xref: /freebsd/contrib/ntp/ntpd/ntp.conf.html (revision 2b15cb3d0922bd70ea592f0da9b4a5b167f4d53f)
1*2b15cb3dSCy Schubert<html lang="en">
2*2b15cb3dSCy Schubert<head>
3*2b15cb3dSCy Schubert<title>NTP Configuration File User's Manual</title>
4*2b15cb3dSCy Schubert<meta http-equiv="Content-Type" content="text/html">
5*2b15cb3dSCy Schubert<meta name="description" content="NTP Configuration File User's Manual">
6*2b15cb3dSCy Schubert<meta name="generator" content="makeinfo 4.7">
7*2b15cb3dSCy Schubert<link title="Top" rel="top" href="#Top">
8*2b15cb3dSCy Schubert<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
9*2b15cb3dSCy Schubert<meta http-equiv="Content-Style-Type" content="text/css">
10*2b15cb3dSCy Schubert<style type="text/css"><!--
11*2b15cb3dSCy Schubert  pre.display { font-family:inherit }
12*2b15cb3dSCy Schubert  pre.format  { font-family:inherit }
13*2b15cb3dSCy Schubert  pre.smalldisplay { font-family:inherit; font-size:smaller }
14*2b15cb3dSCy Schubert  pre.smallformat  { font-family:inherit; font-size:smaller }
15*2b15cb3dSCy Schubert  pre.smallexample { font-size:smaller }
16*2b15cb3dSCy Schubert  pre.smalllisp    { font-size:smaller }
17*2b15cb3dSCy Schubert  span.sc { font-variant:small-caps }
18*2b15cb3dSCy Schubert  span.roman { font-family: serif; font-weight: normal; }
19*2b15cb3dSCy Schubert--></style>
20*2b15cb3dSCy Schubert</head>
21*2b15cb3dSCy Schubert<body>
22*2b15cb3dSCy Schubert<h1 class="settitle">NTP Configuration File User's Manual</h1>
23*2b15cb3dSCy Schubert<div class="node">
24*2b15cb3dSCy Schubert<p><hr>
25*2b15cb3dSCy Schubert<a name="Top"></a>Next:&nbsp;<a rel="next" accesskey="n" href="#ntp_002econf-Description">ntp.conf Description</a>,
26*2b15cb3dSCy SchubertPrevious:&nbsp;<a rel="previous" accesskey="p" href="#dir">(dir)</a>,
27*2b15cb3dSCy SchubertUp:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
28*2b15cb3dSCy Schubert<br>
29*2b15cb3dSCy Schubert</div>
30*2b15cb3dSCy Schubert
31*2b15cb3dSCy Schubert<h2 class="unnumbered">NTP's Configuration File User Manual</h2>
32*2b15cb3dSCy Schubert
33*2b15cb3dSCy Schubert<p>This document describes the configuration file for the NTP Project's
34*2b15cb3dSCy Schubert<code>ntpd</code> program.
35*2b15cb3dSCy Schubert
36*2b15cb3dSCy Schubert  <p>This document applies to version 4.2.8p1 of <code>ntp.conf</code>.
37*2b15cb3dSCy Schubert
38*2b15cb3dSCy Schubert  <div class="shortcontents">
39*2b15cb3dSCy Schubert<h2>Short Contents</h2>
40*2b15cb3dSCy Schubert<ul>
41*2b15cb3dSCy Schubert<a href="#Top">NTP's Configuration File User Manual</a>
42*2b15cb3dSCy Schubert</ul>
43*2b15cb3dSCy Schubert</div>
44*2b15cb3dSCy Schubert
45*2b15cb3dSCy Schubert<ul class="menu">
46*2b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002econf-Description">ntp.conf Description</a>
47*2b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002econf-Notes">ntp.conf Notes</a>
48*2b15cb3dSCy Schubert</ul>
49*2b15cb3dSCy Schubert
50*2b15cb3dSCy Schubert<div class="node">
51*2b15cb3dSCy Schubert<p><hr>
52*2b15cb3dSCy Schubert<a name="ntp_002econf-Description"></a>Previous:&nbsp;<a rel="previous" accesskey="p" href="#Top">Top</a>,
53*2b15cb3dSCy SchubertUp:&nbsp;<a rel="up" accesskey="u" href="#Top">Top</a>
54*2b15cb3dSCy Schubert<br>
55*2b15cb3dSCy Schubert</div>
56*2b15cb3dSCy Schubert
57*2b15cb3dSCy Schubert<!-- node-name,  next,  previous,  up -->
58*2b15cb3dSCy Schubert<h3 class="section">Description</h3>
59*2b15cb3dSCy Schubert
60*2b15cb3dSCy Schubert<p>The behavior of  <code>ntpd</code> can be changed by a configuration file,
61*2b15cb3dSCy Schubertby default <code>ntp.conf</code>.
62*2b15cb3dSCy Schubert
63*2b15cb3dSCy Schubert<div class="node">
64*2b15cb3dSCy Schubert<p><hr>
65*2b15cb3dSCy Schubert<a name="ntp_002econf-Notes"></a>
66*2b15cb3dSCy Schubert<br>
67*2b15cb3dSCy Schubert</div>
68*2b15cb3dSCy Schubert
69*2b15cb3dSCy Schubert<h3 class="section">Notes about ntp.conf</h3>
70*2b15cb3dSCy Schubert
71*2b15cb3dSCy Schubert<p><a name="index-ntp_002econf-1"></a><a name="index-Network-Time-Protocol-_0028NTP_0029-daemon-configuration-file-format-2"></a>
72*2b15cb3dSCy Schubert
73*2b15cb3dSCy Schubert  <p>The
74*2b15cb3dSCy Schubert<code>ntp.conf</code>
75*2b15cb3dSCy Schubertconfiguration file is read at initial startup by the
76*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
77*2b15cb3dSCy Schubertdaemon in order to specify the synchronization sources,
78*2b15cb3dSCy Schubertmodes and other related information.
79*2b15cb3dSCy SchubertUsually, it is installed in the
80*2b15cb3dSCy Schubert<span class="file">/etc</span>
81*2b15cb3dSCy Schubertdirectory,
82*2b15cb3dSCy Schubertbut could be installed elsewhere
83*2b15cb3dSCy Schubert(see the daemon's
84*2b15cb3dSCy Schubert<code>-c</code>
85*2b15cb3dSCy Schubertcommand line option).
86*2b15cb3dSCy Schubert
87*2b15cb3dSCy Schubert  <p>The file format is similar to other
88*2b15cb3dSCy Schubert<span class="sc">unix</span>
89*2b15cb3dSCy Schubertconfiguration files.
90*2b15cb3dSCy SchubertComments begin with a
91*2b15cb3dSCy Schubert#
92*2b15cb3dSCy Schubertcharacter and extend to the end of the line;
93*2b15cb3dSCy Schubertblank lines are ignored.
94*2b15cb3dSCy SchubertConfiguration commands consist of an initial keyword
95*2b15cb3dSCy Schubertfollowed by a list of arguments,
96*2b15cb3dSCy Schubertsome of which may be optional, separated by whitespace.
97*2b15cb3dSCy SchubertCommands may not be continued over multiple lines.
98*2b15cb3dSCy SchubertArguments may be host names,
99*2b15cb3dSCy Schuberthost addresses written in numeric, dotted-quad form,
100*2b15cb3dSCy Schubertintegers, floating point numbers (when specifying times in seconds)
101*2b15cb3dSCy Schubertand text strings.
102*2b15cb3dSCy Schubert
103*2b15cb3dSCy Schubert  <p>The rest of this page describes the configuration and control options.
104*2b15cb3dSCy SchubertThe
105*2b15cb3dSCy Schubert"Notes on Configuring NTP and Setting up an NTP Subnet"
106*2b15cb3dSCy Schubertpage
107*2b15cb3dSCy Schubert(available as part of the HTML documentation
108*2b15cb3dSCy Schubertprovided in
109*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>)
110*2b15cb3dSCy Schubertcontains an extended discussion of these options.
111*2b15cb3dSCy SchubertIn addition to the discussion of general
112*2b15cb3dSCy Schubert<a href="#Configuration-Options">Configuration Options</a>,
113*2b15cb3dSCy Schubertthere are sections describing the following supported functionality
114*2b15cb3dSCy Schubertand the options used to control it:
115*2b15cb3dSCy Schubert     <ul>
116*2b15cb3dSCy Schubert<li><a href="#Authentication-Support">Authentication Support</a>
117*2b15cb3dSCy Schubert<li><a href="#Monitoring-Support">Monitoring Support</a>
118*2b15cb3dSCy Schubert<li><a href="#Access-Control-Support">Access Control Support</a>
119*2b15cb3dSCy Schubert<li><a href="#Automatic-NTP-Configuration-Options">Automatic NTP Configuration Options</a>
120*2b15cb3dSCy Schubert<li><a href="#Reference-Clock-Support">Reference Clock Support</a>
121*2b15cb3dSCy Schubert<li><a href="#Miscellaneous-Options">Miscellaneous Options</a>
122*2b15cb3dSCy Schubert</ul>
123*2b15cb3dSCy Schubert
124*2b15cb3dSCy Schubert  <p>Following these is a section describing
125*2b15cb3dSCy Schubert<a href="#Miscellaneous-Options">Miscellaneous Options</a>.
126*2b15cb3dSCy SchubertWhile there is a rich set of options available,
127*2b15cb3dSCy Schubertthe only required option is one or more
128*2b15cb3dSCy Schubert<code>pool</code>,
129*2b15cb3dSCy Schubert<code>server</code>,
130*2b15cb3dSCy Schubert<code>peer</code>,
131*2b15cb3dSCy Schubert<code>broadcast</code>
132*2b15cb3dSCy Schubertor
133*2b15cb3dSCy Schubert<code>manycastclient</code>
134*2b15cb3dSCy Schubertcommands.
135*2b15cb3dSCy Schubert<div class="node">
136*2b15cb3dSCy Schubert<p><hr>
137*2b15cb3dSCy Schubert<a name="Configuration-Support"></a>
138*2b15cb3dSCy Schubert<br>
139*2b15cb3dSCy Schubert</div>
140*2b15cb3dSCy Schubert
141*2b15cb3dSCy Schubert<h4 class="subsection">Configuration Support</h4>
142*2b15cb3dSCy Schubert
143*2b15cb3dSCy Schubert<p>Following is a description of the configuration commands in
144*2b15cb3dSCy SchubertNTPv4.
145*2b15cb3dSCy SchubertThese commands have the same basic functions as in NTPv3 and
146*2b15cb3dSCy Schubertin some cases new functions and new arguments.
147*2b15cb3dSCy SchubertThere are two
148*2b15cb3dSCy Schubertclasses of commands, configuration commands that configure a
149*2b15cb3dSCy Schubertpersistent association with a remote server or peer or reference
150*2b15cb3dSCy Schubertclock, and auxiliary commands that specify environmental variables
151*2b15cb3dSCy Schubertthat control various related operations.
152*2b15cb3dSCy Schubert
153*2b15cb3dSCy Schubert<h5 class="subsubsection">Configuration Commands</h5>
154*2b15cb3dSCy Schubert
155*2b15cb3dSCy Schubert<p>The various modes are determined by the command keyword and the
156*2b15cb3dSCy Schuberttype of the required IP address.
157*2b15cb3dSCy SchubertAddresses are classed by type as
158*2b15cb3dSCy Schubert(s) a remote server or peer (IPv4 class A, B and C), (b) the
159*2b15cb3dSCy Schubertbroadcast address of a local interface, (m) a multicast address (IPv4
160*2b15cb3dSCy Schubertclass D), or (r) a reference clock address (127.127.x.x).
161*2b15cb3dSCy SchubertNote that
162*2b15cb3dSCy Schubertonly those options applicable to each command are listed below.
163*2b15cb3dSCy SchubertUse
164*2b15cb3dSCy Schubertof options not listed may not be caught as an error, but may result
165*2b15cb3dSCy Schubertin some weird and even destructive behavior.
166*2b15cb3dSCy Schubert
167*2b15cb3dSCy Schubert  <p>If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
168*2b15cb3dSCy Schubertis detected, support for the IPv6 address family is generated
169*2b15cb3dSCy Schubertin addition to the default support of the IPv4 address family.
170*2b15cb3dSCy SchubertIn a few cases, including the reslist billboard generated
171*2b15cb3dSCy Schubertby ntpdc, IPv6 addresses are automatically generated.
172*2b15cb3dSCy SchubertIPv6 addresses can be identified by the presence of colons
173*2b15cb3dSCy Schubert:
174*2b15cb3dSCy Schubertin the address field.
175*2b15cb3dSCy SchubertIPv6 addresses can be used almost everywhere where
176*2b15cb3dSCy SchubertIPv4 addresses can be used,
177*2b15cb3dSCy Schubertwith the exception of reference clock addresses,
178*2b15cb3dSCy Schubertwhich are always IPv4.
179*2b15cb3dSCy Schubert
180*2b15cb3dSCy Schubert  <p>Note that in contexts where a host name is expected, a
181*2b15cb3dSCy Schubert<code>-4</code>
182*2b15cb3dSCy Schubertqualifier preceding
183*2b15cb3dSCy Schubertthe host name forces DNS resolution to the IPv4 namespace,
184*2b15cb3dSCy Schubertwhile a
185*2b15cb3dSCy Schubert<code>-6</code>
186*2b15cb3dSCy Schubertqualifier forces DNS resolution to the IPv6 namespace.
187*2b15cb3dSCy SchubertSee IPv6 references for the
188*2b15cb3dSCy Schubertequivalent classes for that address family.
189*2b15cb3dSCy Schubert     <dl>
190*2b15cb3dSCy Schubert<dt><code>pool</code> <kbd>address</kbd> <code>[burst]</code> <code>[iburst]</code> <code>[version </code><kbd>version</kbd><code>]</code> <code>[prefer]</code> <code>[minpoll </code><kbd>minpoll</kbd><code>]</code> <code>[maxpoll </code><kbd>maxpoll</kbd><code>]</code><br><dt><code>server</code> <kbd>address</kbd> <code>[key </code><kbd>key</kbd> <kbd>|</kbd><code> autokey]</code> <code>[burst]</code> <code>[iburst]</code> <code>[version </code><kbd>version</kbd><code>]</code> <code>[prefer]</code> <code>[minpoll </code><kbd>minpoll</kbd><code>]</code> <code>[maxpoll </code><kbd>maxpoll</kbd><code>]</code><br><dt><code>peer</code> <kbd>address</kbd> <code>[key </code><kbd>key</kbd> <kbd>|</kbd><code> autokey]</code> <code>[version </code><kbd>version</kbd><code>]</code> <code>[prefer]</code> <code>[minpoll </code><kbd>minpoll</kbd><code>]</code> <code>[maxpoll </code><kbd>maxpoll</kbd><code>]</code><br><dt><code>broadcast</code> <kbd>address</kbd> <code>[key </code><kbd>key</kbd> <kbd>|</kbd><code> autokey]</code> <code>[version </code><kbd>version</kbd><code>]</code> <code>[prefer]</code> <code>[minpoll </code><kbd>minpoll</kbd><code>]</code> <code>[ttl </code><kbd>ttl</kbd><code>]</code><br><dt><code>manycastclient</code> <kbd>address</kbd> <code>[key </code><kbd>key</kbd> <kbd>|</kbd><code> autokey]</code> <code>[version </code><kbd>version</kbd><code>]</code> <code>[prefer]</code> <code>[minpoll </code><kbd>minpoll</kbd><code>]</code> <code>[maxpoll </code><kbd>maxpoll</kbd><code>]</code> <code>[ttl </code><kbd>ttl</kbd><code>]</code><dd></dl>
191*2b15cb3dSCy Schubert
192*2b15cb3dSCy Schubert  <p>These five commands specify the time server name or address to
193*2b15cb3dSCy Schubertbe used and the mode in which to operate.
