xref: /freebsd/contrib/ntp/ntpd/ntp.conf.5mdoc (revision 0b3105a37d7adcadcb720112fed4dc4e8040be99)
1.Dd January 20 2016
2.Dt NTP_CONF 5mdoc File Formats
3.Os
4.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
5.\"
6.\"  It has been AutoGen-ed  January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5
7.\"  From the definitions    ntp.conf.def
8.\"  and the template file   agmdoc-cmd.tpl
9.Sh NAME
10.Nm ntp.conf
11.Nd Network Time Protocol (NTP) daemon configuration file format
12.Sh SYNOPSIS
13.Nm
14.Op Fl \-option\-name
15.Op Fl \-option\-name Ar value
16.Pp
17All arguments must be options.
18.Pp
19.Sh DESCRIPTION
20The
21.Nm
22configuration file is read at initial startup by the
23.Xr ntpd 1ntpdmdoc
24daemon in order to specify the synchronization sources,
25modes and other related information.
26Usually, it is installed in the
27.Pa /etc
28directory,
29but could be installed elsewhere
30(see the daemon's
31.Fl c
32command line option).
33.Pp
34The file format is similar to other
35.Ux
36configuration files.
37Comments begin with a
38.Ql #
39character and extend to the end of the line;
40blank lines are ignored.
41Configuration commands consist of an initial keyword
42followed by a list of arguments,
43some of which may be optional, separated by whitespace.
44Commands may not be continued over multiple lines.
45Arguments may be host names,
46host addresses written in numeric, dotted\-quad form,
47integers, floating point numbers (when specifying times in seconds)
48and text strings.
49.Pp
50The rest of this page describes the configuration and control options.
51The
52.Qq Notes on Configuring NTP and Setting up an NTP Subnet
53page
54(available as part of the HTML documentation
55provided in
56.Pa /usr/share/doc/ntp )
57contains an extended discussion of these options.
58In addition to the discussion of general
59.Sx Configuration Options ,
60there are sections describing the following supported functionality
61and the options used to control it:
62.Bl -bullet -offset indent
63.It
64.Sx Authentication Support
65.It
66.Sx Monitoring Support
67.It
68.Sx Access Control Support
69.It
70.Sx Automatic NTP Configuration Options
71.It
72.Sx Reference Clock Support
73.It
74.Sx Miscellaneous Options
75.El
76.Pp
77Following these is a section describing
78.Sx Miscellaneous Options .
79While there is a rich set of options available,
80the only required option is one or more
81.Ic pool ,
82.Ic server ,
83.Ic peer ,
84.Ic broadcast
85or
86.Ic manycastclient
87commands.
88.Sh Configuration Support
89Following is a description of the configuration commands in
90NTPv4.
91These commands have the same basic functions as in NTPv3 and
92in some cases new functions and new arguments.
93There are two
94classes of commands, configuration commands that configure a
95persistent association with a remote server or peer or reference
96clock, and auxiliary commands that specify environmental variables
97that control various related operations.
98.Ss Configuration Commands
99The various modes are determined by the command keyword and the
100type of the required IP address.
101Addresses are classed by type as
102(s) a remote server or peer (IPv4 class A, B and C), (b) the
103broadcast address of a local interface, (m) a multicast address (IPv4
104class D), or (r) a reference clock address (127.127.x.x).
105Note that
106only those options applicable to each command are listed below.
107Use
108of options not listed may not be caught as an error, but may result
109in some weird and even destructive behavior.
110.Pp
111If the Basic Socket Interface Extensions for IPv6 (RFC\-2553)
112is detected, support for the IPv6 address family is generated
113in addition to the default support of the IPv4 address family.
114In a few cases, including the reslist billboard generated
115by ntpdc, IPv6 addresses are automatically generated.
116IPv6 addresses can be identified by the presence of colons
117.Dq \&:
118in the address field.
119IPv6 addresses can be used almost everywhere where
120IPv4 addresses can be used,
121with the exception of reference clock addresses,
122which are always IPv4.
123.Pp
124Note that in contexts where a host name is expected, a
125.Fl 4
126qualifier preceding
127the host name forces DNS resolution to the IPv4 namespace,
128while a
129.Fl 6
130qualifier forces DNS resolution to the IPv6 namespace.
131See IPv6 references for the
132equivalent classes for that address family.
133.Bl -tag -width indent
134.It Xo Ic pool Ar address
135.Op Cm burst
136.Op Cm iburst
137.Op Cm version Ar version
138.Op Cm prefer
139.Op Cm minpoll Ar minpoll
140.Op Cm maxpoll Ar maxpoll
141.Xc
142.It Xo Ic server Ar address
143.Op Cm key Ar key \&| Cm autokey
144.Op Cm burst
145.Op Cm iburst
146.Op Cm version Ar version
147.Op Cm prefer
148.Op Cm minpoll Ar minpoll
149.Op Cm maxpoll Ar maxpoll
150.Xc
151.It Xo Ic peer Ar address
152.Op Cm key Ar key \&| Cm autokey
153.Op Cm version Ar version
154.Op Cm prefer
155.Op Cm minpoll Ar minpoll
156.Op Cm maxpoll Ar maxpoll
157.Xc
158.It Xo Ic broadcast Ar address
159.Op Cm key Ar key \&| Cm autokey
160.Op Cm version Ar version
161.Op Cm prefer
162.Op Cm minpoll Ar minpoll
163.Op Cm ttl Ar ttl
164.Xc
165.It Xo Ic manycastclient Ar address
166.Op Cm key Ar key \&| Cm autokey
167.Op Cm version Ar version
168.Op Cm prefer
169.Op Cm minpoll Ar minpoll
170.Op Cm maxpoll Ar maxpoll
171.Op Cm ttl Ar ttl
172.Xc
173.El
174.Pp
175These five commands specify the time server name or address to
176be used and the mode in which to operate.
177The
178.Ar address
179can be
180either a DNS name or an IP address in dotted\-quad notation.
181Additional information on association behavior can be found in the
182.Qq Association Management
183page
184(available as part of the HTML documentation
185provided in
186.Pa /usr/share/doc/ntp ) .
187.Bl -tag -width indent
188.It Ic pool
189For type s addresses, this command mobilizes a persistent
190client mode association with a number of remote servers.
191In this mode the local clock can synchronized to the
192remote server, but the remote server can never be synchronized to
193the local clock.
194.It Ic server
195For type s and r addresses, this command mobilizes a persistent
196client mode association with the specified remote server or local
197radio clock.
198In this mode the local clock can synchronized to the
199remote server, but the remote server can never be synchronized to
200the local clock.
201This command should
202.Em not
203be used for type
204b or m addresses.
205.It Ic peer
206For type s addresses (only), this command mobilizes a
207persistent symmetric\-active mode association with the specified
208remote peer.
209In this mode the local clock can be synchronized to
210the remote peer or the remote peer can be synchronized to the local
211clock.
212This is useful in a network of servers where, depending on
213various failure scenarios, either the local or remote peer may be
214the better source of time.
215This command should NOT be used for type
216b, m or r addresses.
217.It Ic broadcast
218For type b and m addresses (only), this
219command mobilizes a persistent broadcast mode association.
220Multiple
221commands can be used to specify multiple local broadcast interfaces
222(subnets) and/or multiple multicast groups.
223Note that local
224broadcast messages go only to the interface associated with the
225subnet specified, but multicast messages go to all interfaces.
226In broadcast mode the local server sends periodic broadcast
227messages to a client population at the
228.Ar address
229specified, which is usually the broadcast address on (one of) the
230local network(s) or a multicast address assigned to NTP.
231The IANA
232has assigned the multicast group address IPv4 224.0.1.1 and
233IPv6 ff05::101 (site local) exclusively to
234NTP, but other nonconflicting addresses can be used to contain the
235messages within administrative boundaries.
236Ordinarily, this
237specification applies only to the local server operating as a
238sender; for operation as a broadcast client, see the
239.Ic broadcastclient
240or
241.Ic multicastclient
242commands
243below.
244.It Ic manycastclient
245For type m addresses (only), this command mobilizes a
246manycast client mode association for the multicast address
247specified.
248In this case a specific address must be supplied which
249matches the address used on the
250.Ic manycastserver
251command for
252the designated manycast servers.
253The NTP multicast address
254224.0.1.1 assigned by the IANA should NOT be used, unless specific
255means are taken to avoid spraying large areas of the Internet with
256these messages and causing a possibly massive implosion of replies
257at the sender.
258The
259.Ic manycastserver
260command specifies that the local server
261is to operate in client mode with the remote servers that are
262discovered as the result of broadcast/multicast messages.
263The
264client broadcasts a request message to the group address associated
265with the specified
266.Ar address
267and specifically enabled
268servers respond to these messages.
269The client selects the servers
270providing the best time and continues as with the
271.Ic server
272command.
273The remaining servers are discarded as if never
274heard.
275.El
276.Pp
277Options:
278.Bl -tag -width indent
279.It Cm autokey
280All packets sent to and received from the server or peer are to
281include authentication fields encrypted using the autokey scheme
282described in
283.Sx Authentication Options .
284.It Cm burst
285when the server is reachable, send a burst of eight packets
286instead of the usual one.
287The packet spacing is normally 2 s;
288however, the spacing between the first and second packets
289can be changed with the calldelay command to allow
290additional time for a modem or ISDN call to complete.
291This is designed to improve timekeeping quality
292with the
293.Ic server
294command and s addresses.
295.It Cm iburst
296When the server is unreachable, send a burst of eight packets
297instead of the usual one.
298The packet spacing is normally 2 s;
299however, the spacing between the first two packets can be
300changed with the calldelay command to allow
301additional time for a modem or ISDN call to complete.
302This is designed to speed the initial synchronization
303acquisition with the
304.Ic server
305command and s addresses and when
306.Xr ntpd 1ntpdmdoc
307is started with the
308.Fl q
309option.
310.It Cm key Ar key
311All packets sent to and received from the server or peer are to
312include authentication fields encrypted using the specified
313.Ar key
314identifier with values from 1 to 65534, inclusive.
315The
316default is to include no encryption field.
317.It Cm minpoll Ar minpoll
318.It Cm maxpoll Ar maxpoll
319These options specify the minimum and maximum poll intervals
320for NTP messages, as a power of 2 in seconds
321The maximum poll
322interval defaults to 10 (1,024 s), but can be increased by the
323.Cm maxpoll
324option to an upper limit of 17 (36.4 h).
325The
326minimum poll interval defaults to 6 (64 s), but can be decreased by
327the
328.Cm minpoll
329option to a lower limit of 4 (16 s).
330.It Cm noselect
331Marks the server as unused, except for display purposes.
332The server is discarded by the selection algroithm.
333.It Cm prefer
334Marks the server as preferred.
335All other things being equal,
336this host will be chosen for synchronization among a set of
337correctly operating hosts.
338See the
339.Qq Mitigation Rules and the prefer Keyword
340page
341(available as part of the HTML documentation
342provided in
343.Pa /usr/share/doc/ntp )
344for further information.
345.It Cm ttl Ar ttl
346This option is used only with broadcast server and manycast
347client modes.
348It specifies the time\-to\-live
349.Ar ttl
350to
351use on broadcast server and multicast server and the maximum
352.Ar ttl
353for the expanding ring search with manycast
354client packets.
355Selection of the proper value, which defaults to
356127, is something of a black art and should be coordinated with the
357network administrator.
358.It Cm version Ar version
359Specifies the version number to be used for outgoing NTP
360packets.
361Versions 1\-4 are the choices, with version 4 the
362default.
363.El
364.Ss Auxiliary Commands
365.Bl -tag -width indent
366.It Ic broadcastclient
367This command enables reception of broadcast server messages to
368any local interface (type b) address.
369Upon receiving a message for
370the first time, the broadcast client measures the nominal server
371propagation delay using a brief client/server exchange with the
372server, then enters the broadcast client mode, in which it
373synchronizes to succeeding broadcast messages.
