on RSA and DSA digital signatures. 614 615NTP secure groups can be used to define cryptographic compartments 616and security hierarchies. 617It is important that every host 618in the group be able to construct a certificate trail to one 619or more trusted hosts in the same group. 620Each group 621host runs the Autokey protocol to obtain the certificates 622for all hosts along the trail to one or more trusted hosts. 623This requires the configuration file in all hosts to be 624engineered so that, even under anticipated failure conditions, 625the NTP subnet will form such that every group host can find 626a trail to at least one trusted host. 627@subsubsection Naming and Addressing 628It is important to note that Autokey does not use DNS to 629resolve addresses, since DNS can't be completely trusted 630until the name servers have synchronized clocks. 631The cryptographic name used by Autokey to bind the host identity 632credentials and cryptographic values must be independent 633of interface, network and any other naming convention. 634The name appears in the host certificate in either or both 635the subject and issuer fields, so protection against 636DNS compromise is essential. 637 638By convention, the name of an Autokey host is the name returned 639by the Unix 640@code{gethostname(2)} 641system call or equivalent in other systems. 642By the system design 643model, there are no provisions to allow alternate names or aliases. 644However, this is not to say that DNS aliases, different names 645for each interface, etc., are constrained in any way. 646 647It is also important to note that Autokey verifies authenticity 648using the host name, network address and public keys, 649all of which are bound together by the protocol specifically 650to deflect masquerade attacks. 651For this reason Autokey 652includes the source and destinatino IP addresses in message digest 653computations and so the same addresses must be available 654at both the server and client. 655For this reason operation 656with network address translation schemes is not possible. 657This reflects the intended robust security model where government 658and corporate NTP servers are operated outside firewall perimeters. 659@subsubsection Operation 660A specific combination of authentication scheme (none, 661symmetric key, public key) and identity scheme is called 662a cryptotype, although not all combinations are compatible. 663There may be management configurations where the clients, 664servers and peers may not all support the same cryptotypes. 665A secure NTPv4 subnet can be configured in many ways while 666keeping in mind the principles explained above and 667in this section. 668Note however that some cryptotype 669combinations may successfully interoperate with each other, 670but may not represent good security practice. 671 672The cryptotype of an association is determined at the time 673of mobilization, either at configuration time or some time 674later when a message of appropriate cryptotype arrives. 675When mobilized by a 676@code{server} 677or 678@code{peer} 679configuration command and no 680@code{key} 681or 682@code{autokey} 683subcommands are present, the association is not 684authenticated; if the 685@code{key} 686subcommand is present, the association is authenticated 687using the symmetric key ID specified; if the 688@code{autokey} 689subcommand is present, the association is authenticated 690using Autokey. 691 692When multiple identity schemes are supported in the Autokey 693protocol, the first message exchange determines which one is used. 694The client request message contains bits corresponding 695to which schemes it has available. 696The server response message 697contains bits corresponding to which schemes it has available. 698Both server and client match the received bits with their own 699and select a common scheme. 700 701Following the principle that time is a public value, 702a server responds to any client packet that matches 703its cryptotype capabilities. 704Thus, a server receiving 705an unauthenticated packet will respond with an unauthenticated 706packet, while the same server receiving a packet of a cryptotype 707it supports will respond with packets of that cryptotype. 708However, unconfigured broadcast or manycast client 709associations or symmetric passive associations will not be 710mobilized unless the server supports a cryptotype compatible 711with the first packet received. 712By default, unauthenticated associations will not be mobilized 713unless overridden in a decidedly dangerous way. 714 715Some examples may help to reduce confusion. 716Client Alice has no specific cryptotype selected. 717Server Bob has both a symmetric key file and minimal Autokey files. 718Alice's unauthenticated messages arrive at Bob, who replies with 719unauthenticated messages. 720Cathy has a copy of Bob's symmetric 721key file and has selected key ID 4 in messages to Bob. 722Bob verifies the message with his key ID 4. 723If it's the 724same key and the message is verified, Bob sends Cathy a reply 725authenticated with that key. 726If verification fails, 727Bob sends Cathy a thing called a crypto-NAK, which tells her 728something broke. 729She can see the evidence using the 730@code{ntpq(1ntpqmdoc)} 731program. 732 733Denise has rolled her own host key and certificate. 734She also uses one of the identity schemes as Bob. 735She sends the first Autokey message to Bob and they 736both dance the protocol authentication and identity steps. 737If all comes out okay, Denise and Bob continue as described above. 738 739It should be clear from the above that Bob can support 740all the girls at the same time, as long as he has compatible 741authentication and identity credentials. 742Now, Bob can act just like the girls in his own choice of servers; 743he can run multiple configured associations with multiple different 744servers (or the same server, although that might not be useful). 745But, wise security policy might preclude some cryptotype 746combinations; for instance, running an identity scheme 747with one server and no authentication with another might not be wise. 748@subsubsection Key Management 749The cryptographic values used by the Autokey protocol are 750incorporated as a set of files generated by the 751@code{ntp-keygen(1ntpkeygenmdoc)} 752utility program, including symmetric key, host key and 753public certificate files, as well as sign key, identity parameters 754and leapseconds files. 755Alternatively, host and sign keys and 756certificate files can be generated by the OpenSSL utilities 757and certificates can be imported from public certificate 758authorities. 759Note that symmetric keys are necessary for the 760@code{ntpq(1ntpqmdoc)} 761and 762@code{ntpdc(1ntpdcmdoc)} 763utility programs. 764The remaining files are necessary only for the 765Autokey protocol. 766 767Certificates imported from OpenSSL or public certificate 768authorities have certian limitations. 769The certificate should be in ASN.1 syntax, X.509 Version 3 770format and encoded in PEM, which is the same format 771used by OpenSSL. 772The overall length of the certificate encoded 773in ASN.1 must not exceed 1024 bytes. 774The subject distinguished 775name field (CN) is the fully qualified name of the host 776on which it is used; the remaining subject fields are ignored. 777The certificate extension fields must not contain either 778a subject key identifier or a issuer key identifier field; 779however, an extended key usage field for a trusted host must 780contain the value 781@code{trustRoot};. 782Other extension fields are ignored. 783@subsubsection Authentication Commands 784@table @asis 785@item @code{autokey} @code{[@kbd{logsec}]} 786Specifies the interval between regenerations of the session key 787list used with the Autokey protocol. 788Note that the size of the key 789list for each association depends on this interval and the current 790poll interval. 791The default value is 12 (4096 s or about 1.1 hours). 792For poll intervals above the specified interval, a session key list 793with a single entry will be regenerated for every message 794sent. 795@item @code{controlkey} @kbd{key} 796Specifies the key identifier to use with the 797@code{ntpq(1ntpqmdoc)} 798utility, which uses the standard 799protocol defined in RFC-1305. 800The 801@kbd{key} 802argument is 803the key identifier for a trusted key, where the value can be in the 804range 1 to 65,534, inclusive. 805@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]} 806This command requires the OpenSSL library. 807It activates public key 808cryptography, selects the message digest and signature 809encryption scheme and loads the required private and public 810values described above. 811If one or more files are left unspecified, 812the default names are used as described above. 813Unless the complete path and name of the file are specified, the 814location of a file is relative to the keys directory specified 815in the 816@code{keysdir} 817command or default 818@file{/usr/local/etc}. 819Following are the subcommands: 820@table @asis 821@item @code{cert} @kbd{file} 822Specifies the location of the required host public certificate file. 823This overrides the link 824@file{ntpkey_cert_}@kbd{hostname} 825in the keys directory. 826@item @code{gqpar} @kbd{file} 827Specifies the location of the optional GQ parameters file. 828This 829overrides the link 830@file{ntpkey_gq_}@kbd{hostname} 831in the keys directory. 832@item @code{host} @kbd{file} 833Specifies the location of the required host key file. 834This overrides 835the link 836@file{ntpkey_key_}@kbd{hostname} 837in the keys directory. 838@item @code{iffpar} @kbd{file} 839Specifies the location of the optional IFF parameters file.This 840overrides the link 841@file{ntpkey_iff_}@kbd{hostname} 842in the keys directory. 