194*2b15cb3dSCy SchubertThe
195*2b15cb3dSCy Schubert<kbd>address</kbd>
196*2b15cb3dSCy Schubertcan be
197*2b15cb3dSCy Schuberteither a DNS name or an IP address in dotted-quad notation.
198*2b15cb3dSCy SchubertAdditional information on association behavior can be found in the
199*2b15cb3dSCy Schubert"Association Management"
200*2b15cb3dSCy Schubertpage
201*2b15cb3dSCy Schubert(available as part of the HTML documentation
202*2b15cb3dSCy Schubertprovided in
203*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
204*2b15cb3dSCy Schubert     <dl>
205*2b15cb3dSCy Schubert<dt><code>pool</code><dd>For type s addresses, this command mobilizes a persistent
206*2b15cb3dSCy Schubertclient mode association with a number of remote servers.
207*2b15cb3dSCy SchubertIn this mode the local clock can synchronized to the
208*2b15cb3dSCy Schubertremote server, but the remote server can never be synchronized to
209*2b15cb3dSCy Schubertthe local clock.
210*2b15cb3dSCy Schubert<br><dt><code>server</code><dd>For type s and r addresses, this command mobilizes a persistent
211*2b15cb3dSCy Schubertclient mode association with the specified remote server or local
212*2b15cb3dSCy Schubertradio clock.
213*2b15cb3dSCy SchubertIn this mode the local clock can synchronized to the
214*2b15cb3dSCy Schubertremote server, but the remote server can never be synchronized to
215*2b15cb3dSCy Schubertthe local clock.
216*2b15cb3dSCy SchubertThis command should
217*2b15cb3dSCy Schubert<em>not</em>
218*2b15cb3dSCy Schubertbe used for type
219*2b15cb3dSCy Schubertb or m addresses.
220*2b15cb3dSCy Schubert<br><dt><code>peer</code><dd>For type s addresses (only), this command mobilizes a
221*2b15cb3dSCy Schubertpersistent symmetric-active mode association with the specified
222*2b15cb3dSCy Schubertremote peer.
223*2b15cb3dSCy SchubertIn this mode the local clock can be synchronized to
224*2b15cb3dSCy Schubertthe remote peer or the remote peer can be synchronized to the local
225*2b15cb3dSCy Schubertclock.
226*2b15cb3dSCy SchubertThis is useful in a network of servers where, depending on
227*2b15cb3dSCy Schubertvarious failure scenarios, either the local or remote peer may be
228*2b15cb3dSCy Schubertthe better source of time.
229*2b15cb3dSCy SchubertThis command should NOT be used for type
230*2b15cb3dSCy Schubertb, m or r addresses.
231*2b15cb3dSCy Schubert<br><dt><code>broadcast</code><dd>For type b and m addresses (only), this
232*2b15cb3dSCy Schubertcommand mobilizes a persistent broadcast mode association.
233*2b15cb3dSCy SchubertMultiple
234*2b15cb3dSCy Schubertcommands can be used to specify multiple local broadcast interfaces
235*2b15cb3dSCy Schubert(subnets) and/or multiple multicast groups.
236*2b15cb3dSCy SchubertNote that local
237*2b15cb3dSCy Schubertbroadcast messages go only to the interface associated with the
238*2b15cb3dSCy Schubertsubnet specified, but multicast messages go to all interfaces.
239*2b15cb3dSCy SchubertIn broadcast mode the local server sends periodic broadcast
240*2b15cb3dSCy Schubertmessages to a client population at the
241*2b15cb3dSCy Schubert<kbd>address</kbd>
242*2b15cb3dSCy Schubertspecified, which is usually the broadcast address on (one of) the
243*2b15cb3dSCy Schubertlocal network(s) or a multicast address assigned to NTP.
244*2b15cb3dSCy SchubertThe IANA
245*2b15cb3dSCy Schuberthas assigned the multicast group address IPv4 224.0.1.1 and
246*2b15cb3dSCy SchubertIPv6 ff05::101 (site local) exclusively to
247*2b15cb3dSCy SchubertNTP, but other nonconflicting addresses can be used to contain the
248*2b15cb3dSCy Schubertmessages within administrative boundaries.
249*2b15cb3dSCy SchubertOrdinarily, this
250*2b15cb3dSCy Schubertspecification applies only to the local server operating as a
251*2b15cb3dSCy Schubertsender; for operation as a broadcast client, see the
252*2b15cb3dSCy Schubert<code>broadcastclient</code>
253*2b15cb3dSCy Schubertor
254*2b15cb3dSCy Schubert<code>multicastclient</code>
255*2b15cb3dSCy Schubertcommands
256*2b15cb3dSCy Schubertbelow.
257*2b15cb3dSCy Schubert<br><dt><code>manycastclient</code><dd>For type m addresses (only), this command mobilizes a
258*2b15cb3dSCy Schubertmanycast client mode association for the multicast address
259*2b15cb3dSCy Schubertspecified.
260*2b15cb3dSCy SchubertIn this case a specific address must be supplied which
261*2b15cb3dSCy Schubertmatches the address used on the
262*2b15cb3dSCy Schubert<code>manycastserver</code>
263*2b15cb3dSCy Schubertcommand for
264*2b15cb3dSCy Schubertthe designated manycast servers.
265*2b15cb3dSCy SchubertThe NTP multicast address
266*2b15cb3dSCy Schubert224.0.1.1 assigned by the IANA should NOT be used, unless specific
267*2b15cb3dSCy Schubertmeans are taken to avoid spraying large areas of the Internet with
268*2b15cb3dSCy Schubertthese messages and causing a possibly massive implosion of replies
269*2b15cb3dSCy Schubertat the sender.
270*2b15cb3dSCy SchubertThe
271*2b15cb3dSCy Schubert<code>manycastserver</code>
272*2b15cb3dSCy Schubertcommand specifies that the local server
273*2b15cb3dSCy Schubertis to operate in client mode with the remote servers that are
274*2b15cb3dSCy Schubertdiscovered as the result of broadcast/multicast messages.
275*2b15cb3dSCy SchubertThe
276*2b15cb3dSCy Schubertclient broadcasts a request message to the group address associated
277*2b15cb3dSCy Schubertwith the specified
278*2b15cb3dSCy Schubert<kbd>address</kbd>
279*2b15cb3dSCy Schubertand specifically enabled
280*2b15cb3dSCy Schubertservers respond to these messages.
281*2b15cb3dSCy SchubertThe client selects the servers
282*2b15cb3dSCy Schubertproviding the best time and continues as with the
283*2b15cb3dSCy Schubert<code>server</code>
284*2b15cb3dSCy Schubertcommand.
285*2b15cb3dSCy SchubertThe remaining servers are discarded as if never
286*2b15cb3dSCy Schubertheard.
287*2b15cb3dSCy Schubert</dl>
288*2b15cb3dSCy Schubert
289*2b15cb3dSCy Schubert  <p>Options:
290*2b15cb3dSCy Schubert     <dl>
291*2b15cb3dSCy Schubert<dt><code>autokey</code><dd>All packets sent to and received from the server or peer are to
292*2b15cb3dSCy Schubertinclude authentication fields encrypted using the autokey scheme
293*2b15cb3dSCy Schubertdescribed in
294*2b15cb3dSCy Schubert<a href="#Authentication-Options">Authentication Options</a>.
295*2b15cb3dSCy Schubert<br><dt><code>burst</code><dd>when the server is reachable, send a burst of eight packets
296*2b15cb3dSCy Schubertinstead of the usual one.
297*2b15cb3dSCy SchubertThe packet spacing is normally 2 s;
298*2b15cb3dSCy Schuberthowever, the spacing between the first and second packets
299*2b15cb3dSCy Schubertcan be changed with the calldelay command to allow
300*2b15cb3dSCy Schubertadditional time for a modem or ISDN call to complete.
301*2b15cb3dSCy SchubertThis is designed to improve timekeeping quality
302*2b15cb3dSCy Schubertwith the
303*2b15cb3dSCy Schubert<code>server</code>
304*2b15cb3dSCy Schubertcommand and s addresses.
305*2b15cb3dSCy Schubert<br><dt><code>iburst</code><dd>When the server is unreachable, send a burst of eight packets
306*2b15cb3dSCy Schubertinstead of the usual one.
307*2b15cb3dSCy SchubertThe packet spacing is normally 2 s;
308*2b15cb3dSCy Schuberthowever, the spacing between the first two packets can be
309*2b15cb3dSCy Schubertchanged with the calldelay command to allow
310*2b15cb3dSCy Schubertadditional time for a modem or ISDN call to complete.
311*2b15cb3dSCy SchubertThis is designed to speed the initial synchronization
312*2b15cb3dSCy Schubertacquisition with the
313*2b15cb3dSCy Schubert<code>server</code>
314*2b15cb3dSCy Schubertcommand and s addresses and when
315*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
316*2b15cb3dSCy Schubertis started with the
317*2b15cb3dSCy Schubert<code>-q</code>
318*2b15cb3dSCy Schubertoption.
319*2b15cb3dSCy Schubert<br><dt><code>key</code> <kbd>key</kbd><dd>All packets sent to and received from the server or peer are to
320*2b15cb3dSCy Schubertinclude authentication fields encrypted using the specified
321*2b15cb3dSCy Schubert<kbd>key</kbd>
322*2b15cb3dSCy Schubertidentifier with values from 1 to 65534, inclusive.
323*2b15cb3dSCy SchubertThe
324*2b15cb3dSCy Schubertdefault is to include no encryption field.
325*2b15cb3dSCy Schubert<br><dt><code>minpoll</code> <kbd>minpoll</kbd><br><dt><code>maxpoll</code> <kbd>maxpoll</kbd><dd>These options specify the minimum and maximum poll intervals
326*2b15cb3dSCy Schubertfor NTP messages, as a power of 2 in seconds
327*2b15cb3dSCy SchubertThe maximum poll
328*2b15cb3dSCy Schubertinterval defaults to 10 (1,024 s), but can be increased by the
329*2b15cb3dSCy Schubert<code>maxpoll</code>
330*2b15cb3dSCy Schubertoption to an upper limit of 17 (36.4 h).
331*2b15cb3dSCy SchubertThe
332*2b15cb3dSCy Schubertminimum poll interval defaults to 6 (64 s), but can be decreased by
333*2b15cb3dSCy Schubertthe
334*2b15cb3dSCy Schubert<code>minpoll</code>
335*2b15cb3dSCy Schubertoption to a lower limit of 4 (16 s).
336*2b15cb3dSCy Schubert<br><dt><code>noselect</code><dd>Marks the server as unused, except for display purposes.
337*2b15cb3dSCy SchubertThe server is discarded by the selection algroithm.
338*2b15cb3dSCy Schubert<br><dt><code>prefer</code><dd>Marks the server as preferred.
339*2b15cb3dSCy SchubertAll other things being equal,
340*2b15cb3dSCy Schubertthis host will be chosen for synchronization among a set of
341*2b15cb3dSCy Schubertcorrectly operating hosts.
342*2b15cb3dSCy SchubertSee the
343*2b15cb3dSCy Schubert"Mitigation Rules and the prefer Keyword"
344*2b15cb3dSCy Schubertpage
345*2b15cb3dSCy Schubert(available as part of the HTML documentation
346*2b15cb3dSCy Schubertprovided in
347*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>)
348*2b15cb3dSCy Schubertfor further information.
349*2b15cb3dSCy Schubert<br><dt><code>ttl</code> <kbd>ttl</kbd><dd>This option is used only with broadcast server and manycast
350*2b15cb3dSCy Schubertclient modes.
351*2b15cb3dSCy SchubertIt specifies the time-to-live
352*2b15cb3dSCy Schubert<kbd>ttl</kbd>
353*2b15cb3dSCy Schubertto
354*2b15cb3dSCy Schubertuse on broadcast server and multicast server and the maximum
355*2b15cb3dSCy Schubert<kbd>ttl</kbd>
356*2b15cb3dSCy Schubertfor the expanding ring search with manycast
357*2b15cb3dSCy Schubertclient packets.
358*2b15cb3dSCy SchubertSelection of the proper value, which defaults to
359*2b15cb3dSCy Schubert127, is something of a black art and should be coordinated with the
360*2b15cb3dSCy Schubertnetwork administrator.
361*2b15cb3dSCy Schubert<br><dt><code>version</code> <kbd>version</kbd><dd>Specifies the version number to be used for outgoing NTP
362*2b15cb3dSCy Schubertpackets.
363*2b15cb3dSCy SchubertVersions 1-4 are the choices, with version 4 the
364*2b15cb3dSCy Schubertdefault.
365*2b15cb3dSCy Schubert</dl>
366*2b15cb3dSCy Schubert
367*2b15cb3dSCy Schubert<h5 class="subsubsection">Auxiliary Commands</h5>
368*2b15cb3dSCy Schubert
369*2b15cb3dSCy Schubert     <dl>
370*2b15cb3dSCy Schubert<dt><code>broadcastclient</code><dd>This command enables reception of broadcast server messages to
371*2b15cb3dSCy Schubertany local interface (type b) address.
372*2b15cb3dSCy SchubertUpon receiving a message for
373*2b15cb3dSCy Schubertthe first time, the broadcast client measures the nominal server
374*2b15cb3dSCy Schubertpropagation delay using a brief client/server exchange with the
375*2b15cb3dSCy Schubertserver, then enters the broadcast client mode, in which it
376*2b15cb3dSCy Schubertsynchronizes to succeeding broadcast messages.
377*2b15cb3dSCy SchubertNote that, in order
378*2b15cb3dSCy Schubertto avoid accidental or malicious disruption in this mode, both the
379*2b15cb3dSCy Schubertserver and client should operate using symmetric-key or public-key
380*2b15cb3dSCy Schubertauthentication as described in
381*2b15cb3dSCy Schubert<a href="#Authentication-Options">Authentication Options</a>.
382*2b15cb3dSCy Schubert<br><dt><code>manycastserver</code> <kbd>address</kbd> <kbd>...</kbd><dd>This command enables reception of manycast client messages to
383*2b15cb3dSCy Schubertthe multicast group address(es) (type m) specified.
384*2b15cb3dSCy SchubertAt least one
385*2b15cb3dSCy Schubertaddress is required, but the NTP multicast address 224.0.1.1
386*2b15cb3dSCy Schubertassigned by the IANA should NOT be used, unless specific means are
387*2b15cb3dSCy Schuberttaken to limit the span of the reply and avoid a possibly massive
388*2b15cb3dSCy Schubertimplosion at the original sender.