374Note that, in order
375to avoid accidental or malicious disruption in this mode, both the
376server and client should operate using symmetric\-key or public\-key
377authentication as described in
378.Sx Authentication Options .
379.It Ic manycastserver Ar address ...
380This command enables reception of manycast client messages to
381the multicast group address(es) (type m) specified.
382At least one
383address is required, but the NTP multicast address 224.0.1.1
384assigned by the IANA should NOT be used, unless specific means are
385taken to limit the span of the reply and avoid a possibly massive
386implosion at the original sender.
387Note that, in order to avoid
388accidental or malicious disruption in this mode, both the server
389and client should operate using symmetric\-key or public\-key
390authentication as described in
391.Sx Authentication Options .
392.It Ic multicastclient Ar address ...
393This command enables reception of multicast server messages to
394the multicast group address(es) (type m) specified.
395Upon receiving
396a message for the first time, the multicast client measures the
397nominal server propagation delay using a brief client/server
398exchange with the server, then enters the broadcast client mode, in
399which it synchronizes to succeeding multicast messages.
400Note that,
401in order to avoid accidental or malicious disruption in this mode,
402both the server and client should operate using symmetric\-key or
403public\-key authentication as described in
404.Sx Authentication Options .
405.It Ic mdnstries Ar number
406If we are participating in mDNS,
407after we have synched for the first time
408we attempt to register with the mDNS system.
409If that registration attempt fails,
410we try again at one minute intervals for up to
411.Ic mdnstries
412times.
413After all,
414.Ic ntpd
415may be starting before mDNS.
416The default value for
417.Ic mdnstries
418is 5.
419.El
420.Sh Authentication Support
421Authentication support allows the NTP client to verify that the
422server is in fact known and trusted and not an intruder intending
423accidentally or on purpose to masquerade as that server.
424The NTPv3
425specification RFC\-1305 defines a scheme which provides
426cryptographic authentication of received NTP packets.
427Originally,
428this was done using the Data Encryption Standard (DES) algorithm
429operating in Cipher Block Chaining (CBC) mode, commonly called
430DES\-CBC.
431Subsequently, this was replaced by the RSA Message Digest
4325 (MD5) algorithm using a private key, commonly called keyed\-MD5.
433Either algorithm computes a message digest, or one\-way hash, which
434can be used to verify the server has the correct private key and
435key identifier.
436.Pp
437NTPv4 retains the NTPv3 scheme, properly described as symmetric key
438cryptography and, in addition, provides a new Autokey scheme
439based on public key cryptography.
440Public key cryptography is generally considered more secure
441than symmetric key cryptography, since the security is based
442on a private value which is generated by each server and
443never revealed.
444With Autokey all key distribution and
445management functions involve only public values, which
446considerably simplifies key distribution and storage.
447Public key management is based on X.509 certificates,
448which can be provided by commercial services or
449produced by utility programs in the OpenSSL software library
450or the NTPv4 distribution.
451.Pp
452While the algorithms for symmetric key cryptography are
453included in the NTPv4 distribution, public key cryptography
454requires the OpenSSL software library to be installed
455before building the NTP distribution.
456Directions for doing that
457are on the Building and Installing the Distribution page.
458.Pp
459Authentication is configured separately for each association
460using the
461.Cm key
462or
463.Cm autokey
464subcommand on the
465.Ic peer ,
466.Ic server ,
467.Ic broadcast
468and
469.Ic manycastclient
470configuration commands as described in
471.Sx Configuration Options
472page.
473The authentication
474options described below specify the locations of the key files,
475if other than default, which symmetric keys are trusted
476and the interval between various operations, if other than default.
477.Pp
478Authentication is always enabled,
479although ineffective if not configured as
480described below.
481If a NTP packet arrives
482including a message authentication
483code (MAC), it is accepted only if it
484passes all cryptographic checks.
485The
486checks require correct key ID, key value
487and message digest.
488If the packet has
489been modified in any way or replayed
490by an intruder, it will fail one or more
491of these checks and be discarded.
492Furthermore, the Autokey scheme requires a
493preliminary protocol exchange to obtain
494the server certificate, verify its
495credentials and initialize the protocol
496.Pp
497The
498.Cm auth
499flag controls whether new associations or
500remote configuration commands require cryptographic authentication.
501This flag can be set or reset by the
502.Ic enable
503and
504.Ic disable
505commands and also by remote
506configuration commands sent by a
507.Xr ntpdc 1ntpdcmdoc
508program running in
509another machine.
510If this flag is enabled, which is the default
511case, new broadcast client and symmetric passive associations and
512remote configuration commands must be cryptographically
513authenticated using either symmetric key or public key cryptography.
514If this
515flag is disabled, these operations are effective
516even if not cryptographic
517authenticated.
518It should be understood
519that operating with the
520.Ic auth
521flag disabled invites a significant vulnerability
522where a rogue hacker can
523masquerade as a falseticker and seriously
524disrupt system timekeeping.
525It is
526important to note that this flag has no purpose
527other than to allow or disallow
528a new association in response to new broadcast
529and symmetric active messages
530and remote configuration commands and, in particular,
531the flag has no effect on
532the authentication process itself.
533.Pp
534An attractive alternative where multicast support is available
535is manycast mode, in which clients periodically troll
536for servers as described in the
537.Sx Automatic NTP Configuration Options
538page.
539Either symmetric key or public key
540cryptographic authentication can be used in this mode.
541The principle advantage
542of manycast mode is that potential servers need not be
543configured in advance,
544since the client finds them during regular operation,
545and the configuration
546files for all clients can be identical.
547.Pp
548The security model and protocol schemes for
549both symmetric key and public key
550cryptography are summarized below;
551further details are in the briefings, papers
552and reports at the NTP project page linked from
553.Li http://www.ntp.org/ .
554.Ss Symmetric\-Key Cryptography
555The original RFC\-1305 specification allows any one of possibly
55665,534 keys, each distinguished by a 32\-bit key identifier, to
557authenticate an association.
558The servers and clients involved must
559agree on the key and key identifier to
560authenticate NTP packets.
561Keys and
562related information are specified in a key
563file, usually called
564.Pa ntp.keys ,
565which must be distributed and stored using
566secure means beyond the scope of the NTP protocol itself.
567Besides the keys used
568for ordinary NTP associations,
569additional keys can be used as passwords for the
570.Xr ntpq 1ntpqmdoc
571and
572.Xr ntpdc 1ntpdcmdoc
573utility programs.
574.Pp
575When
576.Xr ntpd 1ntpdmdoc
577is first started, it reads the key file specified in the
578.Ic keys
579configuration command and installs the keys
580in the key cache.
581However,
582individual keys must be activated with the
583.Ic trusted
584command before use.
585This
586allows, for instance, the installation of possibly
587several batches of keys and
588then activating or deactivating each batch
589remotely using
590.Xr ntpdc 1ntpdcmdoc .
591This also provides a revocation capability that can be used
592if a key becomes compromised.
593The
594.Ic requestkey
595command selects the key used as the password for the
596.Xr ntpdc 1ntpdcmdoc
597utility, while the
598.Ic controlkey
599command selects the key used as the password for the
600.Xr ntpq 1ntpqmdoc
601utility.
602.Ss Public Key Cryptography
603NTPv4 supports the original NTPv3 symmetric key scheme
604described in RFC\-1305 and in addition the Autokey protocol,
605which is based on public key cryptography.
606The Autokey Version 2 protocol described on the Autokey Protocol
607page verifies packet integrity using MD5 message digests
608and verifies the source with digital signatures and any of several
609digest/signature schemes.
610Optional identity schemes described on the Identity Schemes
611page and based on cryptographic challenge/response algorithms
612are also available.
613Using all of these schemes provides strong security against
614replay with or without modification, spoofing, masquerade
615and most forms of clogging attacks.
616.\" .Pp
617.\" The cryptographic means necessary for all Autokey operations
618.\" is provided by the OpenSSL software library.
619.\" This library is available from http://www.openssl.org/
620.\" and can be installed using the procedures outlined
621.\" in the Building and Installing the Distribution page.
622.\" Once installed,
623.\" the configure and build
624.\" process automatically detects the library and links
625.\" the library routines required.
626.Pp
627The Autokey protocol has several modes of operation
628corresponding to the various NTP modes supported.
629Most modes use a special cookie which can be
630computed independently by the client and server,
631but encrypted in transmission.
632All modes use in addition a variant of the S\-KEY scheme,
633in which a pseudo\-random key list is generated and used
634in reverse order.
635These schemes are described along with an executive summary,
636current status, briefing slides and reading list on the
637.Sx Autonomous Authentication
638page.
639.Pp
640The specific cryptographic environment used by Autokey servers
641and clients is determined by a set of files
642and soft links generated by the
643.Xr ntp\-keygen 1ntpkeygenmdoc
644program.
645This includes a required host key file,
646required certificate file and optional sign key file,
647leapsecond file and identity scheme files.
648The
649digest/signature scheme is specified in the X.509 certificate
650along with the matching sign key.
651There are several schemes
652available in the OpenSSL software library, each identified
653by a specific string such as
654.Cm md5WithRSAEncryption ,
655which stands for the MD5 message digest with RSA
656encryption scheme.
657The current NTP distribution supports
658all the schemes in the OpenSSL library, including
659those based on RSA and DSA digital signatures.
660.Pp
661NTP secure groups can be used to define cryptographic compartments
662and security hierarchies.
663It is important that every host
664in the group be able to construct a certificate trail to one
665or more trusted hosts in the same group.
666Each group
667host runs the Autokey protocol to obtain the certificates
668for all hosts along the trail to one or more trusted hosts.
669This requires the configuration file in all hosts to be
670engineered so that, even under anticipated failure conditions,
671the NTP subnet will form such that every group host can find
672a trail to at least one trusted host.
673.Ss Naming and Addressing
674It is important to note that Autokey does not use DNS to
675resolve addresses, since DNS can't be completely trusted
676until the name servers have synchronized clocks.
677The cryptographic name used by Autokey to bind the host identity
678credentials and cryptographic values must be independent
679of interface, network and any other naming convention.
680The name appears in the host certificate in either or both
681the subject and issuer fields, so protection against
682DNS compromise is essential.
683.Pp
684By convention, the name of an Autokey host is the name returned
685by the Unix
686.Xr gethostname 2
687system call or equivalent in other systems.
688By the system design
689model, there are no provisions to allow alternate names or aliases.
690However, this is not to say that DNS aliases, different names
691for each interface, etc., are constrained in any way.
692.Pp
693It is also important to note that Autokey verifies authenticity
694using the host name, network address and public keys,
695all of which are bound together by the protocol specifically
696to deflect masquerade attacks.
697For this reason Autokey
698includes the source and destinatino IP addresses in message digest
699computations and so the same addresses must be available
700at both the server and client.
701For this reason operation
702with network address translation schemes is not possible.
703This reflects the intended robust security model where government
704and corporate NTP servers are operated outside firewall perimeters.
705.Ss Operation
706A specific combination of authentication scheme (none,
707symmetric key, public key) and identity scheme is called
708a cryptotype, although not all combinations are compatible.
709There may be management configurations where the clients,
710servers and peers may not all support the same cryptotypes.
711A secure NTPv4 subnet can be configured in many ways while
712keeping in mind the principles explained above and
713in this section.
714Note however that some cryptotype
715combinations may successfully interoperate with each other,
716but may not represent good security practice.
717.Pp
718The cryptotype of an association is determined at the time
719of mobilization, either at configuration time or some time
720later when a message of appropriate cryptotype arrives.
721When mobilized by a
722.Ic server
723or
724.Ic peer
725configuration command and no
726.Ic key
727or
728.Ic autokey
729subcommands are present, the association is not
730authenticated; if the
731.Ic key
732subcommand is present, the association is authenticated
733using the symmetric key ID specified; if the
734.Ic autokey
735subcommand is present, the association is authenticated
736using Autokey.
737.Pp
738When multiple identity schemes are supported in the Autokey
739protocol, the first message exchange determines which one is used.