843@item @code{leap} @kbd{file} 844Specifies the location of the optional leapsecond file. 845This overrides the link 846@file{ntpkey_leap} 847in the keys directory. 848@item @code{mvpar} @kbd{file} 849Specifies the location of the optional MV parameters file. 850This 851overrides the link 852@file{ntpkey_mv_}@kbd{hostname} 853in the keys directory. 854@item @code{pw} @kbd{password} 855Specifies the password to decrypt files containing private keys and 856identity parameters. 857This is required only if these files have been 858encrypted. 859@item @code{randfile} @kbd{file} 860Specifies the location of the random seed file used by the OpenSSL 861library. 862The defaults are described in the main text above. 863@item @code{sign} @kbd{file} 864Specifies the location of the optional sign key file. 865This overrides 866the link 867@file{ntpkey_sign_}@kbd{hostname} 868in the keys directory. 869If this file is 870not found, the host key is also the sign key. 871@end table 872@item @code{keys} @kbd{keyfile} 873Specifies the complete path and location of the MD5 key file 874containing the keys and key identifiers used by 875@code{ntpd(1ntpdmdoc)}, 876@code{ntpq(1ntpqmdoc)} 877and 878@code{ntpdc(1ntpdcmdoc)} 879when operating with symmetric key cryptography. 880This is the same operation as the 881@code{-k} 882command line option. 883@item @code{keysdir} @kbd{path} 884This command specifies the default directory path for 885cryptographic keys, parameters and certificates. 886The default is 887@file{/usr/local/etc/}. 888@item @code{requestkey} @kbd{key} 889Specifies the key identifier to use with the 890@code{ntpdc(1ntpdcmdoc)} 891utility program, which uses a 892proprietary protocol specific to this implementation of 893@code{ntpd(1ntpdmdoc)}. 894The 895@kbd{key} 896argument is a key identifier 897for the trusted key, where the value can be in the range 1 to 89865,534, inclusive. 899@item @code{revoke} @kbd{logsec} 900Specifies the interval between re-randomization of certain 901cryptographic values used by the Autokey scheme, as a power of 2 in 902seconds. 903These values need to be updated frequently in order to 904deflect brute-force attacks on the algorithms of the scheme; 905however, updating some values is a relatively expensive operation. 906The default interval is 16 (65,536 s or about 18 hours). 907For poll 908intervals above the specified interval, the values will be updated 909for every message sent. 910@item @code{trustedkey} @kbd{key} @kbd{...} 911Specifies the key identifiers which are trusted for the 912purposes of authenticating peers with symmetric key cryptography, 913as well as keys used by the 914@code{ntpq(1ntpqmdoc)} 915and 916@code{ntpdc(1ntpdcmdoc)} 917programs. 918The authentication procedures require that both the local 919and remote servers share the same key and key identifier for this 920purpose, although different keys can be used with different 921servers. 922The 923@kbd{key} 924arguments are 32-bit unsigned 925integers with values from 1 to 65,534. 926@end table 927@subsubsection Error Codes 928The following error codes are reported via the NTP control 929and monitoring protocol trap mechanism. 930@table @asis 931@item 101 932(bad field format or length) 933The packet has invalid version, length or format. 934@item 102 935(bad timestamp) 936The packet timestamp is the same or older than the most recent received. 937This could be due to a replay or a server clock time step. 938@item 103 939(bad filestamp) 940The packet filestamp is the same or older than the most recent received. 941This could be due to a replay or a key file generation error. 942@item 104 943(bad or missing public key) 944The public key is missing, has incorrect format or is an unsupported type. 945@item 105 946(unsupported digest type) 947The server requires an unsupported digest/signature scheme. 948@item 106 949(mismatched digest types) 950Not used. 951@item 107 952(bad signature length) 953The signature length does not match the current public key. 954@item 108 955(signature not verified) 956The message fails the signature check. 957It could be bogus or signed by a 958different private key. 959@item 109 960(certificate not verified) 961The certificate is invalid or signed with the wrong key. 962@item 110 963(certificate not verified) 964The certificate is not yet valid or has expired or the signature could not 965be verified. 966@item 111 967(bad or missing cookie) 968The cookie is missing, corrupted or bogus. 969@item 112 970(bad or missing leapseconds table) 971The leapseconds table is missing, corrupted or bogus. 972@item 113 973(bad or missing certificate) 974The certificate is missing, corrupted or bogus. 975@item 114 976(bad or missing identity) 977The identity key is missing, corrupt or bogus. 978@end table 979@node Monitoring Support 980@subsection Monitoring Support 981@code{ntpd(1ntpdmdoc)} 982includes a comprehensive monitoring facility suitable 983for continuous, long term recording of server and client 984timekeeping performance. 985See the 986@code{statistics} 987command below 988for a listing and example of each type of statistics currently 989supported. 990Statistic files are managed using file generation sets 991and scripts in the 992@file{./scripts} 993directory of this distribution. 994Using 995these facilities and 996@sc{unix} 997@code{cron(8)} 998jobs, the data can be 999automatically summarized and archived for retrospective analysis. 1000@subsubsection Monitoring Commands 1001@table @asis 1002@item @code{statistics} @kbd{name} @kbd{...} 1003Enables writing of statistics records. 1004Currently, eight kinds of 1005@kbd{name} 1006statistics are supported. 1007@table @asis 1008@item @code{clockstats} 1009Enables recording of clock driver statistics information. 1010Each update 1011received from a clock driver appends a line of the following form to 1012the file generation set named 1013@code{clockstats}: 1014@verbatim 101549213 525.624 127.127.4.1 93 226 00:08:29.606 D 1016@end verbatim 1017 1018The first two fields show the date (Modified Julian Day) and time 1019(seconds and fraction past UTC midnight). 1020The next field shows the 1021clock address in dotted-quad notation. 1022The final field shows the last 1023timecode received from the clock in decoded ASCII format, where 1024meaningful. 1025In some clock drivers a good deal of additional information 1026can be gathered and displayed as well. 1027See information specific to each 1028clock for further details. 1029@item @code{cryptostats} 1030This option requires the OpenSSL cryptographic software library. 1031It 1032enables recording of cryptographic public key protocol information. 1033Each message received by the protocol module appends a line of the 1034following form to the file generation set named 1035@code{cryptostats}: 1036@verbatim 103749213 525.624 127.127.4.1 message 1038@end verbatim 1039 1040The first two fields show the date (Modified Julian Day) and time 1041(seconds and fraction past UTC midnight). 1042The next field shows the peer 1043address in dotted-quad notation, The final message field includes the 1044message type and certain ancillary information. 1045See the 1046@ref{Authentication Options} 1047section for further information. 1048@item @code{loopstats} 1049Enables recording of loop filter statistics information. 1050Each 1051update of the local clock outputs a line of the following form to 1052the file generation set named 1053@code{loopstats}: 1054@verbatim 105550935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 1056@end verbatim 1057 1058The first two fields show the date (Modified Julian Day) and 1059time (seconds and fraction past UTC midnight). 1060The next five fields 1061show time offset (seconds), frequency offset (parts per million - 1062PPM), RMS jitter (seconds), Allan deviation (PPM) and clock 1063discipline time constant. 1064@item @code{peerstats} 1065Enables recording of peer statistics information. 1066This includes 1067statistics records of all peers of a NTP server and of special 1068signals, where present and configured. 1069Each valid update appends a 1070line of the following form to the current element of a file 1071generation set named 1072@code{peerstats}: 1073@verbatim 107448773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674 1075@end verbatim 1076 1077The first two fields show the date (Modified Julian Day) and 1078time (seconds and fraction past UTC midnight). 1079The next two fields 1080show the peer address in dotted-quad notation and status, 1081respectively. 1082The status field is encoded in hex in the format 1083described in Appendix A of the NTP specification RFC 1305. 1084The final four fields show the offset, 1085delay, dispersion and RMS jitter, all in seconds. 1086@item @code{rawstats} 1087Enables recording of raw-timestamp statistics information. 1088This 1089includes statistics records of all peers of a NTP server and of 1090special signals, where present and configured. 1091Each NTP message 1092received from a peer or clock driver appends a line of the 1093following form to the file generation set named 1094@code{rawstats}: 1095@verbatim 109650928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 1097@end verbatim 1098 1099The first two fields show the date (Modified Julian Day) and 1100time (seconds and fraction past UTC midnight). 1101The next two fields 1102show the remote peer or clock address followed by the local address 1103in dotted-quad notation. 1104The final four fields show the originate, 1105receive, transmit and final NTP timestamps in order. 1106The timestamp 1107values are as received and before processing by the various data 1108smoothing and mitigation algorithms. 1109@item @code{sysstats} 1110Enables recording of ntpd statistics counters on a periodic basis. 