389*2b15cb3dSCy SchubertNote that, in order to avoid
390*2b15cb3dSCy Schubertaccidental or malicious disruption in this mode, both the server
391*2b15cb3dSCy Schubertand client should operate using symmetric-key or public-key
392*2b15cb3dSCy Schubertauthentication as described in
393*2b15cb3dSCy Schubert<a href="#Authentication-Options">Authentication Options</a>.
394*2b15cb3dSCy Schubert<br><dt><code>multicastclient</code> <kbd>address</kbd> <kbd>...</kbd><dd>This command enables reception of multicast server messages to
395*2b15cb3dSCy Schubertthe multicast group address(es) (type m) specified.
396*2b15cb3dSCy SchubertUpon receiving
397*2b15cb3dSCy Schuberta message for the first time, the multicast client measures the
398*2b15cb3dSCy Schubertnominal server propagation delay using a brief client/server
399*2b15cb3dSCy Schubertexchange with the server, then enters the broadcast client mode, in
400*2b15cb3dSCy Schubertwhich it synchronizes to succeeding multicast messages.
401*2b15cb3dSCy SchubertNote that,
402*2b15cb3dSCy Schubertin order to avoid accidental or malicious disruption in this mode,
403*2b15cb3dSCy Schubertboth the server and client should operate using symmetric-key or
404*2b15cb3dSCy Schubertpublic-key authentication as described in
405*2b15cb3dSCy Schubert<a href="#Authentication-Options">Authentication Options</a>.
406*2b15cb3dSCy Schubert<br><dt><code>mdnstries</code> <kbd>number</kbd><dd>If we are participating in mDNS,
407*2b15cb3dSCy Schubertafter we have synched for the first time
408*2b15cb3dSCy Schubertwe attempt to register with the mDNS system.
409*2b15cb3dSCy SchubertIf that registration attempt fails,
410*2b15cb3dSCy Schubertwe try again at one minute intervals for up to
411*2b15cb3dSCy Schubert<code>mdnstries</code>
412*2b15cb3dSCy Schuberttimes.
413*2b15cb3dSCy SchubertAfter all,
414*2b15cb3dSCy Schubert<code>ntpd</code>
415*2b15cb3dSCy Schubertmay be starting before mDNS.
416*2b15cb3dSCy SchubertThe default value for
417*2b15cb3dSCy Schubert<code>mdnstries</code>
418*2b15cb3dSCy Schubertis 5.
419*2b15cb3dSCy Schubert</dl>
420*2b15cb3dSCy Schubert<div class="node">
421*2b15cb3dSCy Schubert<p><hr>
422*2b15cb3dSCy Schubert<a name="Authentication-Support"></a>
423*2b15cb3dSCy Schubert<br>
424*2b15cb3dSCy Schubert</div>
425*2b15cb3dSCy Schubert
426*2b15cb3dSCy Schubert<h4 class="subsection">Authentication Support</h4>
427*2b15cb3dSCy Schubert
428*2b15cb3dSCy Schubert<p>Authentication support allows the NTP client to verify that the
429*2b15cb3dSCy Schubertserver is in fact known and trusted and not an intruder intending
430*2b15cb3dSCy Schubertaccidentally or on purpose to masquerade as that server.
431*2b15cb3dSCy SchubertThe NTPv3
432*2b15cb3dSCy Schubertspecification RFC-1305 defines a scheme which provides
433*2b15cb3dSCy Schubertcryptographic authentication of received NTP packets.
434*2b15cb3dSCy SchubertOriginally,
435*2b15cb3dSCy Schubertthis was done using the Data Encryption Standard (DES) algorithm
436*2b15cb3dSCy Schubertoperating in Cipher Block Chaining (CBC) mode, commonly called
437*2b15cb3dSCy SchubertDES-CBC.
438*2b15cb3dSCy SchubertSubsequently, this was replaced by the RSA Message Digest
439*2b15cb3dSCy Schubert5 (MD5) algorithm using a private key, commonly called keyed-MD5.
440*2b15cb3dSCy SchubertEither algorithm computes a message digest, or one-way hash, which
441*2b15cb3dSCy Schubertcan be used to verify the server has the correct private key and
442*2b15cb3dSCy Schubertkey identifier.
443*2b15cb3dSCy Schubert
444*2b15cb3dSCy Schubert  <p>NTPv4 retains the NTPv3 scheme, properly described as symmetric key
445*2b15cb3dSCy Schubertcryptography and, in addition, provides a new Autokey scheme
446*2b15cb3dSCy Schubertbased on public key cryptography.
447*2b15cb3dSCy SchubertPublic key cryptography is generally considered more secure
448*2b15cb3dSCy Schubertthan symmetric key cryptography, since the security is based
449*2b15cb3dSCy Schuberton a private value which is generated by each server and
450*2b15cb3dSCy Schubertnever revealed.
451*2b15cb3dSCy SchubertWith Autokey all key distribution and
452*2b15cb3dSCy Schubertmanagement functions involve only public values, which
453*2b15cb3dSCy Schubertconsiderably simplifies key distribution and storage.
454*2b15cb3dSCy SchubertPublic key management is based on X.509 certificates,
455*2b15cb3dSCy Schubertwhich can be provided by commercial services or
456*2b15cb3dSCy Schubertproduced by utility programs in the OpenSSL software library
457*2b15cb3dSCy Schubertor the NTPv4 distribution.
458*2b15cb3dSCy Schubert
459*2b15cb3dSCy Schubert  <p>While the algorithms for symmetric key cryptography are
460*2b15cb3dSCy Schubertincluded in the NTPv4 distribution, public key cryptography
461*2b15cb3dSCy Schubertrequires the OpenSSL software library to be installed
462*2b15cb3dSCy Schubertbefore building the NTP distribution.
463*2b15cb3dSCy SchubertDirections for doing that
464*2b15cb3dSCy Schubertare on the Building and Installing the Distribution page.
465*2b15cb3dSCy Schubert
466*2b15cb3dSCy Schubert  <p>Authentication is configured separately for each association
467*2b15cb3dSCy Schubertusing the
468*2b15cb3dSCy Schubert<code>key</code>
469*2b15cb3dSCy Schubertor
470*2b15cb3dSCy Schubert<code>autokey</code>
471*2b15cb3dSCy Schubertsubcommand on the
472*2b15cb3dSCy Schubert<code>peer</code>,
473*2b15cb3dSCy Schubert<code>server</code>,
474*2b15cb3dSCy Schubert<code>broadcast</code>
475*2b15cb3dSCy Schubertand
476*2b15cb3dSCy Schubert<code>manycastclient</code>
477*2b15cb3dSCy Schubertconfiguration commands as described in
478*2b15cb3dSCy Schubert<a href="#Configuration-Options">Configuration Options</a>
479*2b15cb3dSCy Schubertpage.
480*2b15cb3dSCy SchubertThe authentication
481*2b15cb3dSCy Schubertoptions described below specify the locations of the key files,
482*2b15cb3dSCy Schubertif other than default, which symmetric keys are trusted
483*2b15cb3dSCy Schubertand the interval between various operations, if other than default.
484*2b15cb3dSCy Schubert
485*2b15cb3dSCy Schubert  <p>Authentication is always enabled,
486*2b15cb3dSCy Schubertalthough ineffective if not configured as
487*2b15cb3dSCy Schubertdescribed below.
488*2b15cb3dSCy SchubertIf a NTP packet arrives
489*2b15cb3dSCy Schubertincluding a message authentication
490*2b15cb3dSCy Schubertcode (MAC), it is accepted only if it
491*2b15cb3dSCy Schubertpasses all cryptographic checks.
492*2b15cb3dSCy SchubertThe
493*2b15cb3dSCy Schubertchecks require correct key ID, key value
494*2b15cb3dSCy Schubertand message digest.
495*2b15cb3dSCy SchubertIf the packet has
496*2b15cb3dSCy Schubertbeen modified in any way or replayed
497*2b15cb3dSCy Schubertby an intruder, it will fail one or more
498*2b15cb3dSCy Schubertof these checks and be discarded.
499*2b15cb3dSCy SchubertFurthermore, the Autokey scheme requires a
500*2b15cb3dSCy Schubertpreliminary protocol exchange to obtain
501*2b15cb3dSCy Schubertthe server certificate, verify its
502*2b15cb3dSCy Schubertcredentials and initialize the protocol
503*2b15cb3dSCy Schubert
504*2b15cb3dSCy Schubert  <p>The
505*2b15cb3dSCy Schubert<code>auth</code>
506*2b15cb3dSCy Schubertflag controls whether new associations or
507*2b15cb3dSCy Schubertremote configuration commands require cryptographic authentication.
508*2b15cb3dSCy SchubertThis flag can be set or reset by the
509*2b15cb3dSCy Schubert<code>enable</code>
510*2b15cb3dSCy Schubertand
511*2b15cb3dSCy Schubert<code>disable</code>
512*2b15cb3dSCy Schubertcommands and also by remote
513*2b15cb3dSCy Schubertconfiguration commands sent by a
514*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
515*2b15cb3dSCy Schubertprogram running in
516*2b15cb3dSCy Schubertanother machine.
517*2b15cb3dSCy SchubertIf this flag is enabled, which is the default
518*2b15cb3dSCy Schubertcase, new broadcast client and symmetric passive associations and
519*2b15cb3dSCy Schubertremote configuration commands must be cryptographically
520*2b15cb3dSCy Schubertauthenticated using either symmetric key or public key cryptography.
521*2b15cb3dSCy SchubertIf this
522*2b15cb3dSCy Schubertflag is disabled, these operations are effective
523*2b15cb3dSCy Schuberteven if not cryptographic
524*2b15cb3dSCy Schubertauthenticated.
525*2b15cb3dSCy SchubertIt should be understood
526*2b15cb3dSCy Schubertthat operating with the
527*2b15cb3dSCy Schubert<code>auth</code>
528*2b15cb3dSCy Schubertflag disabled invites a significant vulnerability
529*2b15cb3dSCy Schubertwhere a rogue hacker can
530*2b15cb3dSCy Schubertmasquerade as a falseticker and seriously
531*2b15cb3dSCy Schubertdisrupt system timekeeping.
532*2b15cb3dSCy SchubertIt is
533*2b15cb3dSCy Schubertimportant to note that this flag has no purpose
534*2b15cb3dSCy Schubertother than to allow or disallow
535*2b15cb3dSCy Schuberta new association in response to new broadcast
536*2b15cb3dSCy Schubertand symmetric active messages
537*2b15cb3dSCy Schubertand remote configuration commands and, in particular,
538*2b15cb3dSCy Schubertthe flag has no effect on
539*2b15cb3dSCy Schubertthe authentication process itself.
540*2b15cb3dSCy Schubert
541*2b15cb3dSCy Schubert  <p>An attractive alternative where multicast support is available
542*2b15cb3dSCy Schubertis manycast mode, in which clients periodically troll
543*2b15cb3dSCy Schubertfor servers as described in the
544*2b15cb3dSCy Schubert<a href="#Automatic-NTP-Configuration-Options">Automatic NTP Configuration Options</a>
545*2b15cb3dSCy Schubertpage.
546*2b15cb3dSCy SchubertEither symmetric key or public key
547*2b15cb3dSCy Schubertcryptographic authentication can be used in this mode.
548*2b15cb3dSCy SchubertThe principle advantage
549*2b15cb3dSCy Schubertof manycast mode is that potential servers need not be
550*2b15cb3dSCy Schubertconfigured in advance,
551*2b15cb3dSCy Schubertsince the client finds them during regular operation,
552*2b15cb3dSCy Schubertand the configuration
553*2b15cb3dSCy Schubertfiles for all clients can be identical.
554*2b15cb3dSCy Schubert
555*2b15cb3dSCy Schubert  <p>The security model and protocol schemes for
556*2b15cb3dSCy Schubertboth symmetric key and public key
557*2b15cb3dSCy Schubertcryptography are summarized below;
558*2b15cb3dSCy Schubertfurther details are in the briefings, papers
559*2b15cb3dSCy Schubertand reports at the NTP project page linked from
560*2b15cb3dSCy Schubert<code>http://www.ntp.org/</code>.
561*2b15cb3dSCy Schubert
562*2b15cb3dSCy Schubert<h5 class="subsubsection">Symmetric-Key Cryptography</h5>
563*2b15cb3dSCy Schubert
564*2b15cb3dSCy Schubert<p>The original RFC-1305 specification allows any one of possibly
565*2b15cb3dSCy Schubert65,534 keys, each distinguished by a 32-bit key identifier, to
566*2b15cb3dSCy Schubertauthenticate an association.
567*2b15cb3dSCy SchubertThe servers and clients involved must
568*2b15cb3dSCy Schubertagree on the key and key identifier to
569*2b15cb3dSCy Schubertauthenticate NTP packets.
570*2b15cb3dSCy SchubertKeys and
571*2b15cb3dSCy Schubertrelated information are specified in a key
572*2b15cb3dSCy Schubertfile, usually called
573*2b15cb3dSCy Schubert<span class="file">ntp.keys</span>,
574*2b15cb3dSCy Schubertwhich must be distributed and stored using
575*2b15cb3dSCy Schubertsecure means beyond the scope of the NTP protocol itself.
576*2b15cb3dSCy SchubertBesides the keys used
577*2b15cb3dSCy Schubertfor ordinary NTP associations,
578*2b15cb3dSCy Schubertadditional keys can be used as passwords for the
579*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
580*2b15cb3dSCy Schubertand
581*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
582*2b15cb3dSCy Schubertutility programs.
583*2b15cb3dSCy Schubert
584*2b15cb3dSCy Schubert  <p>When
585*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
586*2b15cb3dSCy Schubertis first started, it reads the key file specified in the
587*2b15cb3dSCy Schubert<code>keys</code>
588*2b15cb3dSCy Schubertconfiguration command and installs the keys
589*2b15cb3dSCy Schubertin the key cache.
590*2b15cb3dSCy SchubertHowever,
591*2b15cb3dSCy Schubertindividual keys must be activated with the
592*2b15cb3dSCy Schubert<code>trusted</code>
593*2b15cb3dSCy Schubertcommand before use.
594*2b15cb3dSCy SchubertThis
595*2b15cb3dSCy Schubertallows, for instance, the installation of possibly
596*2b15cb3dSCy Schubertseveral batches of keys and
597*2b15cb3dSCy Schubertthen activating or deactivating each batch
598*2b15cb3dSCy Schubertremotely using
599*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>.
600*2b15cb3dSCy SchubertThis also provides a revocation capability that can be used
601*2b15cb3dSCy Schubertif a key becomes compromised.
602*2b15cb3dSCy SchubertThe
603*2b15cb3dSCy Schubert<code>requestkey</code>
604*2b15cb3dSCy Schubertcommand selects the key used as the password for the
605*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
606*2b15cb3dSCy Schubertutility, while the
607*2b15cb3dSCy Schubert<code>controlkey</code>
608*2b15cb3dSCy Schubertcommand selects the key used as the password for the
609*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
610*2b15cb3dSCy Schubertutility.
611*2b15cb3dSCy Schubert
612*2b15cb3dSCy Schubert<h5 class="subsubsection">Public Key Cryptography</h5>
613*2b15cb3dSCy Schubert
614*2b15cb3dSCy Schubert<p>NTPv4 supports the original NTPv3 symmetric key scheme
615*2b15cb3dSCy Schubertdescribed in RFC-1305 and in addition the Autokey protocol,
616*2b15cb3dSCy Schubertwhich is based on public key cryptography.