740The client request message contains bits corresponding
741to which schemes it has available.
742The server response message
743contains bits corresponding to which schemes it has available.
744Both server and client match the received bits with their own
745and select a common scheme.
746.Pp
747Following the principle that time is a public value,
748a server responds to any client packet that matches
749its cryptotype capabilities.
750Thus, a server receiving
751an unauthenticated packet will respond with an unauthenticated
752packet, while the same server receiving a packet of a cryptotype
753it supports will respond with packets of that cryptotype.
754However, unconfigured broadcast or manycast client
755associations or symmetric passive associations will not be
756mobilized unless the server supports a cryptotype compatible
757with the first packet received.
758By default, unauthenticated associations will not be mobilized
759unless overridden in a decidedly dangerous way.
760.Pp
761Some examples may help to reduce confusion.
762Client Alice has no specific cryptotype selected.
763Server Bob has both a symmetric key file and minimal Autokey files.
764Alice's unauthenticated messages arrive at Bob, who replies with
765unauthenticated messages.
766Cathy has a copy of Bob's symmetric
767key file and has selected key ID 4 in messages to Bob.
768Bob verifies the message with his key ID 4.
769If it's the
770same key and the message is verified, Bob sends Cathy a reply
771authenticated with that key.
772If verification fails,
773Bob sends Cathy a thing called a crypto\-NAK, which tells her
774something broke.
775She can see the evidence using the
776.Xr ntpq 1ntpqmdoc
777program.
778.Pp
779Denise has rolled her own host key and certificate.
780She also uses one of the identity schemes as Bob.
781She sends the first Autokey message to Bob and they
782both dance the protocol authentication and identity steps.
783If all comes out okay, Denise and Bob continue as described above.
784.Pp
785It should be clear from the above that Bob can support
786all the girls at the same time, as long as he has compatible
787authentication and identity credentials.
788Now, Bob can act just like the girls in his own choice of servers;
789he can run multiple configured associations with multiple different
790servers (or the same server, although that might not be useful).
791But, wise security policy might preclude some cryptotype
792combinations; for instance, running an identity scheme
793with one server and no authentication with another might not be wise.
794.Ss Key Management
795The cryptographic values used by the Autokey protocol are
796incorporated as a set of files generated by the
797.Xr ntp\-keygen 1ntpkeygenmdoc
798utility program, including symmetric key, host key and
799public certificate files, as well as sign key, identity parameters
800and leapseconds files.
801Alternatively, host and sign keys and
802certificate files can be generated by the OpenSSL utilities
803and certificates can be imported from public certificate
804authorities.
805Note that symmetric keys are necessary for the
806.Xr ntpq 1ntpqmdoc
807and
808.Xr ntpdc 1ntpdcmdoc
809utility programs.
810The remaining files are necessary only for the
811Autokey protocol.
812.Pp
813Certificates imported from OpenSSL or public certificate
814authorities have certian limitations.
815The certificate should be in ASN.1 syntax, X.509 Version 3
816format and encoded in PEM, which is the same format
817used by OpenSSL.
818The overall length of the certificate encoded
819in ASN.1 must not exceed 1024 bytes.
820The subject distinguished
821name field (CN) is the fully qualified name of the host
822on which it is used; the remaining subject fields are ignored.
823The certificate extension fields must not contain either
824a subject key identifier or a issuer key identifier field;
825however, an extended key usage field for a trusted host must
826contain the value
827.Cm trustRoot ; .
828Other extension fields are ignored.
829.Ss Authentication Commands
830.Bl -tag -width indent
831.It Ic autokey Op Ar logsec
832Specifies the interval between regenerations of the session key
833list used with the Autokey protocol.
834Note that the size of the key
835list for each association depends on this interval and the current
836poll interval.
837The default value is 12 (4096 s or about 1.1 hours).
838For poll intervals above the specified interval, a session key list
839with a single entry will be regenerated for every message
840sent.
841.It Ic controlkey Ar key
842Specifies the key identifier to use with the
843.Xr ntpq 1ntpqmdoc
844utility, which uses the standard
845protocol defined in RFC\-1305.
846The
847.Ar key
848argument is
849the key identifier for a trusted key, where the value can be in the
850range 1 to 65,534, inclusive.
851.It Xo Ic crypto
852.Op Cm cert Ar file
853.Op Cm leap Ar file
854.Op Cm randfile Ar file
855.Op Cm host Ar file
856.Op Cm sign Ar file
857.Op Cm gq Ar file
858.Op Cm gqpar Ar file
859.Op Cm iffpar Ar file
860.Op Cm mvpar Ar file
861.Op Cm pw Ar password
862.Xc
863This command requires the OpenSSL library.
864It activates public key
865cryptography, selects the message digest and signature
866encryption scheme and loads the required private and public
867values described above.
868If one or more files are left unspecified,
869the default names are used as described above.
870Unless the complete path and name of the file are specified, the
871location of a file is relative to the keys directory specified
872in the
873.Ic keysdir
874command or default
875.Pa /usr/local/etc .
876Following are the subcommands:
877.Bl -tag -width indent
878.It Cm cert Ar file
879Specifies the location of the required host public certificate file.
880This overrides the link
881.Pa ntpkey_cert_ Ns Ar hostname
882in the keys directory.
883.It Cm gqpar Ar file
884Specifies the location of the optional GQ parameters file.
885This
886overrides the link
887.Pa ntpkey_gq_ Ns Ar hostname
888in the keys directory.
889.It Cm host Ar file
890Specifies the location of the required host key file.
891This overrides
892the link
893.Pa ntpkey_key_ Ns Ar hostname
894in the keys directory.
895.It Cm iffpar Ar file
896Specifies the location of the optional IFF parameters file.This
897overrides the link
898.Pa ntpkey_iff_ Ns Ar hostname
899in the keys directory.
900.It Cm leap Ar file
901Specifies the location of the optional leapsecond file.
902This overrides the link
903.Pa ntpkey_leap
904in the keys directory.
905.It Cm mvpar Ar file
906Specifies the location of the optional MV parameters file.
907This
908overrides the link
909.Pa ntpkey_mv_ Ns Ar hostname
910in the keys directory.
911.It Cm pw Ar password
912Specifies the password to decrypt files containing private keys and
913identity parameters.
914This is required only if these files have been
915encrypted.
916.It Cm randfile Ar file
917Specifies the location of the random seed file used by the OpenSSL
918library.
919The defaults are described in the main text above.
920.It Cm sign Ar file
921Specifies the location of the optional sign key file.
922This overrides
923the link
924.Pa ntpkey_sign_ Ns Ar hostname
925in the keys directory.
926If this file is
927not found, the host key is also the sign key.
928.El
929.It Ic keys Ar keyfile
930Specifies the complete path and location of the MD5 key file
931containing the keys and key identifiers used by
932.Xr ntpd 1ntpdmdoc ,
933.Xr ntpq 1ntpqmdoc
934and
935.Xr ntpdc 1ntpdcmdoc
936when operating with symmetric key cryptography.
937This is the same operation as the
938.Fl k
939command line option.
940.It Ic keysdir Ar path
941This command specifies the default directory path for
942cryptographic keys, parameters and certificates.
943The default is
944.Pa /usr/local/etc/ .
945.It Ic requestkey Ar key
946Specifies the key identifier to use with the
947.Xr ntpdc 1ntpdcmdoc
948utility program, which uses a
949proprietary protocol specific to this implementation of
950.Xr ntpd 1ntpdmdoc .
951The
952.Ar key
953argument is a key identifier
954for the trusted key, where the value can be in the range 1 to
95565,534, inclusive.
956.It Ic revoke Ar logsec
957Specifies the interval between re\-randomization of certain
958cryptographic values used by the Autokey scheme, as a power of 2 in
959seconds.
960These values need to be updated frequently in order to
961deflect brute\-force attacks on the algorithms of the scheme;
962however, updating some values is a relatively expensive operation.
963The default interval is 16 (65,536 s or about 18 hours).
964For poll
965intervals above the specified interval, the values will be updated
966for every message sent.
967.It Ic trustedkey Ar key ...
968Specifies the key identifiers which are trusted for the
969purposes of authenticating peers with symmetric key cryptography,
970as well as keys used by the
971.Xr ntpq 1ntpqmdoc
972and
973.Xr ntpdc 1ntpdcmdoc
974programs.
975The authentication procedures require that both the local
976and remote servers share the same key and key identifier for this
977purpose, although different keys can be used with different
978servers.
979The
980.Ar key
981arguments are 32\-bit unsigned
982integers with values from 1 to 65,534.
983.El
984.Ss Error Codes
985The following error codes are reported via the NTP control
986and monitoring protocol trap mechanism.
987.Bl -tag -width indent
988.It 101
989.Pq bad field format or length
990The packet has invalid version, length or format.
991.It 102
992.Pq bad timestamp
993The packet timestamp is the same or older than the most recent received.
994This could be due to a replay or a server clock time step.
995.It 103
996.Pq bad filestamp
997The packet filestamp is the same or older than the most recent received.
998This could be due to a replay or a key file generation error.
999.It 104
1000.Pq bad or missing public key
1001The public key is missing, has incorrect format or is an unsupported type.
1002.It 105
1003.Pq unsupported digest type
1004The server requires an unsupported digest/signature scheme.
1005.It 106
1006.Pq mismatched digest types
1007Not used.
1008.It 107
1009.Pq bad signature length
1010The signature length does not match the current public key.
1011.It 108
1012.Pq signature not verified
1013The message fails the signature check.
1014It could be bogus or signed by a
1015different private key.
1016.It 109
1017.Pq certificate not verified
1018The certificate is invalid or signed with the wrong key.
1019.It 110
1020.Pq certificate not verified
1021The certificate is not yet valid or has expired or the signature could not
1022be verified.
1023.It 111
1024.Pq bad or missing cookie
1025The cookie is missing, corrupted or bogus.
1026.It 112
1027.Pq bad or missing leapseconds table
1028The leapseconds table is missing, corrupted or bogus.
1029.It 113
1030.Pq bad or missing certificate
1031The certificate is missing, corrupted or bogus.
1032.It 114
1033.Pq bad or missing identity
1034The identity key is missing, corrupt or bogus.
1035.El
1036.Sh Monitoring Support
1037.Xr ntpd 1ntpdmdoc
1038includes a comprehensive monitoring facility suitable
1039for continuous, long term recording of server and client
1040timekeeping performance.
1041See the
1042.Ic statistics
1043command below
1044for a listing and example of each type of statistics currently
1045supported.
1046Statistic files are managed using file generation sets
1047and scripts in the
1048.Pa ./scripts
1049directory of this distribution.
1050Using
1051these facilities and
1052.Ux
1053.Xr cron 8
1054jobs, the data can be
1055automatically summarized and archived for retrospective analysis.
1056.Ss Monitoring Commands
1057.Bl -tag -width indent
1058.It Ic statistics Ar name ...
1059Enables writing of statistics records.
1060Currently, eight kinds of
1061.Ar name
1062statistics are supported.
1063.Bl -tag -width indent
1064.It Cm clockstats
1065Enables recording of clock driver statistics information.
1066Each update
1067received from a clock driver appends a line of the following form to
1068the file generation set named
1069.Cm clockstats :
1070.Bd -literal
107149213 525.624 127.127.4.1 93 226 00:08:29.606 D
1072.Ed
1073.Pp
1074The first two fields show the date (Modified Julian Day) and time
1075(seconds and fraction past UTC midnight).
1076The next field shows the
1077clock address in dotted\-quad notation.
1078The final field shows the last
1079timecode received from the clock in decoded ASCII format, where
1080meaningful.
1081In some clock drivers a good deal of additional information
1082can be gathered and displayed as well.
1083See information specific to each
1084clock for further details.
1085.It Cm cryptostats
1086This option requires the OpenSSL cryptographic software library.
1087It
1088enables recording of cryptographic public key protocol information.