1111Each 1112hour a line of the following form is appended to the file generation 1113set named 1114@code{sysstats}: 1115@verbatim 111650928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 1117@end verbatim 1118 1119The first two fields show the date (Modified Julian Day) and time 1120(seconds and fraction past UTC midnight). 1121The remaining ten fields show 1122the statistics counter values accumulated since the last generated 1123line. 1124@table @asis 1125@item Time since restart @code{36000} 1126Time in hours since the system was last rebooted. 1127@item Packets received @code{81965} 1128Total number of packets received. 1129@item Packets processed @code{0} 1130Number of packets received in response to previous packets sent 1131@item Current version @code{9546} 1132Number of packets matching the current NTP version. 1133@item Previous version @code{56} 1134Number of packets matching the previous NTP version. 1135@item Bad version @code{71793} 1136Number of packets matching neither NTP version. 1137@item Access denied @code{512} 1138Number of packets denied access for any reason. 1139@item Bad length or format @code{540} 1140Number of packets with invalid length, format or port number. 1141@item Bad authentication @code{10} 1142Number of packets not verified as authentic. 1143@item Rate exceeded @code{147} 1144Number of packets discarded due to rate limitation. 1145@end table 1146@item @code{statsdir} @kbd{directory_path} 1147Indicates the full path of a directory where statistics files 1148should be created (see below). 1149This keyword allows 1150the (otherwise constant) 1151@code{filegen} 1152filename prefix to be modified for file generation sets, which 1153is useful for handling statistics logs. 1154@item @code{filegen} @kbd{name} @code{[@code{file} @kbd{filename}]} @code{[@code{type} @kbd{typename}]} @code{[@code{link} | @code{nolink}]} @code{[@code{enable} | @code{disable}]} 1155Configures setting of generation file set name. 1156Generation 1157file sets provide a means for handling files that are 1158continuously growing during the lifetime of a server. 1159Server statistics are a typical example for such files. 1160Generation file sets provide access to a set of files used 1161to store the actual data. 1162At any time at most one element 1163of the set is being written to. 1164The type given specifies 1165when and how data will be directed to a new element of the set. 1166This way, information stored in elements of a file set 1167that are currently unused are available for administrational 1168operations without the risk of disturbing the operation of ntpd. 1169(Most important: they can be removed to free space for new data 1170produced.) 1171 1172Note that this command can be sent from the 1173@code{ntpdc(1ntpdcmdoc)} 1174program running at a remote location. 1175@table @asis 1176@item @code{name} 1177This is the type of the statistics records, as shown in the 1178@code{statistics} 1179command. 1180@item @code{file} @kbd{filename} 1181This is the file name for the statistics records. 1182Filenames of set 1183members are built from three concatenated elements 1184@code{prefix}, 1185@code{filename} 1186and 1187@code{suffix}: 1188@table @asis 1189@item @code{prefix} 1190This is a constant filename path. 1191It is not subject to 1192modifications via the 1193@kbd{filegen} 1194option. 1195It is defined by the 1196server, usually specified as a compile-time constant. 1197It may, 1198however, be configurable for individual file generation sets 1199via other commands. 1200For example, the prefix used with 1201@kbd{loopstats} 1202and 1203@kbd{peerstats} 1204generation can be configured using the 1205@kbd{statsdir} 1206option explained above. 1207@item @code{filename} 1208This string is directly concatenated to the prefix mentioned 1209above (no intervening 1210@quoteleft{}/@quoteright{}). 1211This can be modified using 1212the file argument to the 1213@kbd{filegen} 1214statement. 1215No 1216@file{..} 1217elements are 1218allowed in this component to prevent filenames referring to 1219parts outside the filesystem hierarchy denoted by 1220@kbd{prefix}. 1221@item @code{suffix} 1222This part is reflects individual elements of a file set. 1223It is 1224generated according to the type of a file set. 1225@end table 1226@item @code{type} @kbd{typename} 1227A file generation set is characterized by its type. 1228The following 1229types are supported: 1230@table @asis 1231@item @code{none} 1232The file set is actually a single plain file. 1233@item @code{pid} 1234One element of file set is used per incarnation of a ntpd 1235server. 1236This type does not perform any changes to file set 1237members during runtime, however it provides an easy way of 1238separating files belonging to different 1239@code{ntpd(1ntpdmdoc)} 1240server incarnations. 1241The set member filename is built by appending a 1242@quoteleft{}.@quoteright{} 1243to concatenated 1244@kbd{prefix} 1245and 1246@kbd{filename} 1247strings, and 1248appending the decimal representation of the process ID of the 1249@code{ntpd(1ntpdmdoc)} 1250server process. 1251@item @code{day} 1252One file generation set element is created per day. 1253A day is 1254defined as the period between 00:00 and 24:00 UTC. 1255The file set 1256member suffix consists of a 1257@quoteleft{}.@quoteright{} 1258and a day specification in 1259the form 1260@code{YYYYMMdd}. 1261@code{YYYY} 1262is a 4-digit year number (e.g., 1992). 1263@code{MM} 1264is a two digit month number. 1265@code{dd} 1266is a two digit day number. 1267Thus, all information written at 10 December 1992 would end up 1268in a file named 1269@kbd{prefix} 1270@kbd{filename}.19921210. 1271@item @code{week} 1272Any file set member contains data related to a certain week of 1273a year. 1274The term week is defined by computing day-of-year 1275modulo 7. 1276Elements of such a file generation set are 1277distinguished by appending the following suffix to the file set 1278filename base: A dot, a 4-digit year number, the letter 1279@code{W}, 1280and a 2-digit week number. 1281For example, information from January, 128210th 1992 would end up in a file with suffix 1283.No . Ns Ar 1992W1 . 1284@item @code{month} 1285One generation file set element is generated per month. 1286The 1287file name suffix consists of a dot, a 4-digit year number, and 1288a 2-digit month. 1289@item @code{year} 1290One generation file element is generated per year. 1291The filename 1292suffix consists of a dot and a 4 digit year number. 1293@item @code{age} 1294This type of file generation sets changes to a new element of 1295the file set every 24 hours of server operation. 1296The filename 1297suffix consists of a dot, the letter 1298@code{a}, 1299and an 8-digit number. 1300This number is taken to be the number of seconds the server is 1301running at the start of the corresponding 24-hour period. 1302Information is only written to a file generation by specifying 1303@code{enable}; 1304output is prevented by specifying 1305@code{disable}. 1306@end table 1307@item @code{link} | @code{nolink} 1308It is convenient to be able to access the current element of a file 1309generation set by a fixed name. 1310This feature is enabled by 1311specifying 1312@code{link} 1313and disabled using 1314@code{nolink}. 1315If link is specified, a 1316hard link from the current file set element to a file without 1317suffix is created. 1318When there is already a file with this name and 1319the number of links of this file is one, it is renamed appending a 1320dot, the letter 1321@code{C}, 1322and the pid of the ntpd server process. 1323When the 1324number of links is greater than one, the file is unlinked. 1325This 1326allows the current file to be accessed by a constant name. 1327@item @code{enable} @code{|} @code{disable} 1328Enables or disables the recording function. 1329@end table 1330@end table 1331@end table 1332@node Access Control Support 1333@subsection Access Control Support 1334The 1335@code{ntpd(1ntpdmdoc)} 1336daemon implements a general purpose address/mask based restriction 1337list. 1338The list contains address/match entries sorted first 1339by increasing address values and and then by increasing mask values. 1340A match occurs when the bitwise AND of the mask and the packet 1341source address is equal to the bitwise AND of the mask and 1342address in the list. 1343The list is searched in order with the 1344last match found defining the restriction flags associated 1345with the entry. 1346Additional information and examples can be found in the 1347"Notes on Configuring NTP and Setting up a NTP Subnet" 1348page 1349(available as part of the HTML documentation 1350provided in 1351@file{/usr/share/doc/ntp}). 1352 1353The restriction facility was implemented in conformance 1354with the access policies for the original NSFnet backbone 1355time servers. 1356Later the facility was expanded to deflect 1357cryptographic and clogging attacks. 1358While this facility may 1359be useful for keeping unwanted or broken or malicious clients 1360from congesting innocent servers, it should not be considered 1361an alternative to the NTP authentication facilities. 1362Source address based restrictions are easily circumvented 1363by a determined cracker. 1364 1365Clients can be denied service because they are explicitly 1366included in the restrict list created by the restrict command 1367or implicitly as the result of cryptographic or rate limit 1368violations. 1369Cryptographic violations include certificate 1370or identity verification failure; rate limit violations generally 1371result from defective NTP implementations that send packets 1372at abusive rates. 1373Some violations cause denied service 1374only for the offending packet, others cause denied service 1375for a timed period and others cause the denied service for 1376an indefinate period. 