617*2b15cb3dSCy SchubertThe Autokey Version 2 protocol described on the Autokey Protocol
618*2b15cb3dSCy Schubertpage verifies packet integrity using MD5 message digests
619*2b15cb3dSCy Schubertand verifies the source with digital signatures and any of several
620*2b15cb3dSCy Schubertdigest/signature schemes.
621*2b15cb3dSCy SchubertOptional identity schemes described on the Identity Schemes
622*2b15cb3dSCy Schubertpage and based on cryptographic challenge/response algorithms
623*2b15cb3dSCy Schubertare also available.
624*2b15cb3dSCy SchubertUsing all of these schemes provides strong security against
625*2b15cb3dSCy Schubertreplay with or without modification, spoofing, masquerade
626*2b15cb3dSCy Schubertand most forms of clogging attacks.
627*2b15cb3dSCy Schubert
628*2b15cb3dSCy Schubert  <p>The Autokey protocol has several modes of operation
629*2b15cb3dSCy Schubertcorresponding to the various NTP modes supported.
630*2b15cb3dSCy SchubertMost modes use a special cookie which can be
631*2b15cb3dSCy Schubertcomputed independently by the client and server,
632*2b15cb3dSCy Schubertbut encrypted in transmission.
633*2b15cb3dSCy SchubertAll modes use in addition a variant of the S-KEY scheme,
634*2b15cb3dSCy Schubertin which a pseudo-random key list is generated and used
635*2b15cb3dSCy Schubertin reverse order.
636*2b15cb3dSCy SchubertThese schemes are described along with an executive summary,
637*2b15cb3dSCy Schubertcurrent status, briefing slides and reading list on the
638*2b15cb3dSCy Schubert<a href="#Autonomous-Authentication">Autonomous Authentication</a>
639*2b15cb3dSCy Schubertpage.
640*2b15cb3dSCy Schubert
641*2b15cb3dSCy Schubert  <p>The specific cryptographic environment used by Autokey servers
642*2b15cb3dSCy Schubertand clients is determined by a set of files
643*2b15cb3dSCy Schubertand soft links generated by the
644*2b15cb3dSCy Schubert<code>ntp-keygen(1ntpkeygenmdoc)</code>
645*2b15cb3dSCy Schubertprogram.
646*2b15cb3dSCy SchubertThis includes a required host key file,
647*2b15cb3dSCy Schubertrequired certificate file and optional sign key file,
648*2b15cb3dSCy Schubertleapsecond file and identity scheme files.
649*2b15cb3dSCy SchubertThe
650*2b15cb3dSCy Schubertdigest/signature scheme is specified in the X.509 certificate
651*2b15cb3dSCy Schubertalong with the matching sign key.
652*2b15cb3dSCy SchubertThere are several schemes
653*2b15cb3dSCy Schubertavailable in the OpenSSL software library, each identified
654*2b15cb3dSCy Schubertby a specific string such as
655*2b15cb3dSCy Schubert<code>md5WithRSAEncryption</code>,
656*2b15cb3dSCy Schubertwhich stands for the MD5 message digest with RSA
657*2b15cb3dSCy Schubertencryption scheme.
658*2b15cb3dSCy SchubertThe current NTP distribution supports
659*2b15cb3dSCy Schubertall the schemes in the OpenSSL library, including
660*2b15cb3dSCy Schubertthose based on RSA and DSA digital signatures.
661*2b15cb3dSCy Schubert
662*2b15cb3dSCy Schubert  <p>NTP secure groups can be used to define cryptographic compartments
663*2b15cb3dSCy Schubertand security hierarchies.
664*2b15cb3dSCy SchubertIt is important that every host
665*2b15cb3dSCy Schubertin the group be able to construct a certificate trail to one
666*2b15cb3dSCy Schubertor more trusted hosts in the same group.
667*2b15cb3dSCy SchubertEach group
668*2b15cb3dSCy Schuberthost runs the Autokey protocol to obtain the certificates
669*2b15cb3dSCy Schubertfor all hosts along the trail to one or more trusted hosts.
670*2b15cb3dSCy SchubertThis requires the configuration file in all hosts to be
671*2b15cb3dSCy Schubertengineered so that, even under anticipated failure conditions,
672*2b15cb3dSCy Schubertthe NTP subnet will form such that every group host can find
673*2b15cb3dSCy Schuberta trail to at least one trusted host.
674*2b15cb3dSCy Schubert
675*2b15cb3dSCy Schubert<h5 class="subsubsection">Naming and Addressing</h5>
676*2b15cb3dSCy Schubert
677*2b15cb3dSCy Schubert<p>It is important to note that Autokey does not use DNS to
678*2b15cb3dSCy Schubertresolve addresses, since DNS can't be completely trusted
679*2b15cb3dSCy Schubertuntil the name servers have synchronized clocks.
680*2b15cb3dSCy SchubertThe cryptographic name used by Autokey to bind the host identity
681*2b15cb3dSCy Schubertcredentials and cryptographic values must be independent
682*2b15cb3dSCy Schubertof interface, network and any other naming convention.
683*2b15cb3dSCy SchubertThe name appears in the host certificate in either or both
684*2b15cb3dSCy Schubertthe subject and issuer fields, so protection against
685*2b15cb3dSCy SchubertDNS compromise is essential.
686*2b15cb3dSCy Schubert
687*2b15cb3dSCy Schubert  <p>By convention, the name of an Autokey host is the name returned
688*2b15cb3dSCy Schubertby the Unix
689*2b15cb3dSCy Schubert<code>gethostname(2)</code>
690*2b15cb3dSCy Schubertsystem call or equivalent in other systems.
691*2b15cb3dSCy SchubertBy the system design
692*2b15cb3dSCy Schubertmodel, there are no provisions to allow alternate names or aliases.
693*2b15cb3dSCy SchubertHowever, this is not to say that DNS aliases, different names
694*2b15cb3dSCy Schubertfor each interface, etc., are constrained in any way.
695*2b15cb3dSCy Schubert
696*2b15cb3dSCy Schubert  <p>It is also important to note that Autokey verifies authenticity
697*2b15cb3dSCy Schubertusing the host name, network address and public keys,
698*2b15cb3dSCy Schubertall of which are bound together by the protocol specifically
699*2b15cb3dSCy Schubertto deflect masquerade attacks.
700*2b15cb3dSCy SchubertFor this reason Autokey
701*2b15cb3dSCy Schubertincludes the source and destinatino IP addresses in message digest
702*2b15cb3dSCy Schubertcomputations and so the same addresses must be available
703*2b15cb3dSCy Schubertat both the server and client.
704*2b15cb3dSCy SchubertFor this reason operation
705*2b15cb3dSCy Schubertwith network address translation schemes is not possible.
706*2b15cb3dSCy SchubertThis reflects the intended robust security model where government
707*2b15cb3dSCy Schubertand corporate NTP servers are operated outside firewall perimeters.
708*2b15cb3dSCy Schubert
709*2b15cb3dSCy Schubert<h5 class="subsubsection">Operation</h5>
710*2b15cb3dSCy Schubert
711*2b15cb3dSCy Schubert<p>A specific combination of authentication scheme (none,
712*2b15cb3dSCy Schubertsymmetric key, public key) and identity scheme is called
713*2b15cb3dSCy Schuberta cryptotype, although not all combinations are compatible.
714*2b15cb3dSCy SchubertThere may be management configurations where the clients,
715*2b15cb3dSCy Schubertservers and peers may not all support the same cryptotypes.
716*2b15cb3dSCy SchubertA secure NTPv4 subnet can be configured in many ways while
717*2b15cb3dSCy Schubertkeeping in mind the principles explained above and
718*2b15cb3dSCy Schubertin this section.
719*2b15cb3dSCy SchubertNote however that some cryptotype
720*2b15cb3dSCy Schubertcombinations may successfully interoperate with each other,
721*2b15cb3dSCy Schubertbut may not represent good security practice.
722*2b15cb3dSCy Schubert
723*2b15cb3dSCy Schubert  <p>The cryptotype of an association is determined at the time
724*2b15cb3dSCy Schubertof mobilization, either at configuration time or some time
725*2b15cb3dSCy Schubertlater when a message of appropriate cryptotype arrives.
726*2b15cb3dSCy SchubertWhen mobilized by a
727*2b15cb3dSCy Schubert<code>server</code>
728*2b15cb3dSCy Schubertor
729*2b15cb3dSCy Schubert<code>peer</code>
730*2b15cb3dSCy Schubertconfiguration command and no
731*2b15cb3dSCy Schubert<code>key</code>
732*2b15cb3dSCy Schubertor
733*2b15cb3dSCy Schubert<code>autokey</code>
734*2b15cb3dSCy Schubertsubcommands are present, the association is not
735*2b15cb3dSCy Schubertauthenticated; if the
736*2b15cb3dSCy Schubert<code>key</code>
737*2b15cb3dSCy Schubertsubcommand is present, the association is authenticated
738*2b15cb3dSCy Schubertusing the symmetric key ID specified; if the
739*2b15cb3dSCy Schubert<code>autokey</code>
740*2b15cb3dSCy Schubertsubcommand is present, the association is authenticated
741*2b15cb3dSCy Schubertusing Autokey.
742*2b15cb3dSCy Schubert
743*2b15cb3dSCy Schubert  <p>When multiple identity schemes are supported in the Autokey
744*2b15cb3dSCy Schubertprotocol, the first message exchange determines which one is used.
745*2b15cb3dSCy SchubertThe client request message contains bits corresponding
746*2b15cb3dSCy Schubertto which schemes it has available.
747*2b15cb3dSCy SchubertThe server response message
748*2b15cb3dSCy Schubertcontains bits corresponding to which schemes it has available.
749*2b15cb3dSCy SchubertBoth server and client match the received bits with their own
750*2b15cb3dSCy Schubertand select a common scheme.
751*2b15cb3dSCy Schubert
752*2b15cb3dSCy Schubert  <p>Following the principle that time is a public value,
753*2b15cb3dSCy Schuberta server responds to any client packet that matches
754*2b15cb3dSCy Schubertits cryptotype capabilities.
755*2b15cb3dSCy SchubertThus, a server receiving
756*2b15cb3dSCy Schubertan unauthenticated packet will respond with an unauthenticated
757*2b15cb3dSCy Schubertpacket, while the same server receiving a packet of a cryptotype
758*2b15cb3dSCy Schubertit supports will respond with packets of that cryptotype.
759*2b15cb3dSCy SchubertHowever, unconfigured broadcast or manycast client
760*2b15cb3dSCy Schubertassociations or symmetric passive associations will not be
761*2b15cb3dSCy Schubertmobilized unless the server supports a cryptotype compatible
762*2b15cb3dSCy Schubertwith the first packet received.
763*2b15cb3dSCy SchubertBy default, unauthenticated associations will not be mobilized
764*2b15cb3dSCy Schubertunless overridden in a decidedly dangerous way.
765*2b15cb3dSCy Schubert
766*2b15cb3dSCy Schubert  <p>Some examples may help to reduce confusion.
767*2b15cb3dSCy SchubertClient Alice has no specific cryptotype selected.
768*2b15cb3dSCy SchubertServer Bob has both a symmetric key file and minimal Autokey files.
769*2b15cb3dSCy SchubertAlice's unauthenticated messages arrive at Bob, who replies with
770*2b15cb3dSCy Schubertunauthenticated messages.
771*2b15cb3dSCy SchubertCathy has a copy of Bob's symmetric
772*2b15cb3dSCy Schubertkey file and has selected key ID 4 in messages to Bob.
773*2b15cb3dSCy SchubertBob verifies the message with his key ID 4.
774*2b15cb3dSCy SchubertIf it's the
775*2b15cb3dSCy Schubertsame key and the message is verified, Bob sends Cathy a reply
776*2b15cb3dSCy Schubertauthenticated with that key.
777*2b15cb3dSCy SchubertIf verification fails,
778*2b15cb3dSCy SchubertBob sends Cathy a thing called a crypto-NAK, which tells her
779*2b15cb3dSCy Schubertsomething broke.
780*2b15cb3dSCy SchubertShe can see the evidence using the
781*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
782*2b15cb3dSCy Schubertprogram.
783*2b15cb3dSCy Schubert
784*2b15cb3dSCy Schubert  <p>Denise has rolled her own host key and certificate.
785*2b15cb3dSCy SchubertShe also uses one of the identity schemes as Bob.
786*2b15cb3dSCy SchubertShe sends the first Autokey message to Bob and they
787*2b15cb3dSCy Schubertboth dance the protocol authentication and identity steps.
788*2b15cb3dSCy SchubertIf all comes out okay, Denise and Bob continue as described above.
789*2b15cb3dSCy Schubert
790*2b15cb3dSCy Schubert  <p>It should be clear from the above that Bob can support
791*2b15cb3dSCy Schubertall the girls at the same time, as long as he has compatible
792*2b15cb3dSCy Schubertauthentication and identity credentials.
793*2b15cb3dSCy SchubertNow, Bob can act just like the girls in his own choice of servers;
794*2b15cb3dSCy Schuberthe can run multiple configured associations with multiple different
795*2b15cb3dSCy Schubertservers (or the same server, although that might not be useful).
796*2b15cb3dSCy SchubertBut, wise security policy might preclude some cryptotype
797*2b15cb3dSCy Schubertcombinations; for instance, running an identity scheme
798*2b15cb3dSCy Schubertwith one server and no authentication with another might not be wise.
799*2b15cb3dSCy Schubert
800*2b15cb3dSCy Schubert<h5 class="subsubsection">Key Management</h5>
801*2b15cb3dSCy Schubert
802*2b15cb3dSCy Schubert<p>The cryptographic values used by the Autokey protocol are
803*2b15cb3dSCy Schubertincorporated as a set of files generated by the
804*2b15cb3dSCy Schubert<code>ntp-keygen(1ntpkeygenmdoc)</code>
805*2b15cb3dSCy Schubertutility program, including symmetric key, host key and
806*2b15cb3dSCy Schubertpublic certificate files, as well as sign key, identity parameters
807*2b15cb3dSCy Schubertand leapseconds files.
808*2b15cb3dSCy SchubertAlternatively, host and sign keys and
809*2b15cb3dSCy Schubertcertificate files can be generated by the OpenSSL utilities
810*2b15cb3dSCy Schubertand certificates can be imported from public certificate
811*2b15cb3dSCy Schubertauthorities.
812*2b15cb3dSCy SchubertNote that symmetric keys are necessary for the
813*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
814*2b15cb3dSCy Schubertand
815*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
816*2b15cb3dSCy Schubertutility programs.
817*2b15cb3dSCy SchubertThe remaining files are necessary only for the
818*2b15cb3dSCy SchubertAutokey protocol.
819*2b15cb3dSCy Schubert
820*2b15cb3dSCy Schubert  <p>Certificates imported from OpenSSL or public certificate
821*2b15cb3dSCy Schubertauthorities have certian limitations.
822*2b15cb3dSCy SchubertThe certificate should be in ASN.1 syntax, X.509 Version 3
823*2b15cb3dSCy Schubertformat and encoded in PEM, which is the same format
824*2b15cb3dSCy Schubertused by OpenSSL.