1089Each message received by the protocol module appends a line of the
1090following form to the file generation set named
1091.Cm cryptostats :
1092.Bd -literal
109349213 525.624 127.127.4.1 message
1094.Ed
1095.Pp
1096The first two fields show the date (Modified Julian Day) and time
1097(seconds and fraction past UTC midnight).
1098The next field shows the peer
1099address in dotted\-quad notation, The final message field includes the
1100message type and certain ancillary information.
1101See the
1102.Sx Authentication Options
1103section for further information.
1104.It Cm loopstats
1105Enables recording of loop filter statistics information.
1106Each
1107update of the local clock outputs a line of the following form to
1108the file generation set named
1109.Cm loopstats :
1110.Bd -literal
111150935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
1112.Ed
1113.Pp
1114The first two fields show the date (Modified Julian Day) and
1115time (seconds and fraction past UTC midnight).
1116The next five fields
1117show time offset (seconds), frequency offset (parts per million \-
1118PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
1119discipline time constant.
1120.It Cm peerstats
1121Enables recording of peer statistics information.
1122This includes
1123statistics records of all peers of a NTP server and of special
1124signals, where present and configured.
1125Each valid update appends a
1126line of the following form to the current element of a file
1127generation set named
1128.Cm peerstats :
1129.Bd -literal
113048773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
1131.Ed
1132.Pp
1133The first two fields show the date (Modified Julian Day) and
1134time (seconds and fraction past UTC midnight).
1135The next two fields
1136show the peer address in dotted\-quad notation and status,
1137respectively.
1138The status field is encoded in hex in the format
1139described in Appendix A of the NTP specification RFC 1305.
1140The final four fields show the offset,
1141delay, dispersion and RMS jitter, all in seconds.
1142.It Cm rawstats
1143Enables recording of raw\-timestamp statistics information.
1144This
1145includes statistics records of all peers of a NTP server and of
1146special signals, where present and configured.
1147Each NTP message
1148received from a peer or clock driver appends a line of the
1149following form to the file generation set named
1150.Cm rawstats :
1151.Bd -literal
115250928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
1153.Ed
1154.Pp
1155The first two fields show the date (Modified Julian Day) and
1156time (seconds and fraction past UTC midnight).
1157The next two fields
1158show the remote peer or clock address followed by the local address
1159in dotted\-quad notation.
1160The final four fields show the originate,
1161receive, transmit and final NTP timestamps in order.
1162The timestamp
1163values are as received and before processing by the various data
1164smoothing and mitigation algorithms.
1165.It Cm sysstats
1166Enables recording of ntpd statistics counters on a periodic basis.
1167Each
1168hour a line of the following form is appended to the file generation
1169set named
1170.Cm sysstats :
1171.Bd -literal
117250928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
1173.Ed
1174.Pp
1175The first two fields show the date (Modified Julian Day) and time
1176(seconds and fraction past UTC midnight).
1177The remaining ten fields show
1178the statistics counter values accumulated since the last generated
1179line.
1180.Bl -tag -width indent
1181.It Time since restart Cm 36000
1182Time in hours since the system was last rebooted.
1183.It Packets received Cm 81965
1184Total number of packets received.
1185.It Packets processed Cm 0
1186Number of packets received in response to previous packets sent
1187.It Current version Cm 9546
1188Number of packets matching the current NTP version.
1189.It Previous version Cm 56
1190Number of packets matching the previous NTP version.
1191.It Bad version Cm 71793
1192Number of packets matching neither NTP version.
1193.It Access denied Cm 512
1194Number of packets denied access for any reason.
1195.It Bad length or format Cm 540
1196Number of packets with invalid length, format or port number.
1197.It Bad authentication Cm 10
1198Number of packets not verified as authentic.
1199.It Rate exceeded Cm 147
1200Number of packets discarded due to rate limitation.
1201.El
1202.It Cm statsdir Ar directory_path
1203Indicates the full path of a directory where statistics files
1204should be created (see below).
1205This keyword allows
1206the (otherwise constant)
1207.Cm filegen
1208filename prefix to be modified for file generation sets, which
1209is useful for handling statistics logs.
1210.It Cm filegen Ar name Xo
1211.Op Cm file Ar filename
1212.Op Cm type Ar typename
1213.Op Cm link | nolink
1214.Op Cm enable | disable
1215.Xc
1216Configures setting of generation file set name.
1217Generation
1218file sets provide a means for handling files that are
1219continuously growing during the lifetime of a server.
1220Server statistics are a typical example for such files.
1221Generation file sets provide access to a set of files used
1222to store the actual data.
1223At any time at most one element
1224of the set is being written to.
1225The type given specifies
1226when and how data will be directed to a new element of the set.
1227This way, information stored in elements of a file set
1228that are currently unused are available for administrational
1229operations without the risk of disturbing the operation of ntpd.
1230(Most important: they can be removed to free space for new data
1231produced.)
1232.Pp
1233Note that this command can be sent from the
1234.Xr ntpdc 1ntpdcmdoc
1235program running at a remote location.
1236.Bl -tag -width indent
1237.It Cm name
1238This is the type of the statistics records, as shown in the
1239.Cm statistics
1240command.
1241.It Cm file Ar filename
1242This is the file name for the statistics records.
1243Filenames of set
1244members are built from three concatenated elements
1245.Ar Cm prefix ,
1246.Ar Cm filename
1247and
1248.Ar Cm suffix :
1249.Bl -tag -width indent
1250.It Cm prefix
1251This is a constant filename path.
1252It is not subject to
1253modifications via the
1254.Ar filegen
1255option.
1256It is defined by the
1257server, usually specified as a compile\-time constant.
1258It may,
1259however, be configurable for individual file generation sets
1260via other commands.
1261For example, the prefix used with
1262.Ar loopstats
1263and
1264.Ar peerstats
1265generation can be configured using the
1266.Ar statsdir
1267option explained above.
1268.It Cm filename
1269This string is directly concatenated to the prefix mentioned
1270above (no intervening
1271.Ql / ) .
1272This can be modified using
1273the file argument to the
1274.Ar filegen
1275statement.
1276No
1277.Pa ..
1278elements are
1279allowed in this component to prevent filenames referring to
1280parts outside the filesystem hierarchy denoted by
1281.Ar prefix .
1282.It Cm suffix
1283This part is reflects individual elements of a file set.
1284It is
1285generated according to the type of a file set.
1286.El
1287.It Cm type Ar typename
1288A file generation set is characterized by its type.
1289The following
1290types are supported:
1291.Bl -tag -width indent
1292.It Cm none
1293The file set is actually a single plain file.
1294.It Cm pid
1295One element of file set is used per incarnation of a ntpd
1296server.
1297This type does not perform any changes to file set
1298members during runtime, however it provides an easy way of
1299separating files belonging to different
1300.Xr ntpd 1ntpdmdoc
1301server incarnations.
1302The set member filename is built by appending a
1303.Ql \&.
1304to concatenated
1305.Ar prefix
1306and
1307.Ar filename
1308strings, and
1309appending the decimal representation of the process ID of the
1310.Xr ntpd 1ntpdmdoc
1311server process.
1312.It Cm day
1313One file generation set element is created per day.
1314A day is
1315defined as the period between 00:00 and 24:00 UTC.
1316The file set
1317member suffix consists of a
1318.Ql \&.
1319and a day specification in
1320the form
1321.Cm YYYYMMdd .
1322.Cm YYYY
1323is a 4\-digit year number (e.g., 1992).
1324.Cm MM
1325is a two digit month number.
1326.Cm dd
1327is a two digit day number.
1328Thus, all information written at 10 December 1992 would end up
1329in a file named
1330.Ar prefix
1331.Ar filename Ns .19921210 .
1332.It Cm week
1333Any file set member contains data related to a certain week of
1334a year.
1335The term week is defined by computing day\-of\-year
1336modulo 7.
1337Elements of such a file generation set are
1338distinguished by appending the following suffix to the file set
1339filename base: A dot, a 4\-digit year number, the letter
1340.Cm W ,
1341and a 2\-digit week number.
1342For example, information from January,
134310th 1992 would end up in a file with suffix
1344.No . Ns Ar 1992W1 .
1345.It Cm month
1346One generation file set element is generated per month.
1347The
1348file name suffix consists of a dot, a 4\-digit year number, and
1349a 2\-digit month.
1350.It Cm year
1351One generation file element is generated per year.
1352The filename
1353suffix consists of a dot and a 4 digit year number.
1354.It Cm age
1355This type of file generation sets changes to a new element of
1356the file set every 24 hours of server operation.
1357The filename
1358suffix consists of a dot, the letter
1359.Cm a ,
1360and an 8\-digit number.
1361This number is taken to be the number of seconds the server is
1362running at the start of the corresponding 24\-hour period.
1363Information is only written to a file generation by specifying
1364.Cm enable ;
1365output is prevented by specifying
1366.Cm disable .
1367.El
1368.It Cm link | nolink
1369It is convenient to be able to access the current element of a file
1370generation set by a fixed name.
1371This feature is enabled by
1372specifying
1373.Cm link
1374and disabled using
1375.Cm nolink .
1376If link is specified, a
1377hard link from the current file set element to a file without
1378suffix is created.
1379When there is already a file with this name and
1380the number of links of this file is one, it is renamed appending a
1381dot, the letter
1382.Cm C ,
1383and the pid of the ntpd server process.
1384When the
1385number of links is greater than one, the file is unlinked.
1386This
1387allows the current file to be accessed by a constant name.
1388.It Cm enable \&| Cm disable
1389Enables or disables the recording function.
1390.El
1391.El
1392.El
1393.Sh Access Control Support
1394The
1395.Xr ntpd 1ntpdmdoc
1396daemon implements a general purpose address/mask based restriction
1397list.
1398The list contains address/match entries sorted first
1399by increasing address values and and then by increasing mask values.
1400A match occurs when the bitwise AND of the mask and the packet
1401source address is equal to the bitwise AND of the mask and
1402address in the list.
1403The list is searched in order with the
1404last match found defining the restriction flags associated
1405with the entry.
1406Additional information and examples can be found in the
1407.Qq Notes on Configuring NTP and Setting up a NTP Subnet
1408page
1409(available as part of the HTML documentation
1410provided in
1411.Pa /usr/share/doc/ntp ) .
1412.Pp
1413The restriction facility was implemented in conformance
1414with the access policies for the original NSFnet backbone
1415time servers.
1416Later the facility was expanded to deflect
1417cryptographic and clogging attacks.
1418While this facility may
1419be useful for keeping unwanted or broken or malicious clients
1420from congesting innocent servers, it should not be considered
1421an alternative to the NTP authentication facilities.
1422Source address based restrictions are easily circumvented
1423by a determined cracker.
1424.Pp
1425Clients can be denied service because they are explicitly
1426included in the restrict list created by the restrict command
1427or implicitly as the result of cryptographic or rate limit
1428violations.
1429Cryptographic violations include certificate
1430or identity verification failure; rate limit violations generally
1431result from defective NTP implementations that send packets
1432at abusive rates.
1433Some violations cause denied service
1434only for the offending packet, others cause denied service
1435for a timed period and others cause the denied service for
1436an indefinate period.
1437When a client or network is denied access
1438for an indefinate period, the only way at present to remove
1439the restrictions is by restarting the server.
1440.Ss The Kiss\-of\-Death Packet
1441Ordinarily, packets denied service are simply dropped with no
1442further action except incrementing statistics counters.
1443Sometimes a
1444more proactive response is needed, such as a server message that
1445explicitly requests the client to stop sending and leave a message
1446for the system operator.
1447A special packet format has been created
1448for this purpose called the "kiss\-of\-death" (KoD) packet.
1449KoD packets have the leap bits set unsynchronized and stratum set
1450to zero and the reference identifier field set to a four\-byte
1451ASCII code.
1452If the
1453.Cm noserve
1454or
1455.Cm notrust
1456flag of the matching restrict list entry is set,
1457the code is "DENY"; if the
1458.Cm limited
1459flag is set and the rate limit
1460is exceeded, the code is "RATE".
1461Finally, if a cryptographic violation occurs, the code is "CRYP".