1377When a client or network is denied access 1378for an indefinate period, the only way at present to remove 1379the restrictions is by restarting the server. 1380@subsubsection The Kiss-of-Death Packet 1381Ordinarily, packets denied service are simply dropped with no 1382further action except incrementing statistics counters. 1383Sometimes a 1384more proactive response is needed, such as a server message that 1385explicitly requests the client to stop sending and leave a message 1386for the system operator. 1387A special packet format has been created 1388for this purpose called the "kiss-of-death" (KoD) packet. 1389KoD packets have the leap bits set unsynchronized and stratum set 1390to zero and the reference identifier field set to a four-byte 1391ASCII code. 1392If the 1393@code{noserve} 1394or 1395@code{notrust} 1396flag of the matching restrict list entry is set, 1397the code is "DENY"; if the 1398@code{limited} 1399flag is set and the rate limit 1400is exceeded, the code is "RATE". 1401Finally, if a cryptographic violation occurs, the code is "CRYP". 1402 1403A client receiving a KoD performs a set of sanity checks to 1404minimize security exposure, then updates the stratum and 1405reference identifier peer variables, sets the access 1406denied (TEST4) bit in the peer flash variable and sends 1407a message to the log. 1408As long as the TEST4 bit is set, 1409the client will send no further packets to the server. 1410The only way at present to recover from this condition is 1411to restart the protocol at both the client and server. 1412This 1413happens automatically at the client when the association times out. 1414It will happen at the server only if the server operator cooperates. 1415@subsubsection Access Control Commands 1416@table @asis 1417@item @code{discard} @code{[@code{average} @kbd{avg}]} @code{[@code{minimum} @kbd{min}]} @code{[@code{monitor} @kbd{prob}]} 1418Set the parameters of the 1419@code{limited} 1420facility which protects the server from 1421client abuse. 1422The 1423@code{average} 1424subcommand specifies the minimum average packet 1425spacing, while the 1426@code{minimum} 1427subcommand specifies the minimum packet spacing. 1428Packets that violate these minima are discarded 1429and a kiss-o'-death packet returned if enabled. 1430The default 1431minimum average and minimum are 5 and 2, respectively. 1432The monitor subcommand specifies the probability of discard 1433for packets that overflow the rate-control window. 1434@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@kbd{flag} @kbd{...}]} 1435The 1436@kbd{address} 1437argument expressed in 1438dotted-quad form is the address of a host or network. 1439Alternatively, the 1440@kbd{address} 1441argument can be a valid host DNS name. 1442The 1443@kbd{mask} 1444argument expressed in dotted-quad form defaults to 1445@code{255.255.255.255}, 1446meaning that the 1447@kbd{address} 1448is treated as the address of an individual host. 1449A default entry (address 1450@code{0.0.0.0}, 1451mask 1452@code{0.0.0.0}) 1453is always included and is always the first entry in the list. 1454Note that text string 1455@code{default}, 1456with no mask option, may 1457be used to indicate the default entry. 1458In the current implementation, 1459@code{flag} 1460always 1461restricts access, i.e., an entry with no flags indicates that free 1462access to the server is to be given. 1463The flags are not orthogonal, 1464in that more restrictive flags will often make less restrictive 1465ones redundant. 1466The flags can generally be classed into two 1467categories, those which restrict time service and those which 1468restrict informational queries and attempts to do run-time 1469reconfiguration of the server. 1470One or more of the following flags 1471may be specified: 1472@table @asis 1473@item @code{ignore} 1474Deny packets of all kinds, including 1475@code{ntpq(1ntpqmdoc)} 1476and 1477@code{ntpdc(1ntpdcmdoc)} 1478queries. 1479@item @code{kod} 1480If this flag is set when an access violation occurs, a kiss-o'-death 1481(KoD) packet is sent. 1482KoD packets are rate limited to no more than one 1483per second. 1484If another KoD packet occurs within one second after the 1485last one, the packet is dropped. 1486@item @code{limited} 1487Deny service if the packet spacing violates the lower limits specified 1488in the discard command. 1489A history of clients is kept using the 1490monitoring capability of 1491@code{ntpd(1ntpdmdoc)}. 1492Thus, monitoring is always active as 1493long as there is a restriction entry with the 1494@code{limited} 1495flag. 1496@item @code{lowpriotrap} 1497Declare traps set by matching hosts to be low priority. 1498The 1499number of traps a server can maintain is limited (the current limit 1500is 3). 1501Traps are usually assigned on a first come, first served 1502basis, with later trap requestors being denied service. 1503This flag 1504modifies the assignment algorithm by allowing low priority traps to 1505be overridden by later requests for normal priority traps. 1506@item @code{nomodify} 1507Deny 1508@code{ntpq(1ntpqmdoc)} 1509and 1510@code{ntpdc(1ntpdcmdoc)} 1511queries which attempt to modify the state of the 1512server (i.e., run time reconfiguration). 1513Queries which return 1514information are permitted. 1515@item @code{noquery} 1516Deny 1517@code{ntpq(1ntpqmdoc)} 1518and 1519@code{ntpdc(1ntpdcmdoc)} 1520queries. 1521Time service is not affected. 1522@item @code{nopeer} 1523Deny packets which would result in mobilizing a new association. 1524This 1525includes broadcast and symmetric active packets when a configured 1526association does not exist. 1527It also includes 1528@code{pool} 1529associations, so if you want to use servers from a 1530@code{pool} 1531directive and also want to use 1532@code{nopeer} 1533by default, you'll want a 1534@code{restrict source ...} @code{line} @code{as} @code{well} @code{that} @code{does} 1535@item not 1536include the 1537@code{nopeer} 1538directive. 1539@item @code{noserve} 1540Deny all packets except 1541@code{ntpq(1ntpqmdoc)} 1542and 1543@code{ntpdc(1ntpdcmdoc)} 1544queries. 1545@item @code{notrap} 1546Decline to provide mode 6 control message trap service to matching 1547hosts. 1548The trap service is a subsystem of the ntpdq control message 1549protocol which is intended for use by remote event logging programs. 1550@item @code{notrust} 1551Deny service unless the packet is cryptographically authenticated. 1552@item @code{ntpport} 1553This is actually a match algorithm modifier, rather than a 1554restriction flag. 1555Its presence causes the restriction entry to be 1556matched only if the source port in the packet is the standard NTP 1557UDP port (123). 1558Both 1559@code{ntpport} 1560and 1561@code{non-ntpport} 1562may 1563be specified. 1564The 1565@code{ntpport} 1566is considered more specific and 1567is sorted later in the list. 1568@item @code{version} 1569Deny packets that do not match the current NTP version. 1570@end table 1571 1572Default restriction list entries with the flags ignore, interface, 1573ntpport, for each of the local host's interface addresses are 1574inserted into the table at startup to prevent the server 1575from attempting to synchronize to its own time. 1576A default entry is also always present, though if it is 1577otherwise unconfigured; no flags are associated 1578with the default entry (i.e., everything besides your own 1579NTP server is unrestricted). 1580@end table 1581@node Automatic NTP Configuration Options 1582@subsection Automatic NTP Configuration Options 1583@subsubsection Manycasting 1584Manycasting is a automatic discovery and configuration paradigm 1585new to NTPv4. 1586It is intended as a means for a multicast client 1587to troll the nearby network neighborhood to find cooperating 1588manycast servers, validate them using cryptographic means 1589and evaluate their time values with respect to other servers 1590that might be lurking in the vicinity. 1591The intended result is that each manycast client mobilizes 1592client associations with some number of the "best" 1593of the nearby manycast servers, yet automatically reconfigures 1594to sustain this number of servers should one or another fail. 1595 1596Note that the manycasting paradigm does not coincide 1597with the anycast paradigm described in RFC-1546, 1598which is designed to find a single server from a clique 1599of servers providing the same service. 1600The manycast paradigm is designed to find a plurality 1601of redundant servers satisfying defined optimality criteria. 1602 1603Manycasting can be used with either symmetric key 1604or public key cryptography. 1605The public key infrastructure (PKI) 1606offers the best protection against compromised keys 1607and is generally considered stronger, at least with relatively 1608large key sizes. 1609It is implemented using the Autokey protocol and 1610the OpenSSL cryptographic library available from 1611@code{http://www.openssl.org/}. 1612The library can also be used with other NTPv4 modes 1613as well and is highly recommended, especially for broadcast modes. 1614 1615A persistent manycast client association is configured 1616using the manycastclient command, which is similar to the 1617server command but with a multicast (IPv4 class 1618@code{D} 1619or IPv6 prefix 1620@code{FF}) 1621group address. 1622The IANA has designated IPv4 address 224.1.1.1 1623and IPv6 address FF05::101 (site local) for NTP. 1624When more servers are needed, it broadcasts manycast 1625client messages to this address at the minimum feasible rate 1626and minimum feasible time-to-live (TTL) hops, depending 1627on how many servers have already been found. 1628There can be as many manycast client associations 1629as different group address, each one serving as a template 1630for a future ephemeral unicast client/server association. 