825*2b15cb3dSCy SchubertThe overall length of the certificate encoded
826*2b15cb3dSCy Schubertin ASN.1 must not exceed 1024 bytes.
827*2b15cb3dSCy SchubertThe subject distinguished
828*2b15cb3dSCy Schubertname field (CN) is the fully qualified name of the host
829*2b15cb3dSCy Schuberton which it is used; the remaining subject fields are ignored.
830*2b15cb3dSCy SchubertThe certificate extension fields must not contain either
831*2b15cb3dSCy Schuberta subject key identifier or a issuer key identifier field;
832*2b15cb3dSCy Schuberthowever, an extended key usage field for a trusted host must
833*2b15cb3dSCy Schubertcontain the value
834*2b15cb3dSCy Schubert<code>trustRoot</code>;.
835*2b15cb3dSCy SchubertOther extension fields are ignored.
836*2b15cb3dSCy Schubert
837*2b15cb3dSCy Schubert<h5 class="subsubsection">Authentication Commands</h5>
838*2b15cb3dSCy Schubert
839*2b15cb3dSCy Schubert     <dl>
840*2b15cb3dSCy Schubert<dt><code>autokey</code> <code>[</code><kbd>logsec</kbd><code>]</code><dd>Specifies the interval between regenerations of the session key
841*2b15cb3dSCy Schubertlist used with the Autokey protocol.
842*2b15cb3dSCy SchubertNote that the size of the key
843*2b15cb3dSCy Schubertlist for each association depends on this interval and the current
844*2b15cb3dSCy Schubertpoll interval.
845*2b15cb3dSCy SchubertThe default value is 12 (4096 s or about 1.1 hours).
846*2b15cb3dSCy SchubertFor poll intervals above the specified interval, a session key list
847*2b15cb3dSCy Schubertwith a single entry will be regenerated for every message
848*2b15cb3dSCy Schubertsent.
849*2b15cb3dSCy Schubert<br><dt><code>controlkey</code> <kbd>key</kbd><dd>Specifies the key identifier to use with the
850*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
851*2b15cb3dSCy Schubertutility, which uses the standard
852*2b15cb3dSCy Schubertprotocol defined in RFC-1305.
853*2b15cb3dSCy SchubertThe
854*2b15cb3dSCy Schubert<kbd>key</kbd>
855*2b15cb3dSCy Schubertargument is
856*2b15cb3dSCy Schubertthe key identifier for a trusted key, where the value can be in the
857*2b15cb3dSCy Schubertrange 1 to 65,534, inclusive.
858*2b15cb3dSCy Schubert<br><dt><code>crypto</code> <code>[cert </code><kbd>file</kbd><code>]</code> <code>[leap </code><kbd>file</kbd><code>]</code> <code>[randfile </code><kbd>file</kbd><code>]</code> <code>[host </code><kbd>file</kbd><code>]</code> <code>[sign </code><kbd>file</kbd><code>]</code> <code>[gq </code><kbd>file</kbd><code>]</code> <code>[gqpar </code><kbd>file</kbd><code>]</code> <code>[iffpar </code><kbd>file</kbd><code>]</code> <code>[mvpar </code><kbd>file</kbd><code>]</code> <code>[pw </code><kbd>password</kbd><code>]</code><dd>This command requires the OpenSSL library.
859*2b15cb3dSCy SchubertIt activates public key
860*2b15cb3dSCy Schubertcryptography, selects the message digest and signature
861*2b15cb3dSCy Schubertencryption scheme and loads the required private and public
862*2b15cb3dSCy Schubertvalues described above.
863*2b15cb3dSCy SchubertIf one or more files are left unspecified,
864*2b15cb3dSCy Schubertthe default names are used as described above.
865*2b15cb3dSCy SchubertUnless the complete path and name of the file are specified, the
866*2b15cb3dSCy Schubertlocation of a file is relative to the keys directory specified
867*2b15cb3dSCy Schubertin the
868*2b15cb3dSCy Schubert<code>keysdir</code>
869*2b15cb3dSCy Schubertcommand or default
870*2b15cb3dSCy Schubert<span class="file">/usr/local/etc</span>.
871*2b15cb3dSCy SchubertFollowing are the subcommands:
872*2b15cb3dSCy Schubert          <dl>
873*2b15cb3dSCy Schubert<dt><code>cert</code> <kbd>file</kbd><dd>Specifies the location of the required host public certificate file.
874*2b15cb3dSCy SchubertThis overrides the link
875*2b15cb3dSCy Schubert<span class="file">ntpkey_cert_</span><kbd>hostname</kbd>
876*2b15cb3dSCy Schubertin the keys directory.
877*2b15cb3dSCy Schubert<br><dt><code>gqpar</code> <kbd>file</kbd><dd>Specifies the location of the optional GQ parameters file.
878*2b15cb3dSCy SchubertThis
879*2b15cb3dSCy Schubertoverrides the link
880*2b15cb3dSCy Schubert<span class="file">ntpkey_gq_</span><kbd>hostname</kbd>
881*2b15cb3dSCy Schubertin the keys directory.
882*2b15cb3dSCy Schubert<br><dt><code>host</code> <kbd>file</kbd><dd>Specifies the location of the required host key file.
883*2b15cb3dSCy SchubertThis overrides
884*2b15cb3dSCy Schubertthe link
885*2b15cb3dSCy Schubert<span class="file">ntpkey_key_</span><kbd>hostname</kbd>
886*2b15cb3dSCy Schubertin the keys directory.
887*2b15cb3dSCy Schubert<br><dt><code>iffpar</code> <kbd>file</kbd><dd>Specifies the location of the optional IFF parameters file.This
888*2b15cb3dSCy Schubertoverrides the link
889*2b15cb3dSCy Schubert<span class="file">ntpkey_iff_</span><kbd>hostname</kbd>
890*2b15cb3dSCy Schubertin the keys directory.
891*2b15cb3dSCy Schubert<br><dt><code>leap</code> <kbd>file</kbd><dd>Specifies the location of the optional leapsecond file.
892*2b15cb3dSCy SchubertThis overrides the link
893*2b15cb3dSCy Schubert<span class="file">ntpkey_leap</span>
894*2b15cb3dSCy Schubertin the keys directory.
895*2b15cb3dSCy Schubert<br><dt><code>mvpar</code> <kbd>file</kbd><dd>Specifies the location of the optional MV parameters file.
896*2b15cb3dSCy SchubertThis
897*2b15cb3dSCy Schubertoverrides the link
898*2b15cb3dSCy Schubert<span class="file">ntpkey_mv_</span><kbd>hostname</kbd>
899*2b15cb3dSCy Schubertin the keys directory.
900*2b15cb3dSCy Schubert<br><dt><code>pw</code> <kbd>password</kbd><dd>Specifies the password to decrypt files containing private keys and
901*2b15cb3dSCy Schubertidentity parameters.
902*2b15cb3dSCy SchubertThis is required only if these files have been
903*2b15cb3dSCy Schubertencrypted.
904*2b15cb3dSCy Schubert<br><dt><code>randfile</code> <kbd>file</kbd><dd>Specifies the location of the random seed file used by the OpenSSL
905*2b15cb3dSCy Schubertlibrary.
906*2b15cb3dSCy SchubertThe defaults are described in the main text above.
907*2b15cb3dSCy Schubert<br><dt><code>sign</code> <kbd>file</kbd><dd>Specifies the location of the optional sign key file.
908*2b15cb3dSCy SchubertThis overrides
909*2b15cb3dSCy Schubertthe link
910*2b15cb3dSCy Schubert<span class="file">ntpkey_sign_</span><kbd>hostname</kbd>
911*2b15cb3dSCy Schubertin the keys directory.
912*2b15cb3dSCy SchubertIf this file is
913*2b15cb3dSCy Schubertnot found, the host key is also the sign key.
914*2b15cb3dSCy Schubert</dl>
915*2b15cb3dSCy Schubert     <br><dt><code>keys</code> <kbd>keyfile</kbd><dd>Specifies the complete path and location of the MD5 key file
916*2b15cb3dSCy Schubertcontaining the keys and key identifiers used by
917*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>,
918*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
919*2b15cb3dSCy Schubertand
920*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
921*2b15cb3dSCy Schubertwhen operating with symmetric key cryptography.
922*2b15cb3dSCy SchubertThis is the same operation as the
923*2b15cb3dSCy Schubert<code>-k</code>
924*2b15cb3dSCy Schubertcommand line option.
925*2b15cb3dSCy Schubert<br><dt><code>keysdir</code> <kbd>path</kbd><dd>This command specifies the default directory path for
926*2b15cb3dSCy Schubertcryptographic keys, parameters and certificates.
927*2b15cb3dSCy SchubertThe default is
928*2b15cb3dSCy Schubert<span class="file">/usr/local/etc/</span>.
929*2b15cb3dSCy Schubert<br><dt><code>requestkey</code> <kbd>key</kbd><dd>Specifies the key identifier to use with the
930*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
931*2b15cb3dSCy Schubertutility program, which uses a
932*2b15cb3dSCy Schubertproprietary protocol specific to this implementation of
933*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>.
934*2b15cb3dSCy SchubertThe
935*2b15cb3dSCy Schubert<kbd>key</kbd>
936*2b15cb3dSCy Schubertargument is a key identifier
937*2b15cb3dSCy Schubertfor the trusted key, where the value can be in the range 1 to
938*2b15cb3dSCy Schubert65,534, inclusive.
939*2b15cb3dSCy Schubert<br><dt><code>revoke</code> <kbd>logsec</kbd><dd>Specifies the interval between re-randomization of certain
940*2b15cb3dSCy Schubertcryptographic values used by the Autokey scheme, as a power of 2 in
941*2b15cb3dSCy Schubertseconds.
942*2b15cb3dSCy SchubertThese values need to be updated frequently in order to
943*2b15cb3dSCy Schubertdeflect brute-force attacks on the algorithms of the scheme;
944*2b15cb3dSCy Schuberthowever, updating some values is a relatively expensive operation.
945*2b15cb3dSCy SchubertThe default interval is 16 (65,536 s or about 18 hours).
946*2b15cb3dSCy SchubertFor poll
947*2b15cb3dSCy Schubertintervals above the specified interval, the values will be updated
948*2b15cb3dSCy Schubertfor every message sent.
949*2b15cb3dSCy Schubert<br><dt><code>trustedkey</code> <kbd>key</kbd> <kbd>...</kbd><dd>Specifies the key identifiers which are trusted for the
950*2b15cb3dSCy Schubertpurposes of authenticating peers with symmetric key cryptography,
951*2b15cb3dSCy Schubertas well as keys used by the
952*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
953*2b15cb3dSCy Schubertand
954*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
955*2b15cb3dSCy Schubertprograms.
956*2b15cb3dSCy SchubertThe authentication procedures require that both the local
957*2b15cb3dSCy Schubertand remote servers share the same key and key identifier for this
958*2b15cb3dSCy Schubertpurpose, although different keys can be used with different
959*2b15cb3dSCy Schubertservers.
960*2b15cb3dSCy SchubertThe
961*2b15cb3dSCy Schubert<kbd>key</kbd>
962*2b15cb3dSCy Schubertarguments are 32-bit unsigned
963*2b15cb3dSCy Schubertintegers with values from 1 to 65,534.
964*2b15cb3dSCy Schubert</dl>
965*2b15cb3dSCy Schubert
966*2b15cb3dSCy Schubert<h5 class="subsubsection">Error Codes</h5>
967*2b15cb3dSCy Schubert
968*2b15cb3dSCy Schubert<p>The following error codes are reported via the NTP control
969*2b15cb3dSCy Schubertand monitoring protocol trap mechanism.
970*2b15cb3dSCy Schubert     <dl>
971*2b15cb3dSCy Schubert<dt>101<dd>(bad field format or length)
972*2b15cb3dSCy SchubertThe packet has invalid version, length or format.
973*2b15cb3dSCy Schubert<br><dt>102<dd>(bad timestamp)
974*2b15cb3dSCy SchubertThe packet timestamp is the same or older than the most recent received.
975*2b15cb3dSCy SchubertThis could be due to a replay or a server clock time step.
976*2b15cb3dSCy Schubert<br><dt>103<dd>(bad filestamp)
977*2b15cb3dSCy SchubertThe packet filestamp is the same or older than the most recent received.
978*2b15cb3dSCy SchubertThis could be due to a replay or a key file generation error.
979*2b15cb3dSCy Schubert<br><dt>104<dd>(bad or missing public key)
980*2b15cb3dSCy SchubertThe public key is missing, has incorrect format or is an unsupported type.
981*2b15cb3dSCy Schubert<br><dt>105<dd>(unsupported digest type)
982*2b15cb3dSCy SchubertThe server requires an unsupported digest/signature scheme.
983*2b15cb3dSCy Schubert<br><dt>106<dd>(mismatched digest types)
984*2b15cb3dSCy SchubertNot used.
985*2b15cb3dSCy Schubert<br><dt>107<dd>(bad signature length)
986*2b15cb3dSCy SchubertThe signature length does not match the current public key.
987*2b15cb3dSCy Schubert<br><dt>108<dd>(signature not verified)
988*2b15cb3dSCy SchubertThe message fails the signature check.
989*2b15cb3dSCy SchubertIt could be bogus or signed by a
990*2b15cb3dSCy Schubertdifferent private key.
991*2b15cb3dSCy Schubert<br><dt>109<dd>(certificate not verified)
992*2b15cb3dSCy SchubertThe certificate is invalid or signed with the wrong key.
993*2b15cb3dSCy Schubert<br><dt>110<dd>(certificate not verified)
994*2b15cb3dSCy SchubertThe certificate is not yet valid or has expired or the signature could not
995*2b15cb3dSCy Schubertbe verified.
996*2b15cb3dSCy Schubert<br><dt>111<dd>(bad or missing cookie)
997*2b15cb3dSCy SchubertThe cookie is missing, corrupted or bogus.
998*2b15cb3dSCy Schubert<br><dt>112<dd>(bad or missing leapseconds table)
999*2b15cb3dSCy SchubertThe leapseconds table is missing, corrupted or bogus.
1000*2b15cb3dSCy Schubert<br><dt>113<dd>(bad or missing certificate)
1001*2b15cb3dSCy SchubertThe certificate is missing, corrupted or bogus.
1002*2b15cb3dSCy Schubert<br><dt>114<dd>(bad or missing identity)
1003*2b15cb3dSCy SchubertThe identity key is missing, corrupt or bogus.
1004*2b15cb3dSCy Schubert</dl>
1005*2b15cb3dSCy Schubert  <div class="node">
1006*2b15cb3dSCy Schubert<p><hr>
1007*2b15cb3dSCy Schubert<a name="Monitoring-Support"></a>
1008*2b15cb3dSCy Schubert<br>
1009*2b15cb3dSCy Schubert</div>
1010*2b15cb3dSCy Schubert
1011*2b15cb3dSCy Schubert<h4 class="subsection">Monitoring Support</h4>
1012*2b15cb3dSCy Schubert
1013*2b15cb3dSCy Schubert<p><code>ntpd(1ntpdmdoc)</code>
1014*2b15cb3dSCy Schubertincludes a comprehensive monitoring facility suitable
1015*2b15cb3dSCy Schubertfor continuous, long term recording of server and client
1016*2b15cb3dSCy Schuberttimekeeping performance.