1462.Pp
1463A client receiving a KoD performs a set of sanity checks to
1464minimize security exposure, then updates the stratum and
1465reference identifier peer variables, sets the access
1466denied (TEST4) bit in the peer flash variable and sends
1467a message to the log.
1468As long as the TEST4 bit is set,
1469the client will send no further packets to the server.
1470The only way at present to recover from this condition is
1471to restart the protocol at both the client and server.
1472This
1473happens automatically at the client when the association times out.
1474It will happen at the server only if the server operator cooperates.
1475.Ss Access Control Commands
1476.Bl -tag -width indent
1477.It Xo Ic discard
1478.Op Cm average Ar avg
1479.Op Cm minimum Ar min
1480.Op Cm monitor Ar prob
1481.Xc
1482Set the parameters of the
1483.Cm limited
1484facility which protects the server from
1485client abuse.
1486The
1487.Cm average
1488subcommand specifies the minimum average packet
1489spacing, while the
1490.Cm minimum
1491subcommand specifies the minimum packet spacing.
1492Packets that violate these minima are discarded
1493and a kiss\-o'\-death packet returned if enabled.
1494The default
1495minimum average and minimum are 5 and 2, respectively.
1496The monitor subcommand specifies the probability of discard
1497for packets that overflow the rate\-control window.
1498.It Xo Ic restrict address
1499.Op Cm mask Ar mask
1500.Op Ar flag ...
1501.Xc
1502The
1503.Ar address
1504argument expressed in
1505dotted\-quad form is the address of a host or network.
1506Alternatively, the
1507.Ar address
1508argument can be a valid host DNS name.
1509The
1510.Ar mask
1511argument expressed in dotted\-quad form defaults to
1512.Cm 255.255.255.255 ,
1513meaning that the
1514.Ar address
1515is treated as the address of an individual host.
1516A default entry (address
1517.Cm 0.0.0.0 ,
1518mask
1519.Cm 0.0.0.0 )
1520is always included and is always the first entry in the list.
1521Note that text string
1522.Cm default ,
1523with no mask option, may
1524be used to indicate the default entry.
1525In the current implementation,
1526.Cm flag
1527always
1528restricts access, i.e., an entry with no flags indicates that free
1529access to the server is to be given.
1530The flags are not orthogonal,
1531in that more restrictive flags will often make less restrictive
1532ones redundant.
1533The flags can generally be classed into two
1534categories, those which restrict time service and those which
1535restrict informational queries and attempts to do run\-time
1536reconfiguration of the server.
1537One or more of the following flags
1538may be specified:
1539.Bl -tag -width indent
1540.It Cm ignore
1541Deny packets of all kinds, including
1542.Xr ntpq 1ntpqmdoc
1543and
1544.Xr ntpdc 1ntpdcmdoc
1545queries.
1546.It Cm kod
1547If this flag is set when an access violation occurs, a kiss\-o'\-death
1548(KoD) packet is sent.
1549KoD packets are rate limited to no more than one
1550per second.
1551If another KoD packet occurs within one second after the
1552last one, the packet is dropped.
1553.It Cm limited
1554Deny service if the packet spacing violates the lower limits specified
1555in the discard command.
1556A history of clients is kept using the
1557monitoring capability of
1558.Xr ntpd 1ntpdmdoc .
1559Thus, monitoring is always active as
1560long as there is a restriction entry with the
1561.Cm limited
1562flag.
1563.It Cm lowpriotrap
1564Declare traps set by matching hosts to be low priority.
1565The
1566number of traps a server can maintain is limited (the current limit
1567is 3).
1568Traps are usually assigned on a first come, first served
1569basis, with later trap requestors being denied service.
1570This flag
1571modifies the assignment algorithm by allowing low priority traps to
1572be overridden by later requests for normal priority traps.
1573.It Cm nomodify
1574Deny
1575.Xr ntpq 1ntpqmdoc
1576and
1577.Xr ntpdc 1ntpdcmdoc
1578queries which attempt to modify the state of the
1579server (i.e., run time reconfiguration).
1580Queries which return
1581information are permitted.
1582.It Cm noquery
1583Deny
1584.Xr ntpq 1ntpqmdoc
1585and
1586.Xr ntpdc 1ntpdcmdoc
1587queries.
1588Time service is not affected.
1589.It Cm nopeer
1590Deny packets which would result in mobilizing a new association.
1591This
1592includes broadcast and symmetric active packets when a configured
1593association does not exist.
1594It also includes
1595.Cm pool
1596associations, so if you want to use servers from a
1597.Cm pool
1598directive and also want to use
1599.Cm nopeer
1600by default, you'll want a
1601.Cm "restrict source ..." line as well that does
1602.It not
1603include the
1604.Cm nopeer
1605directive.
1606.It Cm noserve
1607Deny all packets except
1608.Xr ntpq 1ntpqmdoc
1609and
1610.Xr ntpdc 1ntpdcmdoc
1611queries.
1612.It Cm notrap
1613Decline to provide mode 6 control message trap service to matching
1614hosts.
1615The trap service is a subsystem of the ntpdq control message
1616protocol which is intended for use by remote event logging programs.
1617.It Cm notrust
1618Deny service unless the packet is cryptographically authenticated.
1619.It Cm ntpport
1620This is actually a match algorithm modifier, rather than a
1621restriction flag.
1622Its presence causes the restriction entry to be
1623matched only if the source port in the packet is the standard NTP
1624UDP port (123).
1625Both
1626.Cm ntpport
1627and
1628.Cm non\-ntpport
1629may
1630be specified.
1631The
1632.Cm ntpport
1633is considered more specific and
1634is sorted later in the list.
1635.It Cm version
1636Deny packets that do not match the current NTP version.
1637.El
1638.Pp
1639Default restriction list entries with the flags ignore, interface,
1640ntpport, for each of the local host's interface addresses are
1641inserted into the table at startup to prevent the server
1642from attempting to synchronize to its own time.
1643A default entry is also always present, though if it is
1644otherwise unconfigured; no flags are associated
1645with the default entry (i.e., everything besides your own
1646NTP server is unrestricted).
1647.El
1648.Sh Automatic NTP Configuration Options
1649.Ss Manycasting
1650Manycasting is a automatic discovery and configuration paradigm
1651new to NTPv4.
1652It is intended as a means for a multicast client
1653to troll the nearby network neighborhood to find cooperating
1654manycast servers, validate them using cryptographic means
1655and evaluate their time values with respect to other servers
1656that might be lurking in the vicinity.
1657The intended result is that each manycast client mobilizes
1658client associations with some number of the "best"
1659of the nearby manycast servers, yet automatically reconfigures
1660to sustain this number of servers should one or another fail.
1661.Pp
1662Note that the manycasting paradigm does not coincide
1663with the anycast paradigm described in RFC\-1546,
1664which is designed to find a single server from a clique
1665of servers providing the same service.
1666The manycast paradigm is designed to find a plurality
1667of redundant servers satisfying defined optimality criteria.
1668.Pp
1669Manycasting can be used with either symmetric key
1670or public key cryptography.
1671The public key infrastructure (PKI)
1672offers the best protection against compromised keys
1673and is generally considered stronger, at least with relatively
1674large key sizes.
1675It is implemented using the Autokey protocol and
1676the OpenSSL cryptographic library available from
1677.Li http://www.openssl.org/ .
1678The library can also be used with other NTPv4 modes
1679as well and is highly recommended, especially for broadcast modes.
1680.Pp
1681A persistent manycast client association is configured
1682using the manycastclient command, which is similar to the
1683server command but with a multicast (IPv4 class
1684.Cm D
1685or IPv6 prefix
1686.Cm FF )
1687group address.
1688The IANA has designated IPv4 address 224.1.1.1
1689and IPv6 address FF05::101 (site local) for NTP.
1690When more servers are needed, it broadcasts manycast
1691client messages to this address at the minimum feasible rate
1692and minimum feasible time\-to\-live (TTL) hops, depending
1693on how many servers have already been found.
1694There can be as many manycast client associations
1695as different group address, each one serving as a template
1696for a future ephemeral unicast client/server association.
1697.Pp
1698Manycast servers configured with the
1699.Ic manycastserver
1700command listen on the specified group address for manycast
1701client messages.
1702Note the distinction between manycast client,
1703which actively broadcasts messages, and manycast server,
1704which passively responds to them.
1705If a manycast server is
1706in scope of the current TTL and is itself synchronized
1707to a valid source and operating at a stratum level equal
1708to or lower than the manycast client, it replies to the
1709manycast client message with an ordinary unicast server message.
1710.Pp
1711The manycast client receiving this message mobilizes
1712an ephemeral client/server association according to the
1713matching manycast client template, but only if cryptographically
1714authenticated and the server stratum is less than or equal
1715to the client stratum.
1716Authentication is explicitly required
1717and either symmetric key or public key (Autokey) can be used.
1718Then, the client polls the server at its unicast address
1719in burst mode in order to reliably set the host clock
1720and validate the source.
1721This normally results
1722in a volley of eight client/server at 2\-s intervals
1723during which both the synchronization and cryptographic
1724protocols run concurrently.
1725Following the volley,
1726the client runs the NTP intersection and clustering
1727algorithms, which act to discard all but the "best"
1728associations according to stratum and synchronization
1729distance.
1730The surviving associations then continue
1731in ordinary client/server mode.
1732.Pp
1733The manycast client polling strategy is designed to reduce
1734as much as possible the volume of manycast client messages
1735and the effects of implosion due to near\-simultaneous
1736arrival of manycast server messages.
1737The strategy is determined by the
1738.Ic manycastclient ,
1739.Ic tos
1740and
1741.Ic ttl
1742configuration commands.
1743The manycast poll interval is
1744normally eight times the system poll interval,
1745which starts out at the
1746.Cm minpoll
1747value specified in the
1748.Ic manycastclient ,
1749command and, under normal circumstances, increments to the
1750.Cm maxpolll
1751value specified in this command.
1752Initially, the TTL is
1753set at the minimum hops specified by the ttl command.
1754At each retransmission the TTL is increased until reaching
1755the maximum hops specified by this command or a sufficient
1756number client associations have been found.
1757Further retransmissions use the same TTL.
1758.Pp
1759The quality and reliability of the suite of associations
1760discovered by the manycast client is determined by the NTP
1761mitigation algorithms and the
1762.Cm minclock
1763and
1764.Cm minsane
1765values specified in the
1766.Ic tos
1767configuration command.
1768At least
1769.Cm minsane
1770candidate servers must be available and the mitigation
1771algorithms produce at least
1772.Cm minclock
1773survivors in order to synchronize the clock.
1774Byzantine agreement principles require at least four
1775candidates in order to correctly discard a single falseticker.
1776For legacy purposes,
1777.Cm minsane
1778defaults to 1 and
1779.Cm minclock
1780defaults to 3.
1781For manycast service
1782.Cm minsane
1783should be explicitly set to 4, assuming at least that
1784number of servers are available.
1785.Pp
1786If at least
1787.Cm minclock
1788servers are found, the manycast poll interval is immediately
1789set to eight times
1790.Cm maxpoll .
1791If less than
1792.Cm minclock
1793servers are found when the TTL has reached the maximum hops,
1794the manycast poll interval is doubled.
1795For each transmission
1796after that, the poll interval is doubled again until
1797reaching the maximum of eight times
1798.Cm maxpoll .
1799Further transmissions use the same poll interval and
1800TTL values.
1801Note that while all this is going on,
1802each client/server association found is operating normally
1803it the system poll interval.
1804.Pp
1805Administratively scoped multicast boundaries are normally
1806specified by the network router configuration and,
1807in the case of IPv6, the link/site scope prefix.
1808By default, the increment for TTL hops is 32 starting
1809from 31; however, the
1810.Ic ttl
1811configuration command can be
1812used to modify the values to match the scope rules.
1813.Pp
1814It is often useful to narrow the range of acceptable
1815servers which can be found by manycast client associations.