1631 1632Manycast servers configured with the 1633@code{manycastserver} 1634command listen on the specified group address for manycast 1635client messages. 1636Note the distinction between manycast client, 1637which actively broadcasts messages, and manycast server, 1638which passively responds to them. 1639If a manycast server is 1640in scope of the current TTL and is itself synchronized 1641to a valid source and operating at a stratum level equal 1642to or lower than the manycast client, it replies to the 1643manycast client message with an ordinary unicast server message. 1644 1645The manycast client receiving this message mobilizes 1646an ephemeral client/server association according to the 1647matching manycast client template, but only if cryptographically 1648authenticated and the server stratum is less than or equal 1649to the client stratum. 1650Authentication is explicitly required 1651and either symmetric key or public key (Autokey) can be used. 1652Then, the client polls the server at its unicast address 1653in burst mode in order to reliably set the host clock 1654and validate the source. 1655This normally results 1656in a volley of eight client/server at 2-s intervals 1657during which both the synchronization and cryptographic 1658protocols run concurrently. 1659Following the volley, 1660the client runs the NTP intersection and clustering 1661algorithms, which act to discard all but the "best" 1662associations according to stratum and synchronization 1663distance. 1664The surviving associations then continue 1665in ordinary client/server mode. 1666 1667The manycast client polling strategy is designed to reduce 1668as much as possible the volume of manycast client messages 1669and the effects of implosion due to near-simultaneous 1670arrival of manycast server messages. 1671The strategy is determined by the 1672@code{manycastclient}, 1673@code{tos} 1674and 1675@code{ttl} 1676configuration commands. 1677The manycast poll interval is 1678normally eight times the system poll interval, 1679which starts out at the 1680@code{minpoll} 1681value specified in the 1682@code{manycastclient}, 1683command and, under normal circumstances, increments to the 1684@code{maxpolll} 1685value specified in this command. 1686Initially, the TTL is 1687set at the minimum hops specified by the ttl command. 1688At each retransmission the TTL is increased until reaching 1689the maximum hops specified by this command or a sufficient 1690number client associations have been found. 1691Further retransmissions use the same TTL. 1692 1693The quality and reliability of the suite of associations 1694discovered by the manycast client is determined by the NTP 1695mitigation algorithms and the 1696@code{minclock} 1697and 1698@code{minsane} 1699values specified in the 1700@code{tos} 1701configuration command. 1702At least 1703@code{minsane} 1704candidate servers must be available and the mitigation 1705algorithms produce at least 1706@code{minclock} 1707survivors in order to synchronize the clock. 1708Byzantine agreement principles require at least four 1709candidates in order to correctly discard a single falseticker. 1710For legacy purposes, 1711@code{minsane} 1712defaults to 1 and 1713@code{minclock} 1714defaults to 3. 1715For manycast service 1716@code{minsane} 1717should be explicitly set to 4, assuming at least that 1718number of servers are available. 1719 1720If at least 1721@code{minclock} 1722servers are found, the manycast poll interval is immediately 1723set to eight times 1724@code{maxpoll}. 1725If less than 1726@code{minclock} 1727servers are found when the TTL has reached the maximum hops, 1728the manycast poll interval is doubled. 1729For each transmission 1730after that, the poll interval is doubled again until 1731reaching the maximum of eight times 1732@code{maxpoll}. 1733Further transmissions use the same poll interval and 1734TTL values. 1735Note that while all this is going on, 1736each client/server association found is operating normally 1737it the system poll interval. 1738 1739Administratively scoped multicast boundaries are normally 1740specified by the network router configuration and, 1741in the case of IPv6, the link/site scope prefix. 1742By default, the increment for TTL hops is 32 starting 1743from 31; however, the 1744@code{ttl} 1745configuration command can be 1746used to modify the values to match the scope rules. 1747 1748It is often useful to narrow the range of acceptable 1749servers which can be found by manycast client associations. 1750Because manycast servers respond only when the client 1751stratum is equal to or greater than the server stratum, 1752primary (stratum 1) servers fill find only primary servers 1753in TTL range, which is probably the most common objective. 1754However, unless configured otherwise, all manycast clients 1755in TTL range will eventually find all primary servers 1756in TTL range, which is probably not the most common 1757objective in large networks. 1758The 1759@code{tos} 1760command can be used to modify this behavior. 1761Servers with stratum below 1762@code{floor} 1763or above 1764@code{ceiling} 1765specified in the 1766@code{tos} 1767command are strongly discouraged during the selection 1768process; however, these servers may be temporally 1769accepted if the number of servers within TTL range is 1770less than 1771@code{minclock}. 1772 1773The above actions occur for each manycast client message, 1774which repeats at the designated poll interval. 1775However, once the ephemeral client association is mobilized, 1776subsequent manycast server replies are discarded, 1777since that would result in a duplicate association. 1778If during a poll interval the number of client associations 1779falls below 1780@code{minclock}, 1781all manycast client prototype associations are reset 1782to the initial poll interval and TTL hops and operation 1783resumes from the beginning. 1784It is important to avoid 1785frequent manycast client messages, since each one requires 1786all manycast servers in TTL range to respond. 1787The result could well be an implosion, either minor or major, 1788depending on the number of servers in range. 1789The recommended value for 1790@code{maxpoll} 1791is 12 (4,096 s). 1792 1793It is possible and frequently useful to configure a host 1794as both manycast client and manycast server. 1795A number of hosts configured this way and sharing a common 1796group address will automatically organize themselves 1797in an optimum configuration based on stratum and 1798synchronization distance. 1799For example, consider an NTP 1800subnet of two primary servers and a hundred or more 1801dependent clients. 1802With two exceptions, all servers 1803and clients have identical configuration files including both 1804@code{multicastclient} 1805and 1806@code{multicastserver} 1807commands using, for instance, multicast group address 1808239.1.1.1. 1809The only exception is that each primary server 1810configuration file must include commands for the primary 1811reference source such as a GPS receiver. 1812 1813The remaining configuration files for all secondary 1814servers and clients have the same contents, except for the 1815@code{tos} 1816command, which is specific for each stratum level. 1817For stratum 1 and stratum 2 servers, that command is 1818not necessary. 1819For stratum 3 and above servers the 1820@code{floor} 1821value is set to the intended stratum number. 1822Thus, all stratum 3 configuration files are identical, 1823all stratum 4 files are identical and so forth. 1824 1825Once operations have stabilized in this scenario, 1826the primary servers will find the primary reference source 1827and each other, since they both operate at the same 1828stratum (1), but not with any secondary server or client, 1829since these operate at a higher stratum. 1830The secondary 1831servers will find the servers at the same stratum level. 1832If one of the primary servers loses its GPS receiver, 1833it will continue to operate as a client and other clients 1834will time out the corresponding association and 1835re-associate accordingly. 1836 1837Some administrators prefer to avoid running 1838@code{ntpd(1ntpdmdoc)} 1839continuously and run either 1840@code{sntp(1sntpmdoc)} 1841or 1842@code{ntpd(1ntpdmdoc)} 1843@code{-q} 1844as a cron job. 1845In either case the servers must be 1846configured in advance and the program fails if none are 1847available when the cron job runs. 1848A really slick 1849application of manycast is with 1850@code{ntpd(1ntpdmdoc)} 1851@code{-q}. 1852The program wakes up, scans the local landscape looking 1853for the usual suspects, selects the best from among 1854the rascals, sets the clock and then departs. 1855Servers do not have to be configured in advance and 1856all clients throughout the network can have the same 1857configuration file. 1858@subsubsection Manycast Interactions with Autokey 1859Each time a manycast client sends a client mode packet 1860to a multicast group address, all manycast servers 1861in scope generate a reply including the host name 1862and status word. 1863The manycast clients then run 1864the Autokey protocol, which collects and verifies 1865all certificates involved. 1866Following the burst interval 1867all but three survivors are cast off, 1868but the certificates remain in the local cache. 1869It often happens that several complete signing trails 1870from the client to the primary servers are collected in this way. 1871 1872About once an hour or less often if the poll interval 1873exceeds this, the client regenerates the Autokey key list. 1874This is in general transparent in client/server mode. 1875However, about once per day the server private value 1876used to generate cookies is refreshed along with all 1877manycast client associations. 