1@node ntp.keys Notes 2@section Notes about ntp.keys 3@pindex ntp.keys 4@cindex NTP symmetric key file format 5@ignore 6# 7# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) 8# 9# It has been AutoGen-ed March 21, 2017 at 10:31:04 AM by AutoGen 5.18.5 10# From the definitions ntp.keys.def 11# and the template file agtexi-file.tpl 12@end ignore 13 14 15 16This document describes the format of an NTP symmetric key file. 17For a description of the use of this type of file, see the 18"Authentication Support" 19section of the 20@code{ntp.conf(5)} 21page. 22 23@code{ntpd(8)} 24reads its keys from a file specified using the 25@code{-k} 26command line option or the 27@code{keys} 28statement in the configuration file. 29While key number 0 is fixed by the NTP standard 30(as 56 zero bits) 31and may not be changed, 32one or more keys numbered between 1 and 65534 33may be arbitrarily set in the keys file. 34 35The key file uses the same comment conventions 36as the configuration file. 37Key entries use a fixed format of the form 38 39@example 40@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} 41@end example 42 43where 44@kbd{keyno} 45is a positive integer (between 1 and 65534), 46@kbd{type} 47is the message digest algorithm, 48and 49@kbd{key} 50is the key itself, and 51@kbd{opt_IP_list} 52is an optional comma-separated list of IPs 53that are allowed to serve time. 54If 55@kbd{opt_IP_list} 56is empty, 57any properly-authenticated server message will be 58accepted. 59 60The 61@kbd{key} 62may be given in a format 63controlled by the 64@kbd{type} 65field. 66The 67@kbd{type} 68@code{MD5} 69is always supported. 70If 71@code{ntpd} 72was built with the OpenSSL library 73then any digest library supported by that library may be specified. 74However, if compliance with FIPS 140-2 is required the 75@kbd{type} 76must be either 77@code{SHA} 78or 79@code{SHA1}. 80 81What follows are some key types, and corresponding formats: 82 83@table @asis 84@item @code{MD5} 85The key is 1 to 16 printable characters terminated by 86an EOL, 87whitespace, 88or 89a 90@code{#} 91(which is the "start of comment" character). 92 93@item @code{SHA} 94@item @code{SHA1} 95@item @code{RMD160} 96The key is a hex-encoded ASCII string of 40 characters, 97which is truncated as necessary. 98@end table 99 100Note that the keys used by the 101@code{ntpq(8)} 102and 103@code{ntpdc(8)} 104programs are checked against passwords 105requested by the programs and entered by hand, 106so it is generally appropriate to specify these keys in ASCII format. 107 108This section was generated by @strong{AutoGen}, 109using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program. 110This software is released under the NTP license, <http://ntp.org/license>. 111 112@menu 113* ntp.keys Files:: Files 114* ntp.keys See Also:: See Also 115* ntp.keys Notes:: Notes 116@end menu 117 118@node ntp.keys Files 119@subsection ntp.keys Files 120@table @asis 121@item @file{/etc/ntp.keys} 122the default name of the configuration file 123@end table 124@node ntp.keys See Also 125@subsection ntp.keys See Also 126@code{ntp.conf(5)}, 127@code{ntpd(1ntpdmdoc)}, 128@code{ntpdate(1ntpdatemdoc)}, 129@code{ntpdc(1ntpdcmdoc)}, 130@code{sntp(1sntpmdoc)} 131@node ntp.keys Notes 132@subsection ntp.keys Notes 133This document was derived from FreeBSD. 134