1816Because manycast servers respond only when the client
1817stratum is equal to or greater than the server stratum,
1818primary (stratum 1) servers fill find only primary servers
1819in TTL range, which is probably the most common objective.
1820However, unless configured otherwise, all manycast clients
1821in TTL range will eventually find all primary servers
1822in TTL range, which is probably not the most common
1823objective in large networks.
1824The
1825.Ic tos
1826command can be used to modify this behavior.
1827Servers with stratum below
1828.Cm floor
1829or above
1830.Cm ceiling
1831specified in the
1832.Ic tos
1833command are strongly discouraged during the selection
1834process; however, these servers may be temporally
1835accepted if the number of servers within TTL range is
1836less than
1837.Cm minclock .
1838.Pp
1839The above actions occur for each manycast client message,
1840which repeats at the designated poll interval.
1841However, once the ephemeral client association is mobilized,
1842subsequent manycast server replies are discarded,
1843since that would result in a duplicate association.
1844If during a poll interval the number of client associations
1845falls below
1846.Cm minclock ,
1847all manycast client prototype associations are reset
1848to the initial poll interval and TTL hops and operation
1849resumes from the beginning.
1850It is important to avoid
1851frequent manycast client messages, since each one requires
1852all manycast servers in TTL range to respond.
1853The result could well be an implosion, either minor or major,
1854depending on the number of servers in range.
1855The recommended value for
1856.Cm maxpoll
1857is 12 (4,096 s).
1858.Pp
1859It is possible and frequently useful to configure a host
1860as both manycast client and manycast server.
1861A number of hosts configured this way and sharing a common
1862group address will automatically organize themselves
1863in an optimum configuration based on stratum and
1864synchronization distance.
1865For example, consider an NTP
1866subnet of two primary servers and a hundred or more
1867dependent clients.
1868With two exceptions, all servers
1869and clients have identical configuration files including both
1870.Ic multicastclient
1871and
1872.Ic multicastserver
1873commands using, for instance, multicast group address
1874239.1.1.1.
1875The only exception is that each primary server
1876configuration file must include commands for the primary
1877reference source such as a GPS receiver.
1878.Pp
1879The remaining configuration files for all secondary
1880servers and clients have the same contents, except for the
1881.Ic tos
1882command, which is specific for each stratum level.
1883For stratum 1 and stratum 2 servers, that command is
1884not necessary.
1885For stratum 3 and above servers the
1886.Cm floor
1887value is set to the intended stratum number.
1888Thus, all stratum 3 configuration files are identical,
1889all stratum 4 files are identical and so forth.
1890.Pp
1891Once operations have stabilized in this scenario,
1892the primary servers will find the primary reference source
1893and each other, since they both operate at the same
1894stratum (1), but not with any secondary server or client,
1895since these operate at a higher stratum.
1896The secondary
1897servers will find the servers at the same stratum level.
1898If one of the primary servers loses its GPS receiver,
1899it will continue to operate as a client and other clients
1900will time out the corresponding association and
1901re\-associate accordingly.
1902.Pp
1903Some administrators prefer to avoid running
1904.Xr ntpd 1ntpdmdoc
1905continuously and run either
1906.Xr sntp 1sntpmdoc
1907or
1908.Xr ntpd 1ntpdmdoc
1909.Fl q
1910as a cron job.
1911In either case the servers must be
1912configured in advance and the program fails if none are
1913available when the cron job runs.
1914A really slick
1915application of manycast is with
1916.Xr ntpd 1ntpdmdoc
1917.Fl q .
1918The program wakes up, scans the local landscape looking
1919for the usual suspects, selects the best from among
1920the rascals, sets the clock and then departs.
1921Servers do not have to be configured in advance and
1922all clients throughout the network can have the same
1923configuration file.
1924.Ss Manycast Interactions with Autokey
1925Each time a manycast client sends a client mode packet
1926to a multicast group address, all manycast servers
1927in scope generate a reply including the host name
1928and status word.
1929The manycast clients then run
1930the Autokey protocol, which collects and verifies
1931all certificates involved.
1932Following the burst interval
1933all but three survivors are cast off,
1934but the certificates remain in the local cache.
1935It often happens that several complete signing trails
1936from the client to the primary servers are collected in this way.
1937.Pp
1938About once an hour or less often if the poll interval
1939exceeds this, the client regenerates the Autokey key list.
1940This is in general transparent in client/server mode.
1941However, about once per day the server private value
1942used to generate cookies is refreshed along with all
1943manycast client associations.
1944In this case all
1945cryptographic values including certificates is refreshed.
1946If a new certificate has been generated since
1947the last refresh epoch, it will automatically revoke
1948all prior certificates that happen to be in the
1949certificate cache.
1950At the same time, the manycast
1951scheme starts all over from the beginning and
1952the expanding ring shrinks to the minimum and increments
1953from there while collecting all servers in scope.
1954.Ss Manycast Options
1955.Bl -tag -width indent
1956.It Xo Ic tos
1957.Oo
1958.Cm ceiling Ar ceiling |
1959.Cm cohort { 0 | 1 } |
1960.Cm floor Ar floor |
1961.Cm minclock Ar minclock |
1962.Cm minsane Ar minsane
1963.Oc
1964.Xc
1965This command affects the clock selection and clustering
1966algorithms.
1967It can be used to select the quality and
1968quantity of peers used to synchronize the system clock
1969and is most useful in manycast mode.
1970The variables operate
1971as follows:
1972.Bl -tag -width indent
1973.It Cm ceiling Ar ceiling
1974Peers with strata above
1975.Cm ceiling
1976will be discarded if there are at least
1977.Cm minclock
1978peers remaining.
1979This value defaults to 15, but can be changed
1980to any number from 1 to 15.
1981.It Cm cohort Bro 0 | 1 Brc
1982This is a binary flag which enables (0) or disables (1)
1983manycast server replies to manycast clients with the same
1984stratum level.
1985This is useful to reduce implosions where
1986large numbers of clients with the same stratum level
1987are present.
1988The default is to enable these replies.
1989.It Cm floor Ar floor
1990Peers with strata below
1991.Cm floor
1992will be discarded if there are at least
1993.Cm minclock
1994peers remaining.
1995This value defaults to 1, but can be changed
1996to any number from 1 to 15.
1997.It Cm minclock Ar minclock
1998The clustering algorithm repeatedly casts out outlier
1999associations until no more than
2000.Cm minclock
2001associations remain.
2002This value defaults to 3,
2003but can be changed to any number from 1 to the number of
2004configured sources.
2005.It Cm minsane Ar minsane
2006This is the minimum number of candidates available
2007to the clock selection algorithm in order to produce
2008one or more truechimers for the clustering algorithm.
2009If fewer than this number are available, the clock is
2010undisciplined and allowed to run free.
2011The default is 1
2012for legacy purposes.
2013However, according to principles of
2014Byzantine agreement,
2015.Cm minsane
2016should be at least 4 in order to detect and discard
2017a single falseticker.
2018.El
2019.It Cm ttl Ar hop ...
2020This command specifies a list of TTL values in increasing
2021order, up to 8 values can be specified.
2022In manycast mode these values are used in turn
2023in an expanding\-ring search.
2024The default is eight
2025multiples of 32 starting at 31.
2026.El
2027.Sh Reference Clock Support
2028The NTP Version 4 daemon supports some three dozen different radio,
2029satellite and modem reference clocks plus a special pseudo\-clock
2030used for backup or when no other clock source is available.
2031Detailed descriptions of individual device drivers and options can
2032be found in the
2033.Qq Reference Clock Drivers
2034page
2035(available as part of the HTML documentation
2036provided in
2037.Pa /usr/share/doc/ntp ) .
2038Additional information can be found in the pages linked
2039there, including the
2040.Qq Debugging Hints for Reference Clock Drivers
2041and
2042.Qq How To Write a Reference Clock Driver
2043pages
2044(available as part of the HTML documentation
2045provided in
2046.Pa /usr/share/doc/ntp ) .
2047In addition, support for a PPS
2048signal is available as described in the
2049.Qq Pulse\-per\-second (PPS) Signal Interfacing
2050page
2051(available as part of the HTML documentation
2052provided in
2053.Pa /usr/share/doc/ntp ) .
2054Many
2055drivers support special line discipline/streams modules which can
2056significantly improve the accuracy using the driver.
2057These are
2058described in the
2059.Qq Line Disciplines and Streams Drivers
2060page
2061(available as part of the HTML documentation
2062provided in
2063.Pa /usr/share/doc/ntp ) .
2064.Pp
2065A reference clock will generally (though not always) be a radio
2066timecode receiver which is synchronized to a source of standard
2067time such as the services offered by the NRC in Canada and NIST and
2068USNO in the US.
2069The interface between the computer and the timecode
2070receiver is device dependent, but is usually a serial port.
2071A
2072device driver specific to each reference clock must be selected and
2073compiled in the distribution; however, most common radio, satellite
2074and modem clocks are included by default.
2075Note that an attempt to
2076configure a reference clock when the driver has not been compiled
2077or the hardware port has not been appropriately configured results
2078in a scalding remark to the system log file, but is otherwise non
2079hazardous.
2080.Pp
2081For the purposes of configuration,
2082.Xr ntpd 1ntpdmdoc
2083treats
2084reference clocks in a manner analogous to normal NTP peers as much
2085as possible.
2086Reference clocks are identified by a syntactically
2087correct but invalid IP address, in order to distinguish them from
2088normal NTP peers.
2089Reference clock addresses are of the form
2090.Sm off
2091.Li 127.127. Ar t . Ar u ,
2092.Sm on
2093where
2094.Ar t
2095is an integer
2096denoting the clock type and
2097.Ar u
2098indicates the unit
2099number in the range 0\-3.
2100While it may seem overkill, it is in fact
2101sometimes useful to configure multiple reference clocks of the same
2102type, in which case the unit numbers must be unique.
2103.Pp
2104The
2105.Ic server
2106command is used to configure a reference
2107clock, where the
2108.Ar address
2109argument in that command
2110is the clock address.
2111The
2112.Cm key ,
2113.Cm version
2114and
2115.Cm ttl
2116options are not used for reference clock support.
2117The
2118.Cm mode
2119option is added for reference clock support, as
2120described below.
2121The
2122.Cm prefer
2123option can be useful to
2124persuade the server to cherish a reference clock with somewhat more
2125enthusiasm than other reference clocks or peers.
2126Further
2127information on this option can be found in the
2128.Qq Mitigation Rules and the prefer Keyword
2129(available as part of the HTML documentation
2130provided in
2131.Pa /usr/share/doc/ntp )
2132page.
2133The
2134.Cm minpoll
2135and
2136.Cm maxpoll
2137options have
2138meaning only for selected clock drivers.
2139See the individual clock
2140driver document pages for additional information.
2141.Pp
2142The
2143.Ic fudge
2144command is used to provide additional
2145information for individual clock drivers and normally follows
2146immediately after the
2147.Ic server
2148command.
2149The
2150.Ar address
2151argument specifies the clock address.
2152The
2153.Cm refid
2154and
2155.Cm stratum
2156options can be used to
2157override the defaults for the device.
2158There are two optional
2159device\-dependent time offsets and four flags that can be included
2160in the
2161.Ic fudge
2162command as well.
2163.Pp
2164The stratum number of a reference clock is by default zero.
2165Since the
2166.Xr ntpd 1ntpdmdoc
2167daemon adds one to the stratum of each
2168peer, a primary server ordinarily displays an external stratum of
2169one.
2170In order to provide engineered backups, it is often useful to
2171specify the reference clock stratum as greater than zero.
2172The
2173.Cm stratum
2174option is used for this purpose.
2175Also, in cases
2176involving both a reference clock and a pulse\-per\-second (PPS)
2177discipline signal, it is useful to specify the reference clock
2178identifier as other than the default, depending on the driver.
2179The
2180.Cm refid
2181option is used for this purpose.
2182Except where noted,
2183these options apply to all clock drivers.