1878In this case all 1879cryptographic values including certificates is refreshed. 1880If a new certificate has been generated since 1881the last refresh epoch, it will automatically revoke 1882all prior certificates that happen to be in the 1883certificate cache. 1884At the same time, the manycast 1885scheme starts all over from the beginning and 1886the expanding ring shrinks to the minimum and increments 1887from there while collecting all servers in scope. 1888@subsubsection Manycast Options 1889@table @asis 1890@item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]} 1891This command affects the clock selection and clustering 1892algorithms. 1893It can be used to select the quality and 1894quantity of peers used to synchronize the system clock 1895and is most useful in manycast mode. 1896The variables operate 1897as follows: 1898@table @asis 1899@item @code{ceiling} @kbd{ceiling} 1900Peers with strata above 1901@code{ceiling} 1902will be discarded if there are at least 1903@code{minclock} 1904peers remaining. 1905This value defaults to 15, but can be changed 1906to any number from 1 to 15. 1907@item @code{cohort} @code{@{0 | 1@}} 1908This is a binary flag which enables (0) or disables (1) 1909manycast server replies to manycast clients with the same 1910stratum level. 1911This is useful to reduce implosions where 1912large numbers of clients with the same stratum level 1913are present. 1914The default is to enable these replies. 1915@item @code{floor} @kbd{floor} 1916Peers with strata below 1917@code{floor} 1918will be discarded if there are at least 1919@code{minclock} 1920peers remaining. 1921This value defaults to 1, but can be changed 1922to any number from 1 to 15. 1923@item @code{minclock} @kbd{minclock} 1924The clustering algorithm repeatedly casts out outlier 1925associations until no more than 1926@code{minclock} 1927associations remain. 1928This value defaults to 3, 1929but can be changed to any number from 1 to the number of 1930configured sources. 1931@item @code{minsane} @kbd{minsane} 1932This is the minimum number of candidates available 1933to the clock selection algorithm in order to produce 1934one or more truechimers for the clustering algorithm. 1935If fewer than this number are available, the clock is 1936undisciplined and allowed to run free. 1937The default is 1 1938for legacy purposes. 1939However, according to principles of 1940Byzantine agreement, 1941@code{minsane} 1942should be at least 4 in order to detect and discard 1943a single falseticker. 1944@end table 1945@item @code{ttl} @kbd{hop} @kbd{...} 1946This command specifies a list of TTL values in increasing 1947order, up to 8 values can be specified. 1948In manycast mode these values are used in turn 1949in an expanding-ring search. 1950The default is eight 1951multiples of 32 starting at 31. 1952@end table 1953@node Reference Clock Support 1954@subsection Reference Clock Support 1955The NTP Version 4 daemon supports some three dozen different radio, 1956satellite and modem reference clocks plus a special pseudo-clock 1957used for backup or when no other clock source is available. 1958Detailed descriptions of individual device drivers and options can 1959be found in the 1960"Reference Clock Drivers" 1961page 1962(available as part of the HTML documentation 1963provided in 1964@file{/usr/share/doc/ntp}). 1965Additional information can be found in the pages linked 1966there, including the 1967"Debugging Hints for Reference Clock Drivers" 1968and 1969"How To Write a Reference Clock Driver" 1970pages 1971(available as part of the HTML documentation 1972provided in 1973@file{/usr/share/doc/ntp}). 1974In addition, support for a PPS 1975signal is available as described in the 1976"Pulse-per-second (PPS) Signal Interfacing" 1977page 1978(available as part of the HTML documentation 1979provided in 1980@file{/usr/share/doc/ntp}). 1981Many 1982drivers support special line discipline/streams modules which can 1983significantly improve the accuracy using the driver. 1984These are 1985described in the 1986"Line Disciplines and Streams Drivers" 1987page 1988(available as part of the HTML documentation 1989provided in 1990@file{/usr/share/doc/ntp}). 1991 1992A reference clock will generally (though not always) be a radio 1993timecode receiver which is synchronized to a source of standard 1994time such as the services offered by the NRC in Canada and NIST and 1995USNO in the US. 1996The interface between the computer and the timecode 1997receiver is device dependent, but is usually a serial port. 1998A 1999device driver specific to each reference clock must be selected and 2000compiled in the distribution; however, most common radio, satellite 2001and modem clocks are included by default. 2002Note that an attempt to 2003configure a reference clock when the driver has not been compiled 2004or the hardware port has not been appropriately configured results 2005in a scalding remark to the system log file, but is otherwise non 2006hazardous. 2007 2008For the purposes of configuration, 2009@code{ntpd(1ntpdmdoc)} 2010treats 2011reference clocks in a manner analogous to normal NTP peers as much 2012as possible. 2013Reference clocks are identified by a syntactically 2014correct but invalid IP address, in order to distinguish them from 2015normal NTP peers. 2016Reference clock addresses are of the form 2017@code{127.127.}@kbd{t}.@kbd{u}, 2018where 2019@kbd{t} 2020is an integer 2021denoting the clock type and 2022@kbd{u} 2023indicates the unit 2024number in the range 0-3. 2025While it may seem overkill, it is in fact 2026sometimes useful to configure multiple reference clocks of the same 2027type, in which case the unit numbers must be unique. 2028 2029The 2030@code{server} 2031command is used to configure a reference 2032clock, where the 2033@kbd{address} 2034argument in that command 2035is the clock address. 2036The 2037@code{key}, 2038@code{version} 2039and 2040@code{ttl} 2041options are not used for reference clock support. 2042The 2043@code{mode} 2044option is added for reference clock support, as 2045described below. 2046The 2047@code{prefer} 2048option can be useful to 2049persuade the server to cherish a reference clock with somewhat more 2050enthusiasm than other reference clocks or peers. 2051Further 2052information on this option can be found in the 2053"Mitigation Rules and the prefer Keyword" 2054(available as part of the HTML documentation 2055provided in 2056@file{/usr/share/doc/ntp}) 2057page. 2058The 2059@code{minpoll} 2060and 2061@code{maxpoll} 2062options have 2063meaning only for selected clock drivers. 2064See the individual clock 2065driver document pages for additional information. 2066 2067The 2068@code{fudge} 2069command is used to provide additional 2070information for individual clock drivers and normally follows 2071immediately after the 2072@code{server} 2073command. 2074The 2075@kbd{address} 2076argument specifies the clock address. 2077The 2078@code{refid} 2079and 2080@code{stratum} 2081options can be used to 2082override the defaults for the device. 2083There are two optional 2084device-dependent time offsets and four flags that can be included 2085in the 2086@code{fudge} 2087command as well. 2088 2089The stratum number of a reference clock is by default zero. 2090Since the 2091@code{ntpd(1ntpdmdoc)} 2092daemon adds one to the stratum of each 2093peer, a primary server ordinarily displays an external stratum of 2094one. 2095In order to provide engineered backups, it is often useful to 2096specify the reference clock stratum as greater than zero. 2097The 2098@code{stratum} 2099option is used for this purpose. 2100Also, in cases 2101involving both a reference clock and a pulse-per-second (PPS) 2102discipline signal, it is useful to specify the reference clock 2103identifier as other than the default, depending on the driver. 2104The 2105@code{refid} 2106option is used for this purpose. 2107Except where noted, 2108these options apply to all clock drivers. 2109@subsubsection Reference Clock Commands 2110@table @asis 2111@item @code{server} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{prefer}]} @code{[@code{mode} @kbd{int}]} @code{[@code{minpoll} @kbd{int}]} @code{[@code{maxpoll} @kbd{int}]} 2112This command can be used to configure reference clocks in 2113special ways. 2114The options are interpreted as follows: 2115@table @asis 2116@item @code{prefer} 2117Marks the reference clock as preferred. 2118All other things being 2119equal, this host will be chosen for synchronization among a set of 2120correctly operating hosts. 2121See the 2122"Mitigation Rules and the prefer Keyword" 2123page 2124(available as part of the HTML documentation 2125provided in 2126@file{/usr/share/doc/ntp}) 2127for further information. 2128@item @code{mode} @kbd{int} 2129Specifies a mode number which is interpreted in a 2130device-specific fashion. 2131For instance, it selects a dialing 2132protocol in the ACTS driver and a device subtype in the 2133parse 2134drivers. 2135@item @code{minpoll} @kbd{int} 2136@item @code{maxpoll} @kbd{int} 2137These options specify the minimum and maximum polling interval 2138for reference clock messages, as a power of 2 in seconds 2139For 2140most directly connected reference clocks, both 2141@code{minpoll} 2142and 2143@code{maxpoll} 2144default to 6 (64 s). 2145For modem reference clocks, 2146@code{minpoll} 2147defaults to 10 (17.1 m) and 2148@code{maxpoll} 2149defaults to 14 (4.5 h). 2150The allowable range is 4 (16 s) to 17 (36.4 h) inclusive. 2151@end table 2152@item @code{fudge} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{time1} @kbd{sec}]} @code{[@code{time2} @kbd{sec}]} @code{[@code{stratum} @kbd{int}]} @code{[@code{refid} @kbd{string}]} @code{[@code{mode} @kbd{int}]} @code{[@code{flag1} @code{0} @code{|} @code{1}]} @code{[@code{flag2} @code{0} @code{|} @code{1}]} @code{[@code{flag3} @code{0} @code{|} @code{1}]} @code{[@code{flag4} @code{0} @code{|} @code{1}]} 2153This command can be used to configure reference clocks in 2154special ways. 2155It must immediately follow the 2156@code{server} 2157command which configures the driver. 