1017*2b15cb3dSCy SchubertSee the
1018*2b15cb3dSCy Schubert<code>statistics</code>
1019*2b15cb3dSCy Schubertcommand below
1020*2b15cb3dSCy Schubertfor a listing and example of each type of statistics currently
1021*2b15cb3dSCy Schubertsupported.
1022*2b15cb3dSCy SchubertStatistic files are managed using file generation sets
1023*2b15cb3dSCy Schubertand scripts in the
1024*2b15cb3dSCy Schubert<span class="file">./scripts</span>
1025*2b15cb3dSCy Schubertdirectory of this distribution.
1026*2b15cb3dSCy SchubertUsing
1027*2b15cb3dSCy Schubertthese facilities and
1028*2b15cb3dSCy Schubert<span class="sc">unix</span>
1029*2b15cb3dSCy Schubert<code>cron(8)</code>
1030*2b15cb3dSCy Schubertjobs, the data can be
1031*2b15cb3dSCy Schubertautomatically summarized and archived for retrospective analysis.
1032*2b15cb3dSCy Schubert
1033*2b15cb3dSCy Schubert<h5 class="subsubsection">Monitoring Commands</h5>
1034*2b15cb3dSCy Schubert
1035*2b15cb3dSCy Schubert     <dl>
1036*2b15cb3dSCy Schubert<dt><code>statistics</code> <kbd>name</kbd> <kbd>...</kbd><dd>Enables writing of statistics records.
1037*2b15cb3dSCy SchubertCurrently, eight kinds of
1038*2b15cb3dSCy Schubert<kbd>name</kbd>
1039*2b15cb3dSCy Schubertstatistics are supported.
1040*2b15cb3dSCy Schubert          <dl>
1041*2b15cb3dSCy Schubert<dt><code>clockstats</code><dd>Enables recording of clock driver statistics information.
1042*2b15cb3dSCy SchubertEach update
1043*2b15cb3dSCy Schubertreceived from a clock driver appends a line of the following form to
1044*2b15cb3dSCy Schubertthe file generation set named
1045*2b15cb3dSCy Schubert<code>clockstats</code>:
1046*2b15cb3dSCy Schubert<pre class="verbatim">
1047*2b15cb3dSCy Schubert          49213 525.624 127.127.4.1 93 226 00:08:29.606 D
1048*2b15cb3dSCy Schubert     </pre>
1049*2b15cb3dSCy Schubert
1050*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and time
1051*2b15cb3dSCy Schubert(seconds and fraction past UTC midnight).
1052*2b15cb3dSCy SchubertThe next field shows the
1053*2b15cb3dSCy Schubertclock address in dotted-quad notation.
1054*2b15cb3dSCy SchubertThe final field shows the last
1055*2b15cb3dSCy Schuberttimecode received from the clock in decoded ASCII format, where
1056*2b15cb3dSCy Schubertmeaningful.
1057*2b15cb3dSCy SchubertIn some clock drivers a good deal of additional information
1058*2b15cb3dSCy Schubertcan be gathered and displayed as well.
1059*2b15cb3dSCy SchubertSee information specific to each
1060*2b15cb3dSCy Schubertclock for further details.
1061*2b15cb3dSCy Schubert<br><dt><code>cryptostats</code><dd>This option requires the OpenSSL cryptographic software library.
1062*2b15cb3dSCy SchubertIt
1063*2b15cb3dSCy Schubertenables recording of cryptographic public key protocol information.
1064*2b15cb3dSCy SchubertEach message received by the protocol module appends a line of the
1065*2b15cb3dSCy Schubertfollowing form to the file generation set named
1066*2b15cb3dSCy Schubert<code>cryptostats</code>:
1067*2b15cb3dSCy Schubert<pre class="verbatim">
1068*2b15cb3dSCy Schubert          49213 525.624 127.127.4.1 message
1069*2b15cb3dSCy Schubert     </pre>
1070*2b15cb3dSCy Schubert
1071*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and time
1072*2b15cb3dSCy Schubert(seconds and fraction past UTC midnight).
1073*2b15cb3dSCy SchubertThe next field shows the peer
1074*2b15cb3dSCy Schubertaddress in dotted-quad notation, The final message field includes the
1075*2b15cb3dSCy Schubertmessage type and certain ancillary information.
1076*2b15cb3dSCy SchubertSee the
1077*2b15cb3dSCy Schubert<a href="#Authentication-Options">Authentication Options</a>
1078*2b15cb3dSCy Schubertsection for further information.
1079*2b15cb3dSCy Schubert<br><dt><code>loopstats</code><dd>Enables recording of loop filter statistics information.
1080*2b15cb3dSCy SchubertEach
1081*2b15cb3dSCy Schubertupdate of the local clock outputs a line of the following form to
1082*2b15cb3dSCy Schubertthe file generation set named
1083*2b15cb3dSCy Schubert<code>loopstats</code>:
1084*2b15cb3dSCy Schubert<pre class="verbatim">
1085*2b15cb3dSCy Schubert          50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
1086*2b15cb3dSCy Schubert     </pre>
1087*2b15cb3dSCy Schubert
1088*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and
1089*2b15cb3dSCy Schuberttime (seconds and fraction past UTC midnight).
1090*2b15cb3dSCy SchubertThe next five fields
1091*2b15cb3dSCy Schubertshow time offset (seconds), frequency offset (parts per million -
1092*2b15cb3dSCy SchubertPPM), RMS jitter (seconds), Allan deviation (PPM) and clock
1093*2b15cb3dSCy Schubertdiscipline time constant.
1094*2b15cb3dSCy Schubert<br><dt><code>peerstats</code><dd>Enables recording of peer statistics information.
1095*2b15cb3dSCy SchubertThis includes
1096*2b15cb3dSCy Schubertstatistics records of all peers of a NTP server and of special
1097*2b15cb3dSCy Schubertsignals, where present and configured.
1098*2b15cb3dSCy SchubertEach valid update appends a
1099*2b15cb3dSCy Schubertline of the following form to the current element of a file
1100*2b15cb3dSCy Schubertgeneration set named
1101*2b15cb3dSCy Schubert<code>peerstats</code>:
1102*2b15cb3dSCy Schubert<pre class="verbatim">
1103*2b15cb3dSCy Schubert          48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
1104*2b15cb3dSCy Schubert     </pre>
1105*2b15cb3dSCy Schubert
1106*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and
1107*2b15cb3dSCy Schuberttime (seconds and fraction past UTC midnight).
1108*2b15cb3dSCy SchubertThe next two fields
1109*2b15cb3dSCy Schubertshow the peer address in dotted-quad notation and status,
1110*2b15cb3dSCy Schubertrespectively.
1111*2b15cb3dSCy SchubertThe status field is encoded in hex in the format
1112*2b15cb3dSCy Schubertdescribed in Appendix A of the NTP specification RFC 1305.
1113*2b15cb3dSCy SchubertThe final four fields show the offset,
1114*2b15cb3dSCy Schubertdelay, dispersion and RMS jitter, all in seconds.
1115*2b15cb3dSCy Schubert<br><dt><code>rawstats</code><dd>Enables recording of raw-timestamp statistics information.
1116*2b15cb3dSCy SchubertThis
1117*2b15cb3dSCy Schubertincludes statistics records of all peers of a NTP server and of
1118*2b15cb3dSCy Schubertspecial signals, where present and configured.
1119*2b15cb3dSCy SchubertEach NTP message
1120*2b15cb3dSCy Schubertreceived from a peer or clock driver appends a line of the
1121*2b15cb3dSCy Schubertfollowing form to the file generation set named
1122*2b15cb3dSCy Schubert<code>rawstats</code>:
1123*2b15cb3dSCy Schubert<pre class="verbatim">
1124*2b15cb3dSCy Schubert          50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
1125*2b15cb3dSCy Schubert     </pre>
1126*2b15cb3dSCy Schubert
1127*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and
1128*2b15cb3dSCy Schuberttime (seconds and fraction past UTC midnight).
1129*2b15cb3dSCy SchubertThe next two fields
1130*2b15cb3dSCy Schubertshow the remote peer or clock address followed by the local address
1131*2b15cb3dSCy Schubertin dotted-quad notation.
1132*2b15cb3dSCy SchubertThe final four fields show the originate,
1133*2b15cb3dSCy Schubertreceive, transmit and final NTP timestamps in order.
1134*2b15cb3dSCy SchubertThe timestamp
1135*2b15cb3dSCy Schubertvalues are as received and before processing by the various data
1136*2b15cb3dSCy Schubertsmoothing and mitigation algorithms.
1137*2b15cb3dSCy Schubert<br><dt><code>sysstats</code><dd>Enables recording of ntpd statistics counters on a periodic basis.
1138*2b15cb3dSCy SchubertEach
1139*2b15cb3dSCy Schuberthour a line of the following form is appended to the file generation
1140*2b15cb3dSCy Schubertset named
1141*2b15cb3dSCy Schubert<code>sysstats</code>:
1142*2b15cb3dSCy Schubert<pre class="verbatim">
1143*2b15cb3dSCy Schubert          50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
1144*2b15cb3dSCy Schubert     </pre>
1145*2b15cb3dSCy Schubert
1146*2b15cb3dSCy Schubert          <p>The first two fields show the date (Modified Julian Day) and time
1147*2b15cb3dSCy Schubert(seconds and fraction past UTC midnight).
1148*2b15cb3dSCy SchubertThe remaining ten fields show
1149*2b15cb3dSCy Schubertthe statistics counter values accumulated since the last generated
1150*2b15cb3dSCy Schubertline.
1151*2b15cb3dSCy Schubert               <dl>
1152*2b15cb3dSCy Schubert<dt>Time since restart <code>36000</code><dd>Time in hours since the system was last rebooted.
1153*2b15cb3dSCy Schubert<br><dt>Packets received <code>81965</code><dd>Total number of packets received.
1154*2b15cb3dSCy Schubert<br><dt>Packets processed <code>0</code><dd>Number of packets received in response to previous packets sent
1155*2b15cb3dSCy Schubert<br><dt>Current version <code>9546</code><dd>Number of packets matching the current NTP version.
1156*2b15cb3dSCy Schubert<br><dt>Previous version <code>56</code><dd>Number of packets matching the previous NTP version.
1157*2b15cb3dSCy Schubert<br><dt>Bad version <code>71793</code><dd>Number of packets matching neither NTP version.
1158*2b15cb3dSCy Schubert<br><dt>Access denied <code>512</code><dd>Number of packets denied access for any reason.
1159*2b15cb3dSCy Schubert<br><dt>Bad length or format <code>540</code><dd>Number of packets with invalid length, format or port number.
1160*2b15cb3dSCy Schubert<br><dt>Bad authentication <code>10</code><dd>Number of packets not verified as authentic.
1161*2b15cb3dSCy Schubert<br><dt>Rate exceeded <code>147</code><dd>Number of packets discarded due to rate limitation.
1162*2b15cb3dSCy Schubert</dl>
1163*2b15cb3dSCy Schubert          <br><dt><code>statsdir</code> <kbd>directory_path</kbd><dd>Indicates the full path of a directory where statistics files
1164*2b15cb3dSCy Schubertshould be created (see below).
1165*2b15cb3dSCy SchubertThis keyword allows
1166*2b15cb3dSCy Schubertthe (otherwise constant)
1167*2b15cb3dSCy Schubert<code>filegen</code>
1168*2b15cb3dSCy Schubertfilename prefix to be modified for file generation sets, which
1169*2b15cb3dSCy Schubertis useful for handling statistics logs.
1170*2b15cb3dSCy Schubert<br><dt><code>filegen</code> <kbd>name</kbd> <code>[file </code><kbd>filename</kbd><code>]</code> <code>[type </code><kbd>typename</kbd><code>]</code> <code>[link | nolink]</code> <code>[enable | disable]</code><dd>Configures setting of generation file set name.
1171*2b15cb3dSCy SchubertGeneration
1172*2b15cb3dSCy Schubertfile sets provide a means for handling files that are
1173*2b15cb3dSCy Schubertcontinuously growing during the lifetime of a server.
1174*2b15cb3dSCy SchubertServer statistics are a typical example for such files.
1175*2b15cb3dSCy SchubertGeneration file sets provide access to a set of files used
1176*2b15cb3dSCy Schubertto store the actual data.
1177*2b15cb3dSCy SchubertAt any time at most one element
1178*2b15cb3dSCy Schubertof the set is being written to.
1179*2b15cb3dSCy SchubertThe type given specifies
1180*2b15cb3dSCy Schubertwhen and how data will be directed to a new element of the set.
1181*2b15cb3dSCy SchubertThis way, information stored in elements of a file set
1182*2b15cb3dSCy Schubertthat are currently unused are available for administrational
1183*2b15cb3dSCy Schubertoperations without the risk of disturbing the operation of ntpd.
1184*2b15cb3dSCy Schubert(Most important: they can be removed to free space for new data
1185*2b15cb3dSCy Schubertproduced.)
1186*2b15cb3dSCy Schubert
1187*2b15cb3dSCy Schubert          <p>Note that this command can be sent from the
1188*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
1189*2b15cb3dSCy Schubertprogram running at a remote location.
1190*2b15cb3dSCy Schubert               <dl>
1191*2b15cb3dSCy Schubert<dt><code>name</code><dd>This is the type of the statistics records, as shown in the
1192*2b15cb3dSCy Schubert<code>statistics</code>
1193*2b15cb3dSCy Schubertcommand.
1194*2b15cb3dSCy Schubert<br><dt><code>file</code> <kbd>filename</kbd><dd>This is the file name for the statistics records.
1195*2b15cb3dSCy SchubertFilenames of set
1196*2b15cb3dSCy Schubertmembers are built from three concatenated elements
1197*2b15cb3dSCy Schubert<code>prefix</code>,
1198*2b15cb3dSCy Schubert<code>filename</code>
1199*2b15cb3dSCy Schubertand
1200*2b15cb3dSCy Schubert<code>suffix</code>:
1201*2b15cb3dSCy Schubert                    <dl>
1202*2b15cb3dSCy Schubert<dt><code>prefix</code><dd>This is a constant filename path.
1203*2b15cb3dSCy SchubertIt is not subject to
1204*2b15cb3dSCy Schubertmodifications via the
1205*2b15cb3dSCy Schubert<kbd>filegen</kbd>
1206*2b15cb3dSCy Schubertoption.
1207*2b15cb3dSCy SchubertIt is defined by the
1208*2b15cb3dSCy Schubertserver, usually specified as a compile-time constant.
1209*2b15cb3dSCy SchubertIt may,
1210*2b15cb3dSCy Schuberthowever, be configurable for individual file generation sets
1211*2b15cb3dSCy Schubertvia other commands.
1212*2b15cb3dSCy SchubertFor example, the prefix used with
1213*2b15cb3dSCy Schubert<kbd>loopstats</kbd>
1214*2b15cb3dSCy Schubertand
1215*2b15cb3dSCy Schubert<kbd>peerstats</kbd>
1216*2b15cb3dSCy Schubertgeneration can be configured using the
1217*2b15cb3dSCy Schubert<kbd>statsdir</kbd>
1218*2b15cb3dSCy Schubertoption explained above.