2184.Ss Reference Clock Commands
2185.Bl -tag -width indent
2186.It Xo Ic server
2187.Sm off
2188.Li 127.127. Ar t . Ar u
2189.Sm on
2190.Op Cm prefer
2191.Op Cm mode Ar int
2192.Op Cm minpoll Ar int
2193.Op Cm maxpoll Ar int
2194.Xc
2195This command can be used to configure reference clocks in
2196special ways.
2197The options are interpreted as follows:
2198.Bl -tag -width indent
2199.It Cm prefer
2200Marks the reference clock as preferred.
2201All other things being
2202equal, this host will be chosen for synchronization among a set of
2203correctly operating hosts.
2204See the
2205.Qq Mitigation Rules and the prefer Keyword
2206page
2207(available as part of the HTML documentation
2208provided in
2209.Pa /usr/share/doc/ntp )
2210for further information.
2211.It Cm mode Ar int
2212Specifies a mode number which is interpreted in a
2213device\-specific fashion.
2214For instance, it selects a dialing
2215protocol in the ACTS driver and a device subtype in the
2216parse
2217drivers.
2218.It Cm minpoll Ar int
2219.It Cm maxpoll Ar int
2220These options specify the minimum and maximum polling interval
2221for reference clock messages, as a power of 2 in seconds
2222For
2223most directly connected reference clocks, both
2224.Cm minpoll
2225and
2226.Cm maxpoll
2227default to 6 (64 s).
2228For modem reference clocks,
2229.Cm minpoll
2230defaults to 10 (17.1 m) and
2231.Cm maxpoll
2232defaults to 14 (4.5 h).
2233The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
2234.El
2235.It Xo Ic fudge
2236.Sm off
2237.Li 127.127. Ar t . Ar u
2238.Sm on
2239.Op Cm time1 Ar sec
2240.Op Cm time2 Ar sec
2241.Op Cm stratum Ar int
2242.Op Cm refid Ar string
2243.Op Cm mode Ar int
2244.Op Cm flag1 Cm 0 \&| Cm 1
2245.Op Cm flag2 Cm 0 \&| Cm 1
2246.Op Cm flag3 Cm 0 \&| Cm 1
2247.Op Cm flag4 Cm 0 \&| Cm 1
2248.Xc
2249This command can be used to configure reference clocks in
2250special ways.
2251It must immediately follow the
2252.Ic server
2253command which configures the driver.
2254Note that the same capability
2255is possible at run time using the
2256.Xr ntpdc 1ntpdcmdoc
2257program.
2258The options are interpreted as
2259follows:
2260.Bl -tag -width indent
2261.It Cm time1 Ar sec
2262Specifies a constant to be added to the time offset produced by
2263the driver, a fixed\-point decimal number in seconds.
2264This is used
2265as a calibration constant to adjust the nominal time offset of a
2266particular clock to agree with an external standard, such as a
2267precision PPS signal.
2268It also provides a way to correct a
2269systematic error or bias due to serial port or operating system
2270latencies, different cable lengths or receiver internal delay.
2271The
2272specified offset is in addition to the propagation delay provided
2273by other means, such as internal DIPswitches.
2274Where a calibration
2275for an individual system and driver is available, an approximate
2276correction is noted in the driver documentation pages.
2277Note: in order to facilitate calibration when more than one
2278radio clock or PPS signal is supported, a special calibration
2279feature is available.
2280It takes the form of an argument to the
2281.Ic enable
2282command described in
2283.Sx Miscellaneous Options
2284page and operates as described in the
2285.Qq Reference Clock Drivers
2286page
2287(available as part of the HTML documentation
2288provided in
2289.Pa /usr/share/doc/ntp ) .
2290.It Cm time2 Ar secs
2291Specifies a fixed\-point decimal number in seconds, which is
2292interpreted in a driver\-dependent way.
2293See the descriptions of
2294specific drivers in the
2295.Qq Reference Clock Drivers
2296page
2297(available as part of the HTML documentation
2298provided in
2299.Pa /usr/share/doc/ntp ) .
2300.It Cm stratum Ar int
2301Specifies the stratum number assigned to the driver, an integer
2302between 0 and 15.
2303This number overrides the default stratum number
2304ordinarily assigned by the driver itself, usually zero.
2305.It Cm refid Ar string
2306Specifies an ASCII string of from one to four characters which
2307defines the reference identifier used by the driver.
2308This string
2309overrides the default identifier ordinarily assigned by the driver
2310itself.
2311.It Cm mode Ar int
2312Specifies a mode number which is interpreted in a
2313device\-specific fashion.
2314For instance, it selects a dialing
2315protocol in the ACTS driver and a device subtype in the
2316parse
2317drivers.
2318.It Cm flag1 Cm 0 \&| Cm 1
2319.It Cm flag2 Cm 0 \&| Cm 1
2320.It Cm flag3 Cm 0 \&| Cm 1
2321.It Cm flag4 Cm 0 \&| Cm 1
2322These four flags are used for customizing the clock driver.
2323The
2324interpretation of these values, and whether they are used at all,
2325is a function of the particular clock driver.
2326However, by
2327convention
2328.Cm flag4
2329is used to enable recording monitoring
2330data to the
2331.Cm clockstats
2332file configured with the
2333.Ic filegen
2334command.
2335Further information on the
2336.Ic filegen
2337command can be found in
2338.Sx Monitoring Options .
2339.El
2340.El
2341.Sh Miscellaneous Options
2342.Bl -tag -width indent
2343.It Ic broadcastdelay Ar seconds
2344The broadcast and multicast modes require a special calibration
2345to determine the network delay between the local and remote
2346servers.
2347Ordinarily, this is done automatically by the initial
2348protocol exchanges between the client and server.
2349In some cases,
2350the calibration procedure may fail due to network or server access
2351controls, for example.
2352This command specifies the default delay to
2353be used under these circumstances.
2354Typically (for Ethernet), a
2355number between 0.003 and 0.007 seconds is appropriate.
2356The default
2357when this command is not used is 0.004 seconds.
2358.It Ic calldelay Ar delay
2359This option controls the delay in seconds between the first and second
2360packets sent in burst or iburst mode to allow additional time for a modem
2361or ISDN call to complete.
2362.It Ic driftfile Ar driftfile
2363This command specifies the complete path and name of the file used to
2364record the frequency of the local clock oscillator.
2365This is the same
2366operation as the
2367.Fl f
2368command line option.
2369If the file exists, it is read at
2370startup in order to set the initial frequency and then updated once per
2371hour with the current frequency computed by the daemon.
2372If the file name is
2373specified, but the file itself does not exist, the starts with an initial
2374frequency of zero and creates the file when writing it for the first time.
2375If this command is not given, the daemon will always start with an initial
2376frequency of zero.
2377.Pp
2378The file format consists of a single line containing a single
2379floating point number, which records the frequency offset measured
2380in parts\-per\-million (PPM).
2381The file is updated by first writing
2382the current drift value into a temporary file and then renaming
2383this file to replace the old version.
2384This implies that
2385.Xr ntpd 1ntpdmdoc
2386must have write permission for the directory the
2387drift file is located in, and that file system links, symbolic or
2388otherwise, should be avoided.
2389.It Ic dscp Ar value
2390This option specifies the Differentiated Services Control Point (DSCP) value,
2391a 6\-bit code.  The default value is 46, signifying Expedited Forwarding.
2392.It Xo Ic enable
2393.Oo
2394.Cm auth | Cm bclient |
2395.Cm calibrate | Cm kernel |
2396.Cm mode7 | Cm monitor |
2397.Cm ntp | Cm stats |
2398.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2399.Oc
2400.Xc
2401.It Xo Ic disable
2402.Oo
2403.Cm auth | Cm bclient |
2404.Cm calibrate | Cm kernel |
2405.Cm mode7 | Cm monitor |
2406.Cm ntp | Cm stats |
2407.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2408.Oc
2409.Xc
2410Provides a way to enable or disable various server options.
2411Flags not mentioned are unaffected.
2412Note that all of these flags
2413can be controlled remotely using the
2414.Xr ntpdc 1ntpdcmdoc
2415utility program.
2416.Bl -tag -width indent
2417.It Cm auth
2418Enables the server to synchronize with unconfigured peers only if the
2419peer has been correctly authenticated using either public key or
2420private key cryptography.
2421The default for this flag is
2422.Ic enable .
2423.It Cm bclient
2424Enables the server to listen for a message from a broadcast or
2425multicast server, as in the
2426.Ic multicastclient
2427command with default
2428address.
2429The default for this flag is
2430.Ic disable .
2431.It Cm calibrate
2432Enables the calibrate feature for reference clocks.
2433The default for
2434this flag is
2435.Ic disable .
2436.It Cm kernel
2437Enables the kernel time discipline, if available.
2438The default for this
2439flag is
2440.Ic enable
2441if support is available, otherwise
2442.Ic disable .
2443.It Cm mode7
2444Enables processing of NTP mode 7 implementation\-specific requests
2445which are used by the deprecated
2446.Xr ntpdc 1ntpdcmdoc
2447program.
2448The default for this flag is disable.
2449This flag is excluded from runtime configuration using
2450.Xr ntpq 1ntpqmdoc .
2451The
2452.Xr ntpq 1ntpqmdoc
2453program provides the same capabilities as
2454.Xr ntpdc 1ntpdcmdoc
2455using standard mode 6 requests.
2456.It Cm monitor
2457Enables the monitoring facility.
2458See the
2459.Xr ntpdc 1ntpdcmdoc
2460program
2461and the
2462.Ic monlist
2463command or further information.
2464The
2465default for this flag is
2466.Ic enable .
2467.It Cm ntp
2468Enables time and frequency discipline.
2469In effect, this switch opens and
2470closes the feedback loop, which is useful for testing.
2471The default for
2472this flag is
2473.Ic enable .
2474.It Cm stats
2475Enables the statistics facility.
2476See the
2477.Sx Monitoring Options
2478section for further information.
2479The default for this flag is
2480.Ic disable .
2481.It Cm unpeer_crypto_early
2482By default, if
2483.Xr ntpd 1ntpdmdoc
2484receives an autokey packet that fails TEST9,
2485a crypto failure,
2486the association is immediately cleared.
2487This is almost certainly a feature,
2488but if, in spite of the current recommendation of not using autokey,
2489you are
2490.B still
2491using autokey
2492.B and
2493you are seeing this sort of DoS attack
2494disabling this flag will delay
2495tearing down the association until the reachability counter
2496becomes zero.
2497You can check your
2498.Cm peerstats
2499file for evidence of any of these attacks.
2500The
2501default for this flag is
2502.Ic enable .
2503.It Cm unpeer_crypto_nak_early
2504By default, if
2505.Xr ntpd 1ntpdmdoc
2506receives a crypto\-NAK packet that
2507passes the duplicate packet and origin timestamp checks
2508the association is immediately cleared.
2509While this is generally a feature
2510as it allows for quick recovery if a server key has changed,
2511a properly forged and appropriately delivered crypto\-NAK packet
2512can be used in a DoS attack.
2513If you have active noticable problems with this type of DoS attack
2514then you should consider
2515disabling this option.
2516You can check your
2517.Cm peerstats
2518file for evidence of any of these attacks.
2519The
2520default for this flag is
2521.Ic enable .
2522.It Cm unpeer_digest_early
2523By default, if
2524.Xr ntpd 1ntpdmdoc
2525receives what should be an authenticated packet
2526that passes other packet sanity checks but
2527contains an invalid digest
2528the association is immediately cleared.
2529While this is generally a feature
2530as it allows for quick recovery,
2531if this type of packet is carefully forged and sent
2532during an appropriate window it can be used for a DoS attack.
2533If you have active noticable problems with this type of DoS attack
2534then you should consider
2535disabling this option.
2536You can check your
2537.Cm peerstats
2538file for evidence of any of these attacks.
2539The
2540default for this flag is
2541.Ic enable .
2542.El
2543.It Ic includefile Ar includefile
2544This command allows additional configuration commands
2545to be included from a separate file.
2546Include files may
2547be nested to a depth of five; upon reaching the end of any
2548include file, command processing resumes in the previous
2549configuration file.