2158Note that the same capability 2159is possible at run time using the 2160@code{ntpdc(1ntpdcmdoc)} 2161program. 2162The options are interpreted as 2163follows: 2164@table @asis 2165@item @code{time1} @kbd{sec} 2166Specifies a constant to be added to the time offset produced by 2167the driver, a fixed-point decimal number in seconds. 2168This is used 2169as a calibration constant to adjust the nominal time offset of a 2170particular clock to agree with an external standard, such as a 2171precision PPS signal. 2172It also provides a way to correct a 2173systematic error or bias due to serial port or operating system 2174latencies, different cable lengths or receiver internal delay. 2175The 2176specified offset is in addition to the propagation delay provided 2177by other means, such as internal DIPswitches. 2178Where a calibration 2179for an individual system and driver is available, an approximate 2180correction is noted in the driver documentation pages. 2181Note: in order to facilitate calibration when more than one 2182radio clock or PPS signal is supported, a special calibration 2183feature is available. 2184It takes the form of an argument to the 2185@code{enable} 2186command described in 2187@ref{Miscellaneous Options} 2188page and operates as described in the 2189"Reference Clock Drivers" 2190page 2191(available as part of the HTML documentation 2192provided in 2193@file{/usr/share/doc/ntp}). 2194@item @code{time2} @kbd{secs} 2195Specifies a fixed-point decimal number in seconds, which is 2196interpreted in a driver-dependent way. 2197See the descriptions of 2198specific drivers in the 2199"Reference Clock Drivers" 2200page 2201(available as part of the HTML documentation 2202provided in 2203@file{/usr/share/doc/ntp}). 2204@item @code{stratum} @kbd{int} 2205Specifies the stratum number assigned to the driver, an integer 2206between 0 and 15. 2207This number overrides the default stratum number 2208ordinarily assigned by the driver itself, usually zero. 2209@item @code{refid} @kbd{string} 2210Specifies an ASCII string of from one to four characters which 2211defines the reference identifier used by the driver. 2212This string 2213overrides the default identifier ordinarily assigned by the driver 2214itself. 2215@item @code{mode} @kbd{int} 2216Specifies a mode number which is interpreted in a 2217device-specific fashion. 2218For instance, it selects a dialing 2219protocol in the ACTS driver and a device subtype in the 2220parse 2221drivers. 2222@item @code{flag1} @code{0} @code{|} @code{1} 2223@item @code{flag2} @code{0} @code{|} @code{1} 2224@item @code{flag3} @code{0} @code{|} @code{1} 2225@item @code{flag4} @code{0} @code{|} @code{1} 2226These four flags are used for customizing the clock driver. 2227The 2228interpretation of these values, and whether they are used at all, 2229is a function of the particular clock driver. 2230However, by 2231convention 2232@code{flag4} 2233is used to enable recording monitoring 2234data to the 2235@code{clockstats} 2236file configured with the 2237@code{filegen} 2238command. 2239Further information on the 2240@code{filegen} 2241command can be found in 2242@ref{Monitoring Options}. 2243@end table 2244@end table 2245@node Miscellaneous Options 2246@subsection Miscellaneous Options 2247@table @asis 2248@item @code{broadcastdelay} @kbd{seconds} 2249The broadcast and multicast modes require a special calibration 2250to determine the network delay between the local and remote 2251servers. 2252Ordinarily, this is done automatically by the initial 2253protocol exchanges between the client and server. 2254In some cases, 2255the calibration procedure may fail due to network or server access 2256controls, for example. 2257This command specifies the default delay to 2258be used under these circumstances. 2259Typically (for Ethernet), a 2260number between 0.003 and 0.007 seconds is appropriate. 2261The default 2262when this command is not used is 0.004 seconds. 2263@item @code{calldelay} @kbd{delay} 2264This option controls the delay in seconds between the first and second 2265packets sent in burst or iburst mode to allow additional time for a modem 2266or ISDN call to complete. 2267@item @code{driftfile} @kbd{driftfile} 2268This command specifies the complete path and name of the file used to 2269record the frequency of the local clock oscillator. 2270This is the same 2271operation as the 2272@code{-f} 2273command line option. 2274If the file exists, it is read at 2275startup in order to set the initial frequency and then updated once per 2276hour with the current frequency computed by the daemon. 2277If the file name is 2278specified, but the file itself does not exist, the starts with an initial 2279frequency of zero and creates the file when writing it for the first time. 2280If this command is not given, the daemon will always start with an initial 2281frequency of zero. 2282 2283The file format consists of a single line containing a single 2284floating point number, which records the frequency offset measured 2285in parts-per-million (PPM). 2286The file is updated by first writing 2287the current drift value into a temporary file and then renaming 2288this file to replace the old version. 2289This implies that 2290@code{ntpd(1ntpdmdoc)} 2291must have write permission for the directory the 2292drift file is located in, and that file system links, symbolic or 2293otherwise, should be avoided. 2294@item @code{dscp} @kbd{value} 2295This option specifies the Differentiated Services Control Point (DSCP) value, 2296a 6-bit code. The default value is 46, signifying Expedited Forwarding. 2297@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} 2298@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} 2299Provides a way to enable or disable various server options. 2300Flags not mentioned are unaffected. 2301Note that all of these flags 2302can be controlled remotely using the 2303@code{ntpdc(1ntpdcmdoc)} 2304utility program. 2305@table @asis 2306@item @code{auth} 2307Enables the server to synchronize with unconfigured peers only if the 2308peer has been correctly authenticated using either public key or 2309private key cryptography. 2310The default for this flag is 2311@code{enable}. 2312@item @code{bclient} 2313Enables the server to listen for a message from a broadcast or 2314multicast server, as in the 2315@code{multicastclient} 2316command with default 2317address. 2318The default for this flag is 2319@code{disable}. 2320@item @code{calibrate} 2321Enables the calibrate feature for reference clocks. 2322The default for 2323this flag is 2324@code{disable}. 2325@item @code{kernel} 2326Enables the kernel time discipline, if available. 2327The default for this 2328flag is 2329@code{enable} 2330if support is available, otherwise 2331@code{disable}. 2332@item @code{mode7} 2333Enables processing of NTP mode 7 implementation-specific requests 2334which are used by the deprecated 2335@code{ntpdc(1ntpdcmdoc)} 2336program. 2337The default for this flag is disable. 2338This flag is excluded from runtime configuration using 2339@code{ntpq(1ntpqmdoc)}. 2340The 2341@code{ntpq(1ntpqmdoc)} 2342program provides the same capabilities as 2343@code{ntpdc(1ntpdcmdoc)} 2344using standard mode 6 requests. 2345@item @code{monitor} 2346Enables the monitoring facility. 2347See the 2348@code{ntpdc(1ntpdcmdoc)} 2349program 2350and the 2351@code{monlist} 2352command or further information. 2353The 2354default for this flag is 2355@code{enable}. 2356@item @code{ntp} 2357Enables time and frequency discipline. 2358In effect, this switch opens and 2359closes the feedback loop, which is useful for testing. 2360The default for 2361this flag is 2362@code{enable}. 2363@item @code{stats} 2364Enables the statistics facility. 2365See the 2366@ref{Monitoring Options} 2367section for further information. 2368The default for this flag is 2369@code{disable}. 2370@end table 2371@item @code{includefile} @kbd{includefile} 2372This command allows additional configuration commands 2373to be included from a separate file. 2374Include files may 2375be nested to a depth of five; upon reaching the end of any 2376include file, command processing resumes in the previous 2377configuration file. 2378This option is useful for sites that run 2379@code{ntpd(1ntpdmdoc)} 2380on multiple hosts, with (mostly) common options (e.g., a 2381restriction list). 2382@item @code{leapsmearinterval} @kbd{seconds} 2383This EXPERIMENTAL option is only available if 2384@code{ntpd(1ntpdmdoc)} 2385was built with the 2386@code{--enable-leap-smear} 2387option to the 2388@code{configure} 2389script. 2390It specifies the interval over which a leap second correction will be applied. 2391Recommended values for this option are between 23927200 (2 hours) and 86400 (24 hours). 2393.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS! 2394See http://bugs.ntp.org/2855 for more information. 2395@item @code{logconfig} @kbd{configkeyword} 2396This command controls the amount and type of output written to 2397the system 2398@code{syslog(3)} 2399facility or the alternate 2400@code{logfile} 2401log file. 2402By default, all output is turned on. 2403All 2404@kbd{configkeyword} 2405keywords can be prefixed with 2406@quoteleft{}=@quoteright{}, 2407@quoteleft{}+@quoteright{} 2408and 2409@quoteleft{}-@quoteright{}, 2410where 2411@quoteleft{}=@quoteright{} 2412sets the 2413@code{syslog(3)} 2414priority mask, 2415@quoteleft{}+@quoteright{} 2416adds and 2417@quoteleft{}-@quoteright{} 2418removes 2419messages. 