1219*2b15cb3dSCy Schubert<br><dt><code>filename</code><dd>This string is directly concatenated to the prefix mentioned
1220*2b15cb3dSCy Schubertabove (no intervening
1221*2b15cb3dSCy Schubert/).
1222*2b15cb3dSCy SchubertThis can be modified using
1223*2b15cb3dSCy Schubertthe file argument to the
1224*2b15cb3dSCy Schubert<kbd>filegen</kbd>
1225*2b15cb3dSCy Schubertstatement.
1226*2b15cb3dSCy SchubertNo
1227*2b15cb3dSCy Schubert<span class="file">..</span>
1228*2b15cb3dSCy Schubertelements are
1229*2b15cb3dSCy Schubertallowed in this component to prevent filenames referring to
1230*2b15cb3dSCy Schubertparts outside the filesystem hierarchy denoted by
1231*2b15cb3dSCy Schubert<kbd>prefix</kbd>.
1232*2b15cb3dSCy Schubert<br><dt><code>suffix</code><dd>This part is reflects individual elements of a file set.
1233*2b15cb3dSCy SchubertIt is
1234*2b15cb3dSCy Schubertgenerated according to the type of a file set.
1235*2b15cb3dSCy Schubert</dl>
1236*2b15cb3dSCy Schubert               <br><dt><code>type</code> <kbd>typename</kbd><dd>A file generation set is characterized by its type.
1237*2b15cb3dSCy SchubertThe following
1238*2b15cb3dSCy Schuberttypes are supported:
1239*2b15cb3dSCy Schubert                    <dl>
1240*2b15cb3dSCy Schubert<dt><code>none</code><dd>The file set is actually a single plain file.
1241*2b15cb3dSCy Schubert<br><dt><code>pid</code><dd>One element of file set is used per incarnation of a ntpd
1242*2b15cb3dSCy Schubertserver.
1243*2b15cb3dSCy SchubertThis type does not perform any changes to file set
1244*2b15cb3dSCy Schubertmembers during runtime, however it provides an easy way of
1245*2b15cb3dSCy Schubertseparating files belonging to different
1246*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1247*2b15cb3dSCy Schubertserver incarnations.
1248*2b15cb3dSCy SchubertThe set member filename is built by appending a
1249*2b15cb3dSCy Schubert.
1250*2b15cb3dSCy Schubertto concatenated
1251*2b15cb3dSCy Schubert<kbd>prefix</kbd>
1252*2b15cb3dSCy Schubertand
1253*2b15cb3dSCy Schubert<kbd>filename</kbd>
1254*2b15cb3dSCy Schubertstrings, and
1255*2b15cb3dSCy Schubertappending the decimal representation of the process ID of the
1256*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1257*2b15cb3dSCy Schubertserver process.
1258*2b15cb3dSCy Schubert<br><dt><code>day</code><dd>One file generation set element is created per day.
1259*2b15cb3dSCy SchubertA day is
1260*2b15cb3dSCy Schubertdefined as the period between 00:00 and 24:00 UTC.
1261*2b15cb3dSCy SchubertThe file set
1262*2b15cb3dSCy Schubertmember suffix consists of a
1263*2b15cb3dSCy Schubert.
1264*2b15cb3dSCy Schubertand a day specification in
1265*2b15cb3dSCy Schubertthe form
1266*2b15cb3dSCy Schubert<code>YYYYMMdd</code>.
1267*2b15cb3dSCy Schubert<code>YYYY</code>
1268*2b15cb3dSCy Schubertis a 4-digit year number (e.g., 1992).
1269*2b15cb3dSCy Schubert<code>MM</code>
1270*2b15cb3dSCy Schubertis a two digit month number.
1271*2b15cb3dSCy Schubert<code>dd</code>
1272*2b15cb3dSCy Schubertis a two digit day number.
1273*2b15cb3dSCy SchubertThus, all information written at 10 December 1992 would end up
1274*2b15cb3dSCy Schubertin a file named
1275*2b15cb3dSCy Schubert<kbd>prefix</kbd>
1276*2b15cb3dSCy Schubert<kbd>filename</kbd>.19921210.
1277*2b15cb3dSCy Schubert<br><dt><code>week</code><dd>Any file set member contains data related to a certain week of
1278*2b15cb3dSCy Schuberta year.
1279*2b15cb3dSCy SchubertThe term week is defined by computing day-of-year
1280*2b15cb3dSCy Schubertmodulo 7.
1281*2b15cb3dSCy SchubertElements of such a file generation set are
1282*2b15cb3dSCy Schubertdistinguished by appending the following suffix to the file set
1283*2b15cb3dSCy Schubertfilename base: A dot, a 4-digit year number, the letter
1284*2b15cb3dSCy Schubert<code>W</code>,
1285*2b15cb3dSCy Schubertand a 2-digit week number.
1286*2b15cb3dSCy SchubertFor example, information from January,
1287*2b15cb3dSCy Schubert10th 1992 would end up in a file with suffix
1288*2b15cb3dSCy Schubert.No . Ns Ar 1992W1 .
1289*2b15cb3dSCy Schubert<br><dt><code>month</code><dd>One generation file set element is generated per month.
1290*2b15cb3dSCy SchubertThe
1291*2b15cb3dSCy Schubertfile name suffix consists of a dot, a 4-digit year number, and
1292*2b15cb3dSCy Schuberta 2-digit month.
1293*2b15cb3dSCy Schubert<br><dt><code>year</code><dd>One generation file element is generated per year.
1294*2b15cb3dSCy SchubertThe filename
1295*2b15cb3dSCy Schubertsuffix consists of a dot and a 4 digit year number.
1296*2b15cb3dSCy Schubert<br><dt><code>age</code><dd>This type of file generation sets changes to a new element of
1297*2b15cb3dSCy Schubertthe file set every 24 hours of server operation.
1298*2b15cb3dSCy SchubertThe filename
1299*2b15cb3dSCy Schubertsuffix consists of a dot, the letter
1300*2b15cb3dSCy Schubert<code>a</code>,
1301*2b15cb3dSCy Schubertand an 8-digit number.
1302*2b15cb3dSCy SchubertThis number is taken to be the number of seconds the server is
1303*2b15cb3dSCy Schubertrunning at the start of the corresponding 24-hour period.
1304*2b15cb3dSCy SchubertInformation is only written to a file generation by specifying
1305*2b15cb3dSCy Schubert<code>enable</code>;
1306*2b15cb3dSCy Schubertoutput is prevented by specifying
1307*2b15cb3dSCy Schubert<code>disable</code>.
1308*2b15cb3dSCy Schubert</dl>
1309*2b15cb3dSCy Schubert               <br><dt><code>link</code> | <code>nolink</code><dd>It is convenient to be able to access the current element of a file
1310*2b15cb3dSCy Schubertgeneration set by a fixed name.
1311*2b15cb3dSCy SchubertThis feature is enabled by
1312*2b15cb3dSCy Schubertspecifying
1313*2b15cb3dSCy Schubert<code>link</code>
1314*2b15cb3dSCy Schubertand disabled using
1315*2b15cb3dSCy Schubert<code>nolink</code>.
1316*2b15cb3dSCy SchubertIf link is specified, a
1317*2b15cb3dSCy Schuberthard link from the current file set element to a file without
1318*2b15cb3dSCy Schubertsuffix is created.
1319*2b15cb3dSCy SchubertWhen there is already a file with this name and
1320*2b15cb3dSCy Schubertthe number of links of this file is one, it is renamed appending a
1321*2b15cb3dSCy Schubertdot, the letter
1322*2b15cb3dSCy Schubert<code>C</code>,
1323*2b15cb3dSCy Schubertand the pid of the ntpd server process.
1324*2b15cb3dSCy SchubertWhen the
1325*2b15cb3dSCy Schubertnumber of links is greater than one, the file is unlinked.
1326*2b15cb3dSCy SchubertThis
1327*2b15cb3dSCy Schubertallows the current file to be accessed by a constant name.
1328*2b15cb3dSCy Schubert<br><dt><code>enable</code> <code>|</code> <code>disable</code><dd>Enables or disables the recording function.
1329*2b15cb3dSCy Schubert</dl>
1330*2b15cb3dSCy Schubert          </dl>
1331*2b15cb3dSCy Schubert     </dl>
1332*2b15cb3dSCy Schubert<div class="node">
1333*2b15cb3dSCy Schubert<p><hr>
1334*2b15cb3dSCy Schubert<a name="Access-Control-Support"></a>
1335*2b15cb3dSCy Schubert<br>
1336*2b15cb3dSCy Schubert</div>
1337*2b15cb3dSCy Schubert
1338*2b15cb3dSCy Schubert<h4 class="subsection">Access Control Support</h4>
1339*2b15cb3dSCy Schubert
1340*2b15cb3dSCy Schubert<p>The
1341*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1342*2b15cb3dSCy Schubertdaemon implements a general purpose address/mask based restriction
1343*2b15cb3dSCy Schubertlist.
1344*2b15cb3dSCy SchubertThe list contains address/match entries sorted first
1345*2b15cb3dSCy Schubertby increasing address values and and then by increasing mask values.
1346*2b15cb3dSCy SchubertA match occurs when the bitwise AND of the mask and the packet
1347*2b15cb3dSCy Schubertsource address is equal to the bitwise AND of the mask and
1348*2b15cb3dSCy Schubertaddress in the list.
1349*2b15cb3dSCy SchubertThe list is searched in order with the
1350*2b15cb3dSCy Schubertlast match found defining the restriction flags associated
1351*2b15cb3dSCy Schubertwith the entry.
1352*2b15cb3dSCy SchubertAdditional information and examples can be found in the
1353*2b15cb3dSCy Schubert"Notes on Configuring NTP and Setting up a NTP Subnet"
1354*2b15cb3dSCy Schubertpage
1355*2b15cb3dSCy Schubert(available as part of the HTML documentation
1356*2b15cb3dSCy Schubertprovided in
1357*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
1358*2b15cb3dSCy Schubert
1359*2b15cb3dSCy Schubert  <p>The restriction facility was implemented in conformance
1360*2b15cb3dSCy Schubertwith the access policies for the original NSFnet backbone
1361*2b15cb3dSCy Schuberttime servers.
1362*2b15cb3dSCy SchubertLater the facility was expanded to deflect
1363*2b15cb3dSCy Schubertcryptographic and clogging attacks.
1364*2b15cb3dSCy SchubertWhile this facility may
1365*2b15cb3dSCy Schubertbe useful for keeping unwanted or broken or malicious clients
1366*2b15cb3dSCy Schubertfrom congesting innocent servers, it should not be considered
1367*2b15cb3dSCy Schubertan alternative to the NTP authentication facilities.
1368*2b15cb3dSCy SchubertSource address based restrictions are easily circumvented
1369*2b15cb3dSCy Schubertby a determined cracker.
1370*2b15cb3dSCy Schubert
1371*2b15cb3dSCy Schubert  <p>Clients can be denied service because they are explicitly
1372*2b15cb3dSCy Schubertincluded in the restrict list created by the restrict command
1373*2b15cb3dSCy Schubertor implicitly as the result of cryptographic or rate limit
1374*2b15cb3dSCy Schubertviolations.
1375*2b15cb3dSCy SchubertCryptographic violations include certificate
1376*2b15cb3dSCy Schubertor identity verification failure; rate limit violations generally
1377*2b15cb3dSCy Schubertresult from defective NTP implementations that send packets
1378*2b15cb3dSCy Schubertat abusive rates.
1379*2b15cb3dSCy SchubertSome violations cause denied service
1380*2b15cb3dSCy Schubertonly for the offending packet, others cause denied service
1381*2b15cb3dSCy Schubertfor a timed period and others cause the denied service for
1382*2b15cb3dSCy Schubertan indefinate period.
1383*2b15cb3dSCy SchubertWhen a client or network is denied access
1384*2b15cb3dSCy Schubertfor an indefinate period, the only way at present to remove
1385*2b15cb3dSCy Schubertthe restrictions is by restarting the server.
1386*2b15cb3dSCy Schubert
1387*2b15cb3dSCy Schubert<h5 class="subsubsection">The Kiss-of-Death Packet</h5>
1388*2b15cb3dSCy Schubert
1389*2b15cb3dSCy Schubert<p>Ordinarily, packets denied service are simply dropped with no
1390*2b15cb3dSCy Schubertfurther action except incrementing statistics counters.
1391*2b15cb3dSCy SchubertSometimes a
1392*2b15cb3dSCy Schubertmore proactive response is needed, such as a server message that
1393*2b15cb3dSCy Schubertexplicitly requests the client to stop sending and leave a message
1394*2b15cb3dSCy Schubertfor the system operator.
1395*2b15cb3dSCy SchubertA special packet format has been created
1396*2b15cb3dSCy Schubertfor this purpose called the "kiss-of-death" (KoD) packet.
1397*2b15cb3dSCy SchubertKoD packets have the leap bits set unsynchronized and stratum set
1398*2b15cb3dSCy Schubertto zero and the reference identifier field set to a four-byte
1399*2b15cb3dSCy SchubertASCII code.
1400*2b15cb3dSCy SchubertIf the
1401*2b15cb3dSCy Schubert<code>noserve</code>
1402*2b15cb3dSCy Schubertor
1403*2b15cb3dSCy Schubert<code>notrust</code>
1404*2b15cb3dSCy Schubertflag of the matching restrict list entry is set,
1405*2b15cb3dSCy Schubertthe code is "DENY"; if the
1406*2b15cb3dSCy Schubert<code>limited</code>
1407*2b15cb3dSCy Schubertflag is set and the rate limit
1408*2b15cb3dSCy Schubertis exceeded, the code is "RATE".
1409*2b15cb3dSCy SchubertFinally, if a cryptographic violation occurs, the code is "CRYP".
1410*2b15cb3dSCy Schubert
1411*2b15cb3dSCy Schubert  <p>A client receiving a KoD performs a set of sanity checks to
1412*2b15cb3dSCy Schubertminimize security exposure, then updates the stratum and
1413*2b15cb3dSCy Schubertreference identifier peer variables, sets the access
1414*2b15cb3dSCy Schubertdenied (TEST4) bit in the peer flash variable and sends
1415*2b15cb3dSCy Schuberta message to the log.
1416*2b15cb3dSCy SchubertAs long as the TEST4 bit is set,
1417*2b15cb3dSCy Schubertthe client will send no further packets to the server.
1418*2b15cb3dSCy SchubertThe only way at present to recover from this condition is
1419*2b15cb3dSCy Schubertto restart the protocol at both the client and server.
1420*2b15cb3dSCy SchubertThis
1421*2b15cb3dSCy Schuberthappens automatically at the client when the association times out.
1422*2b15cb3dSCy SchubertIt will happen at the server only if the server operator cooperates.