2550This option is useful for sites that run
2551.Xr ntpd 1ntpdmdoc
2552on multiple hosts, with (mostly) common options (e.g., a
2553restriction list).
2554.It Ic leapsmearinterval Ar seconds
2555This EXPERIMENTAL option is only available if
2556.Xr ntpd 1ntpdmdoc
2557was built with the
2558.Cm \-\-enable\-leap\-smear
2559option to the
2560.Cm configure
2561script.
2562It specifies the interval over which a leap second correction will be applied.
2563Recommended values for this option are between
25647200 (2 hours) and 86400 (24 hours).
2565.Sy DO NOT USE THIS OPTION ON PUBLIC\-ACCESS SERVERS!
2566See http://bugs.ntp.org/2855 for more information.
2567.It Ic logconfig Ar configkeyword
2568This command controls the amount and type of output written to
2569the system
2570.Xr syslog 3
2571facility or the alternate
2572.Ic logfile
2573log file.
2574By default, all output is turned on.
2575All
2576.Ar configkeyword
2577keywords can be prefixed with
2578.Ql = ,
2579.Ql +
2580and
2581.Ql \- ,
2582where
2583.Ql =
2584sets the
2585.Xr syslog 3
2586priority mask,
2587.Ql +
2588adds and
2589.Ql \-
2590removes
2591messages.
2592.Xr syslog 3
2593messages can be controlled in four
2594classes
2595.Po
2596.Cm clock ,
2597.Cm peer ,
2598.Cm sys
2599and
2600.Cm sync
2601.Pc .
2602Within these classes four types of messages can be
2603controlled: informational messages
2604.Po
2605.Cm info
2606.Pc ,
2607event messages
2608.Po
2609.Cm events
2610.Pc ,
2611statistics messages
2612.Po
2613.Cm statistics
2614.Pc
2615and
2616status messages
2617.Po
2618.Cm status
2619.Pc .
2620.Pp
2621Configuration keywords are formed by concatenating the message class with
2622the event class.
2623The
2624.Cm all
2625prefix can be used instead of a message class.
2626A
2627message class may also be followed by the
2628.Cm all
2629keyword to enable/disable all
2630messages of the respective message class.Thus, a minimal log configuration
2631could look like this:
2632.Bd -literal
2633logconfig =syncstatus +sysevents
2634.Ed
2635.Pp
2636This would just list the synchronizations state of
2637.Xr ntpd 1ntpdmdoc
2638and the major system events.
2639For a simple reference server, the
2640following minimum message configuration could be useful:
2641.Bd -literal
2642logconfig =syncall +clockall
2643.Ed
2644.Pp
2645This configuration will list all clock information and
2646synchronization information.
2647All other events and messages about
2648peers, system events and so on is suppressed.
2649.It Ic logfile Ar logfile
2650This command specifies the location of an alternate log file to
2651be used instead of the default system
2652.Xr syslog 3
2653facility.
2654This is the same operation as the \-l command line option.
2655.It Ic setvar Ar variable Op Cm default
2656This command adds an additional system variable.
2657These
2658variables can be used to distribute additional information such as
2659the access policy.
2660If the variable of the form
2661.Sm off
2662.Va name = Ar value
2663.Sm on
2664is followed by the
2665.Cm default
2666keyword, the
2667variable will be listed as part of the default system variables
2668.Po
2669.Xr ntpq 1ntpqmdoc
2670.Ic rv
2671command
2672.Pc ) .
2673These additional variables serve
2674informational purposes only.
2675They are not related to the protocol
2676other that they can be listed.
2677The known protocol variables will
2678always override any variables defined via the
2679.Ic setvar
2680mechanism.
2681There are three special variables that contain the names
2682of all variable of the same group.
2683The
2684.Va sys_var_list
2685holds
2686the names of all system variables.
2687The
2688.Va peer_var_list
2689holds
2690the names of all peer variables and the
2691.Va clock_var_list
2692holds the names of the reference clock variables.
2693.It Xo Ic tinker
2694.Oo
2695.Cm allan Ar allan |
2696.Cm dispersion Ar dispersion |
2697.Cm freq Ar freq |
2698.Cm huffpuff Ar huffpuff |
2699.Cm panic Ar panic |
2700.Cm step Ar step |
2701.Cm stepback Ar stepback |
2702.Cm stepfwd Ar stepfwd |
2703.Cm stepout Ar stepout
2704.Oc
2705.Xc
2706This command can be used to alter several system variables in
2707very exceptional circumstances.
2708It should occur in the
2709configuration file before any other configuration options.
2710The
2711default values of these variables have been carefully optimized for
2712a wide range of network speeds and reliability expectations.
2713In
2714general, they interact in intricate ways that are hard to predict
2715and some combinations can result in some very nasty behavior.
2716Very
2717rarely is it necessary to change the default values; but, some
2718folks cannot resist twisting the knobs anyway and this command is
2719for them.
2720Emphasis added: twisters are on their own and can expect
2721no help from the support group.
2722.Pp
2723The variables operate as follows:
2724.Bl -tag -width indent
2725.It Cm allan Ar allan
2726The argument becomes the new value for the minimum Allan
2727intercept, which is a parameter of the PLL/FLL clock discipline
2728algorithm.
2729The value in log2 seconds defaults to 7 (1024 s), which is also the lower
2730limit.
2731.It Cm dispersion Ar dispersion
2732The argument becomes the new value for the dispersion increase rate,
2733normally .000015 s/s.
2734.It Cm freq Ar freq
2735The argument becomes the initial value of the frequency offset in
2736parts\-per\-million.
2737This overrides the value in the frequency file, if
2738present, and avoids the initial training state if it is not.
2739.It Cm huffpuff Ar huffpuff
2740The argument becomes the new value for the experimental
2741huff\-n'\-puff filter span, which determines the most recent interval
2742the algorithm will search for a minimum delay.
2743The lower limit is
2744900 s (15 m), but a more reasonable value is 7200 (2 hours).
2745There
2746is no default, since the filter is not enabled unless this command
2747is given.
2748.It Cm panic Ar panic
2749The argument is the panic threshold, normally 1000 s.
2750If set to zero,
2751the panic sanity check is disabled and a clock offset of any value will
2752be accepted.
2753.It Cm step Ar step
2754The argument is the step threshold, which by default is 0.128 s.
2755It can
2756be set to any positive number in seconds.
2757If set to zero, step
2758adjustments will never occur.
2759Note: The kernel time discipline is
2760disabled if the step threshold is set to zero or greater than the
2761default.
2762.It Cm stepback Ar stepback
2763The argument is the step threshold for the backward direction,
2764which by default is 0.128 s.
2765It can
2766be set to any positive number in seconds.
2767If both the forward and backward step thresholds are set to zero, step
2768adjustments will never occur.
2769Note: The kernel time discipline is
2770disabled if
2771each direction of step threshold are either
2772set to zero or greater than .5 second.
2773.It Cm stepfwd Ar stepfwd
2774As for stepback, but for the forward direction.
2775.It Cm stepout Ar stepout
2776The argument is the stepout timeout, which by default is 900 s.
2777It can
2778be set to any positive number in seconds.
2779If set to zero, the stepout
2780pulses will not be suppressed.
2781.El
2782.It Xo Ic rlimit
2783.Oo
2784.Cm memlock Ar Nmegabytes |
2785.Cm stacksize Ar N4kPages
2786.Cm filenum Ar Nfiledescriptors
2787.Oc
2788.Xc
2789.Bl -tag -width indent
2790.It Cm memlock Ar Nmegabytes
2791Specify the number of megabytes of memory that should be
2792allocated and locked.
2793Probably only available under Linux, this option may be useful
2794when dropping root (the
2795.Fl i
2796option).
2797The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
2798-1 means "do not lock the process into memory".
27990 means "lock whatever memory the process wants into memory".
2800.It Cm stacksize Ar N4kPages
2801Specifies the maximum size of the process stack on systems with the
2802.Fn mlockall
2803function.
2804Defaults to 50 4k pages (200 4k pages in OpenBSD).
2805.It Cm filenum Ar Nfiledescriptors
2806Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
2807.El
2808.It Xo Ic trap Ar host_address
2809.Op Cm port Ar port_number
2810.Op Cm interface Ar interface_address
2811.Xc
2812This command configures a trap receiver at the given host
2813address and port number for sending messages with the specified
2814local interface address.
2815If the port number is unspecified, a value
2816of 18447 is used.
2817If the interface address is not specified, the
2818message is sent with a source address of the local interface the
2819message is sent through.
2820Note that on a multihomed host the
2821interface used may vary from time to time with routing changes.
2822.Pp
2823The trap receiver will generally log event messages and other
2824information from the server in a log file.
2825While such monitor
2826programs may also request their own trap dynamically, configuring a
2827trap receiver will ensure that no messages are lost when the server
2828is started.
2829.It Cm hop Ar ...
2830This command specifies a list of TTL values in increasing order, up to 8
2831values can be specified.
2832In manycast mode these values are used in turn in
2833an expanding\-ring search.
2834The default is eight multiples of 32 starting at
283531.
2836.El
2837.Sh "OPTIONS"
2838.Bl -tag
2839.It Fl \-help
2840Display usage information and exit.
2841.It Fl \-more\-help
2842Pass the extended usage information through a pager.
2843.It Fl \-version Op Brq Ar v|c|n
2844Output version of program and exit.  The default mode is `v', a simple
2845version.  The `c' mode will print copyright information and `n' will
2846print the full copyright notice.
2847.El
2848.Sh "OPTION PRESETS"
2849Any option that is not marked as \fInot presettable\fP may be preset
2850by loading values from environment variables named:
2851.nf
2852  \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP
2853.fi
2854.ad
2855.Sh "ENVIRONMENT"
2856See \fBOPTION PRESETS\fP for configuration environment variables.
2857.Sh FILES
2858.Bl -tag -width /etc/ntp.drift -compact
2859.It Pa /etc/ntp.conf
2860the default name of the configuration file
2861.It Pa ntp.keys
2862private MD5 keys
2863.It Pa ntpkey
2864RSA private key
2865.It Pa ntpkey_ Ns Ar host
2866RSA public key
2867.It Pa ntp_dh
2868Diffie\-Hellman agreement parameters
2869.El
2870.Sh "EXIT STATUS"
2871One of the following exit values will be returned:
2872.Bl -tag
2873.It 0 " (EXIT_SUCCESS)"
2874Successful program execution.
2875.It 1 " (EXIT_FAILURE)"
2876The operation failed or the command syntax was not valid.
2877.It 70 " (EX_SOFTWARE)"
2878libopts had an internal operational error.  Please report
2879it to autogen\-users@lists.sourceforge.net.  Thank you.
2880.El
2881.Sh "SEE ALSO"
2882.Xr ntpd 1ntpdmdoc ,
2883.Xr ntpdc 1ntpdcmdoc ,
2884.Xr ntpq 1ntpqmdoc
2885.Pp
2886In addition to the manual pages provided,
2887comprehensive documentation is available on the world wide web
2888at
2889.Li http://www.ntp.org/ .
2890A snapshot of this documentation is available in HTML format in
2891.Pa /usr/share/doc/ntp .
2892.Rs
2893.%A David L. Mills
2894.%T Network Time Protocol (Version 4)
2895.%O RFC5905
2896.Re
2897.Sh "AUTHORS"
2898The University of Delaware and Network Time Foundation
2899.Sh "COPYRIGHT"
2900Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
2901This program is released under the terms of the NTP license, <http://ntp.org/license>.
2902.Sh BUGS
2903The syntax checking is not picky; some combinations of
2904ridiculous and even hilarious options and modes may not be
2905detected.
2906.Pp
2907The
2908.Pa ntpkey_ Ns Ar host
2909files are really digital
2910certificates.
2911These should be obtained via secure directory
2912services when they become universally available.
2913.Pp
2914Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
2915.Sh NOTES
2916This document was derived from FreeBSD.
2917.Pp
2918This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP
2919option definitions.
2920