2420@code{syslog(3)} 2421messages can be controlled in four 2422classes 2423(@code{clock}, @code{peer}, @code{sys} and @code{sync}). 2424Within these classes four types of messages can be 2425controlled: informational messages 2426(@code{info}), 2427event messages 2428(@code{events}), 2429statistics messages 2430(@code{statistics}) 2431and 2432status messages 2433(@code{status}). 2434 2435Configuration keywords are formed by concatenating the message class with 2436the event class. 2437The 2438@code{all} 2439prefix can be used instead of a message class. 2440A 2441message class may also be followed by the 2442@code{all} 2443keyword to enable/disable all 2444messages of the respective message class.Thus, a minimal log configuration 2445could look like this: 2446@verbatim 2447logconfig =syncstatus +sysevents 2448@end verbatim 2449 2450This would just list the synchronizations state of 2451@code{ntpd(1ntpdmdoc)} 2452and the major system events. 2453For a simple reference server, the 2454following minimum message configuration could be useful: 2455@verbatim 2456logconfig =syncall +clockall 2457@end verbatim 2458 2459This configuration will list all clock information and 2460synchronization information. 2461All other events and messages about 2462peers, system events and so on is suppressed. 2463@item @code{logfile} @kbd{logfile} 2464This command specifies the location of an alternate log file to 2465be used instead of the default system 2466@code{syslog(3)} 2467facility. 2468This is the same operation as the -l command line option. 2469@item @code{setvar} @kbd{variable} @code{[@code{default}]} 2470This command adds an additional system variable. 2471These 2472variables can be used to distribute additional information such as 2473the access policy. 2474If the variable of the form 2475@code{name}@code{=}@kbd{value} 2476is followed by the 2477@code{default} 2478keyword, the 2479variable will be listed as part of the default system variables 2480(@code{rv} command)). 2481These additional variables serve 2482informational purposes only. 2483They are not related to the protocol 2484other that they can be listed. 2485The known protocol variables will 2486always override any variables defined via the 2487@code{setvar} 2488mechanism. 2489There are three special variables that contain the names 2490of all variable of the same group. 2491The 2492@code{sys_var_list} 2493holds 2494the names of all system variables. 2495The 2496@code{peer_var_list} 2497holds 2498the names of all peer variables and the 2499@code{clock_var_list} 2500holds the names of the reference clock variables. 2501@item @code{tinker} @code{[@code{allan} @kbd{allan} | @code{dispersion} @kbd{dispersion} | @code{freq} @kbd{freq} | @code{huffpuff} @kbd{huffpuff} | @code{panic} @kbd{panic} | @code{step} @kbd{step} | @code{stepback} @kbd{stepback} | @code{stepfwd} @kbd{stepfwd} | @code{stepout} @kbd{stepout}]} 2502This command can be used to alter several system variables in 2503very exceptional circumstances. 2504It should occur in the 2505configuration file before any other configuration options. 2506The 2507default values of these variables have been carefully optimized for 2508a wide range of network speeds and reliability expectations. 2509In 2510general, they interact in intricate ways that are hard to predict 2511and some combinations can result in some very nasty behavior. 2512Very 2513rarely is it necessary to change the default values; but, some 2514folks cannot resist twisting the knobs anyway and this command is 2515for them. 2516Emphasis added: twisters are on their own and can expect 2517no help from the support group. 2518 2519The variables operate as follows: 2520@table @asis 2521@item @code{allan} @kbd{allan} 2522The argument becomes the new value for the minimum Allan 2523intercept, which is a parameter of the PLL/FLL clock discipline 2524algorithm. 2525The value in log2 seconds defaults to 7 (1024 s), which is also the lower 2526limit. 2527@item @code{dispersion} @kbd{dispersion} 2528The argument becomes the new value for the dispersion increase rate, 2529normally .000015 s/s. 2530@item @code{freq} @kbd{freq} 2531The argument becomes the initial value of the frequency offset in 2532parts-per-million. 2533This overrides the value in the frequency file, if 2534present, and avoids the initial training state if it is not. 2535@item @code{huffpuff} @kbd{huffpuff} 2536The argument becomes the new value for the experimental 2537huff-n'-puff filter span, which determines the most recent interval 2538the algorithm will search for a minimum delay. 2539The lower limit is 2540900 s (15 m), but a more reasonable value is 7200 (2 hours). 2541There 2542is no default, since the filter is not enabled unless this command 2543is given. 2544@item @code{panic} @kbd{panic} 2545The argument is the panic threshold, normally 1000 s. 2546If set to zero, 2547the panic sanity check is disabled and a clock offset of any value will 2548be accepted. 2549@item @code{step} @kbd{step} 2550The argument is the step threshold, which by default is 0.128 s. 2551It can 2552be set to any positive number in seconds. 2553If set to zero, step 2554adjustments will never occur. 2555Note: The kernel time discipline is 2556disabled if the step threshold is set to zero or greater than the 2557default. 2558@item @code{stepback} @kbd{stepback} 2559The argument is the step threshold for the backward direction, 2560which by default is 0.128 s. 2561It can 2562be set to any positive number in seconds. 2563If both the forward and backward step thresholds are set to zero, step 2564adjustments will never occur. 2565Note: The kernel time discipline is 2566disabled if 2567each direction of step threshold are either 2568set to zero or greater than .5 second. 2569@item @code{stepfwd} @kbd{stepfwd} 2570As for stepback, but for the forward direction. 2571@item @code{stepout} @kbd{stepout} 2572The argument is the stepout timeout, which by default is 900 s. 2573It can 2574be set to any positive number in seconds. 2575If set to zero, the stepout 2576pulses will not be suppressed. 2577@end table 2578@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]} 2579@table @asis 2580@item @code{memlock} @kbd{Nmegabytes} 2581Specify the number of megabytes of memory that should be 2582allocated and locked. 2583Probably only available under Linux, this option may be useful 2584when dropping root (the 2585@code{-i} 2586option). 2587The default is 32 megabytes on non-Linux machines, and -1 under Linux. 2588-1 means "do not lock the process into memory". 25890 means "lock whatever memory the process wants into memory". 2590@item @code{stacksize} @kbd{N4kPages} 2591Specifies the maximum size of the process stack on systems with the 2592@code{mlockall()} 2593function. 2594Defaults to 50 4k pages (200 4k pages in OpenBSD). 2595@item @code{filenum} @kbd{Nfiledescriptors} 2596Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default. 2597@end table 2598@item @code{trap} @kbd{host_address} @code{[@code{port} @kbd{port_number}]} @code{[@code{interface} @kbd{interface_address}]} 2599This command configures a trap receiver at the given host 2600address and port number for sending messages with the specified 2601local interface address. 2602If the port number is unspecified, a value 2603of 18447 is used. 2604If the interface address is not specified, the 2605message is sent with a source address of the local interface the 2606message is sent through. 2607Note that on a multihomed host the 2608interface used may vary from time to time with routing changes. 2609 2610The trap receiver will generally log event messages and other 2611information from the server in a log file. 2612While such monitor 2613programs may also request their own trap dynamically, configuring a 2614trap receiver will ensure that no messages are lost when the server 2615is started. 2616@item @code{hop} @kbd{...} 2617This command specifies a list of TTL values in increasing order, up to 8 2618values can be specified. 2619In manycast mode these values are used in turn in 2620an expanding-ring search. 2621The default is eight multiples of 32 starting at 262231. 2623@end table 2624 2625This section was generated by @strong{AutoGen}, 2626using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.conf} program. 2627This software is released under the NTP license, <http://ntp.org/license>. 2628 2629@menu 2630* ntp.conf Files:: Files 2631* ntp.conf See Also:: See Also 2632* ntp.conf Bugs:: Bugs 2633* ntp.conf Notes:: Notes 2634@end menu 2635 2636@node ntp.conf Files 2637@subsection ntp.conf Files 2638@table @asis 2639@item @file{/etc/ntp.conf} 2640the default name of the configuration file 2641@item @file{ntp.keys} 2642private MD5 keys 2643@item @file{ntpkey} 2644RSA private key 2645@item @file{ntpkey_}@kbd{host} 2646RSA public key 2647@item @file{ntp_dh} 2648Diffie-Hellman agreement parameters 2649@end table 2650@node ntp.conf See Also 2651@subsection ntp.conf See Also 2652@code{ntpd(1ntpdmdoc)}, 2653@code{ntpdc(1ntpdcmdoc)}, 2654@code{ntpq(1ntpqmdoc)} 2655 2656In addition to the manual pages provided, 2657comprehensive documentation is available on the world wide web 2658at 2659@code{http://www.ntp.org/}. 2660A snapshot of this documentation is available in HTML format in 2661@file{/usr/share/doc/ntp}. 2662@* 2663 2664@* 2665David L. Mills, @emph{Network Time Protocol (Version 4)}, RFC5905 2666@node ntp.conf Bugs 2667@subsection ntp.conf Bugs 2668The syntax checking is not picky; some combinations of 2669ridiculous and even hilarious options and modes may not be 2670detected. 2671 2672The 2673@file{ntpkey_}@kbd{host} 2674files are really digital 2675certificates. 2676These should be obtained via secure directory 2677services when they become universally available. 2678@node ntp.conf Notes 2679@subsection ntp.conf Notes 2680This document was derived from FreeBSD. 2681