1423*2b15cb3dSCy Schubert
1424*2b15cb3dSCy Schubert<h5 class="subsubsection">Access Control Commands</h5>
1425*2b15cb3dSCy Schubert
1426*2b15cb3dSCy Schubert     <dl>
1427*2b15cb3dSCy Schubert<dt><code>discard</code> <code>[average </code><kbd>avg</kbd><code>]</code> <code>[minimum </code><kbd>min</kbd><code>]</code> <code>[monitor </code><kbd>prob</kbd><code>]</code><dd>Set the parameters of the
1428*2b15cb3dSCy Schubert<code>limited</code>
1429*2b15cb3dSCy Schubertfacility which protects the server from
1430*2b15cb3dSCy Schubertclient abuse.
1431*2b15cb3dSCy SchubertThe
1432*2b15cb3dSCy Schubert<code>average</code>
1433*2b15cb3dSCy Schubertsubcommand specifies the minimum average packet
1434*2b15cb3dSCy Schubertspacing, while the
1435*2b15cb3dSCy Schubert<code>minimum</code>
1436*2b15cb3dSCy Schubertsubcommand specifies the minimum packet spacing.
1437*2b15cb3dSCy SchubertPackets that violate these minima are discarded
1438*2b15cb3dSCy Schubertand a kiss-o'-death packet returned if enabled.
1439*2b15cb3dSCy SchubertThe default
1440*2b15cb3dSCy Schubertminimum average and minimum are 5 and 2, respectively.
1441*2b15cb3dSCy SchubertThe monitor subcommand specifies the probability of discard
1442*2b15cb3dSCy Schubertfor packets that overflow the rate-control window.
1443*2b15cb3dSCy Schubert<br><dt><code>restrict</code> <code>address</code> <code>[mask </code><kbd>mask</kbd><code>]</code> <code>[</code><kbd>flag</kbd> <kbd>...</kbd><code>]</code><dd>The
1444*2b15cb3dSCy Schubert<kbd>address</kbd>
1445*2b15cb3dSCy Schubertargument expressed in
1446*2b15cb3dSCy Schubertdotted-quad form is the address of a host or network.
1447*2b15cb3dSCy SchubertAlternatively, the
1448*2b15cb3dSCy Schubert<kbd>address</kbd>
1449*2b15cb3dSCy Schubertargument can be a valid host DNS name.
1450*2b15cb3dSCy SchubertThe
1451*2b15cb3dSCy Schubert<kbd>mask</kbd>
1452*2b15cb3dSCy Schubertargument expressed in dotted-quad form defaults to
1453*2b15cb3dSCy Schubert<code>255.255.255.255</code>,
1454*2b15cb3dSCy Schubertmeaning that the
1455*2b15cb3dSCy Schubert<kbd>address</kbd>
1456*2b15cb3dSCy Schubertis treated as the address of an individual host.
1457*2b15cb3dSCy SchubertA default entry (address
1458*2b15cb3dSCy Schubert<code>0.0.0.0</code>,
1459*2b15cb3dSCy Schubertmask
1460*2b15cb3dSCy Schubert<code>0.0.0.0</code>)
1461*2b15cb3dSCy Schubertis always included and is always the first entry in the list.
1462*2b15cb3dSCy SchubertNote that text string
1463*2b15cb3dSCy Schubert<code>default</code>,
1464*2b15cb3dSCy Schubertwith no mask option, may
1465*2b15cb3dSCy Schubertbe used to indicate the default entry.
1466*2b15cb3dSCy SchubertIn the current implementation,
1467*2b15cb3dSCy Schubert<code>flag</code>
1468*2b15cb3dSCy Schubertalways
1469*2b15cb3dSCy Schubertrestricts access, i.e., an entry with no flags indicates that free
1470*2b15cb3dSCy Schubertaccess to the server is to be given.
1471*2b15cb3dSCy SchubertThe flags are not orthogonal,
1472*2b15cb3dSCy Schubertin that more restrictive flags will often make less restrictive
1473*2b15cb3dSCy Schubertones redundant.
1474*2b15cb3dSCy SchubertThe flags can generally be classed into two
1475*2b15cb3dSCy Schubertcategories, those which restrict time service and those which
1476*2b15cb3dSCy Schubertrestrict informational queries and attempts to do run-time
1477*2b15cb3dSCy Schubertreconfiguration of the server.
1478*2b15cb3dSCy SchubertOne or more of the following flags
1479*2b15cb3dSCy Schubertmay be specified:
1480*2b15cb3dSCy Schubert          <dl>
1481*2b15cb3dSCy Schubert<dt><code>ignore</code><dd>Deny packets of all kinds, including
1482*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
1483*2b15cb3dSCy Schubertand
1484*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
1485*2b15cb3dSCy Schubertqueries.
1486*2b15cb3dSCy Schubert<br><dt><code>kod</code><dd>If this flag is set when an access violation occurs, a kiss-o'-death
1487*2b15cb3dSCy Schubert(KoD) packet is sent.
1488*2b15cb3dSCy SchubertKoD packets are rate limited to no more than one
1489*2b15cb3dSCy Schubertper second.
1490*2b15cb3dSCy SchubertIf another KoD packet occurs within one second after the
1491*2b15cb3dSCy Schubertlast one, the packet is dropped.
1492*2b15cb3dSCy Schubert<br><dt><code>limited</code><dd>Deny service if the packet spacing violates the lower limits specified
1493*2b15cb3dSCy Schubertin the discard command.
1494*2b15cb3dSCy SchubertA history of clients is kept using the
1495*2b15cb3dSCy Schubertmonitoring capability of
1496*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>.
1497*2b15cb3dSCy SchubertThus, monitoring is always active as
1498*2b15cb3dSCy Schubertlong as there is a restriction entry with the
1499*2b15cb3dSCy Schubert<code>limited</code>
1500*2b15cb3dSCy Schubertflag.
1501*2b15cb3dSCy Schubert<br><dt><code>lowpriotrap</code><dd>Declare traps set by matching hosts to be low priority.
1502*2b15cb3dSCy SchubertThe
1503*2b15cb3dSCy Schubertnumber of traps a server can maintain is limited (the current limit
1504*2b15cb3dSCy Schubertis 3).
1505*2b15cb3dSCy SchubertTraps are usually assigned on a first come, first served
1506*2b15cb3dSCy Schubertbasis, with later trap requestors being denied service.
1507*2b15cb3dSCy SchubertThis flag
1508*2b15cb3dSCy Schubertmodifies the assignment algorithm by allowing low priority traps to
1509*2b15cb3dSCy Schubertbe overridden by later requests for normal priority traps.
1510*2b15cb3dSCy Schubert<br><dt><code>nomodify</code><dd>Deny
1511*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
1512*2b15cb3dSCy Schubertand
1513*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
1514*2b15cb3dSCy Schubertqueries which attempt to modify the state of the
1515*2b15cb3dSCy Schubertserver (i.e., run time reconfiguration).
1516*2b15cb3dSCy SchubertQueries which return
1517*2b15cb3dSCy Schubertinformation are permitted.
1518*2b15cb3dSCy Schubert<br><dt><code>noquery</code><dd>Deny
1519*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
1520*2b15cb3dSCy Schubertand
1521*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
1522*2b15cb3dSCy Schubertqueries.
1523*2b15cb3dSCy SchubertTime service is not affected.
1524*2b15cb3dSCy Schubert<br><dt><code>nopeer</code><dd>Deny packets which would result in mobilizing a new association.
1525*2b15cb3dSCy SchubertThis
1526*2b15cb3dSCy Schubertincludes broadcast and symmetric active packets when a configured
1527*2b15cb3dSCy Schubertassociation does not exist.
1528*2b15cb3dSCy SchubertIt also includes
1529*2b15cb3dSCy Schubert<code>pool</code>
1530*2b15cb3dSCy Schubertassociations, so if you want to use servers from a
1531*2b15cb3dSCy Schubert<code>pool</code>
1532*2b15cb3dSCy Schubertdirective and also want to use
1533*2b15cb3dSCy Schubert<code>nopeer</code>
1534*2b15cb3dSCy Schubertby default, you'll want a
1535*2b15cb3dSCy Schubert<code>restrict source ...</code> <code>line</code> <code>as</code> <code>well</code> <code>that</code> <code>does</code>
1536*2b15cb3dSCy Schubert<br><dt>not<dd>include the
1537*2b15cb3dSCy Schubert<code>nopeer</code>
1538*2b15cb3dSCy Schubertdirective.
1539*2b15cb3dSCy Schubert<br><dt><code>noserve</code><dd>Deny all packets except
1540*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
1541*2b15cb3dSCy Schubertand
1542*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
1543*2b15cb3dSCy Schubertqueries.
1544*2b15cb3dSCy Schubert<br><dt><code>notrap</code><dd>Decline to provide mode 6 control message trap service to matching
1545*2b15cb3dSCy Schuberthosts.
1546*2b15cb3dSCy SchubertThe trap service is a subsystem of the ntpdq control message
1547*2b15cb3dSCy Schubertprotocol which is intended for use by remote event logging programs.
1548*2b15cb3dSCy Schubert<br><dt><code>notrust</code><dd>Deny service unless the packet is cryptographically authenticated.
1549*2b15cb3dSCy Schubert<br><dt><code>ntpport</code><dd>This is actually a match algorithm modifier, rather than a
1550*2b15cb3dSCy Schubertrestriction flag.
1551*2b15cb3dSCy SchubertIts presence causes the restriction entry to be
1552*2b15cb3dSCy Schubertmatched only if the source port in the packet is the standard NTP
1553*2b15cb3dSCy SchubertUDP port (123).
1554*2b15cb3dSCy SchubertBoth
1555*2b15cb3dSCy Schubert<code>ntpport</code>
1556*2b15cb3dSCy Schubertand
1557*2b15cb3dSCy Schubert<code>non-ntpport</code>
1558*2b15cb3dSCy Schubertmay
1559*2b15cb3dSCy Schubertbe specified.
1560*2b15cb3dSCy SchubertThe
1561*2b15cb3dSCy Schubert<code>ntpport</code>
1562*2b15cb3dSCy Schubertis considered more specific and
1563*2b15cb3dSCy Schubertis sorted later in the list.
1564*2b15cb3dSCy Schubert<br><dt><code>version</code><dd>Deny packets that do not match the current NTP version.
1565*2b15cb3dSCy Schubert</dl>
1566*2b15cb3dSCy Schubert
1567*2b15cb3dSCy Schubert     <p>Default restriction list entries with the flags ignore, interface,
1568*2b15cb3dSCy Schubertntpport, for each of the local host's interface addresses are
1569*2b15cb3dSCy Schubertinserted into the table at startup to prevent the server
1570*2b15cb3dSCy Schubertfrom attempting to synchronize to its own time.
1571*2b15cb3dSCy SchubertA default entry is also always present, though if it is
1572*2b15cb3dSCy Schubertotherwise unconfigured; no flags are associated
1573*2b15cb3dSCy Schubertwith the default entry (i.e., everything besides your own
1574*2b15cb3dSCy SchubertNTP server is unrestricted).
1575*2b15cb3dSCy Schubert</dl>
1576*2b15cb3dSCy Schubert<div class="node">
1577*2b15cb3dSCy Schubert<p><hr>
1578*2b15cb3dSCy Schubert<a name="Automatic-NTP-Configuration-Options"></a>
1579*2b15cb3dSCy Schubert<br>
1580*2b15cb3dSCy Schubert</div>
1581*2b15cb3dSCy Schubert
1582*2b15cb3dSCy Schubert<h4 class="subsection">Automatic NTP Configuration Options</h4>
1583*2b15cb3dSCy Schubert
1584*2b15cb3dSCy Schubert<h5 class="subsubsection">Manycasting</h5>
1585*2b15cb3dSCy Schubert
1586*2b15cb3dSCy Schubert<p>Manycasting is a automatic discovery and configuration paradigm
1587*2b15cb3dSCy Schubertnew to NTPv4.
1588*2b15cb3dSCy SchubertIt is intended as a means for a multicast client
1589*2b15cb3dSCy Schubertto troll the nearby network neighborhood to find cooperating
1590*2b15cb3dSCy Schubertmanycast servers, validate them using cryptographic means
1591*2b15cb3dSCy Schubertand evaluate their time values with respect to other servers
1592*2b15cb3dSCy Schubertthat might be lurking in the vicinity.
1593*2b15cb3dSCy SchubertThe intended result is that each manycast client mobilizes
1594*2b15cb3dSCy Schubertclient associations with some number of the "best"
1595*2b15cb3dSCy Schubertof the nearby manycast servers, yet automatically reconfigures
1596*2b15cb3dSCy Schubertto sustain this number of servers should one or another fail.
1597*2b15cb3dSCy Schubert
1598*2b15cb3dSCy Schubert  <p>Note that the manycasting paradigm does not coincide
1599*2b15cb3dSCy Schubertwith the anycast paradigm described in RFC-1546,
1600*2b15cb3dSCy Schubertwhich is designed to find a single server from a clique
1601*2b15cb3dSCy Schubertof servers providing the same service.
1602*2b15cb3dSCy SchubertThe manycast paradigm is designed to find a plurality
1603*2b15cb3dSCy Schubertof redundant servers satisfying defined optimality criteria.
1604*2b15cb3dSCy Schubert
1605*2b15cb3dSCy Schubert  <p>Manycasting can be used with either symmetric key
1606*2b15cb3dSCy Schubertor public key cryptography.
1607*2b15cb3dSCy SchubertThe public key infrastructure (PKI)
1608*2b15cb3dSCy Schubertoffers the best protection against compromised keys
1609*2b15cb3dSCy Schubertand is generally considered stronger, at least with relatively
1610*2b15cb3dSCy Schubertlarge key sizes.
1611*2b15cb3dSCy SchubertIt is implemented using the Autokey protocol and
1612*2b15cb3dSCy Schubertthe OpenSSL cryptographic library available from
1613*2b15cb3dSCy Schubert<code>http://www.openssl.org/</code>.
1614*2b15cb3dSCy SchubertThe library can also be used with other NTPv4 modes
1615*2b15cb3dSCy Schubertas well and is highly recommended, especially for broadcast modes.
1616*2b15cb3dSCy Schubert
1617*2b15cb3dSCy Schubert  <p>A persistent manycast client association is configured
1618*2b15cb3dSCy Schubertusing the manycastclient command, which is similar to the
1619*2b15cb3dSCy Schubertserver command but with a multicast (IPv4 class
1620*2b15cb3dSCy Schubert<code>D</code>
1621*2b15cb3dSCy Schubertor IPv6 prefix
1622*2b15cb3dSCy Schubert<code>FF</code>)
1623*2b15cb3dSCy Schubertgroup address.
1624*2b15cb3dSCy SchubertThe IANA has designated IPv4 address 224.1.1.1
1625*2b15cb3dSCy Schubertand IPv6 address FF05::101 (site local) for NTP.
1626*2b15cb3dSCy SchubertWhen more servers are needed, it broadcasts manycast
1627*2b15cb3dSCy Schubertclient messages to this address at the minimum feasible rate
1628*2b15cb3dSCy Schubertand minimum feasible time-to-live (TTL) hops, depending
1629*2b15cb3dSCy Schuberton how many servers have already been found.
1630*2b15cb3dSCy SchubertThere can be as many manycast client associations
1631*2b15cb3dSCy Schubertas different group address, each one serving as a template
1632*2b15cb3dSCy Schubertfor a future ephemeral unicast client/server association.
1633*2b15cb3dSCy Schubert
1634*2b15cb3dSCy Schubert  <p>Manycast servers configured with the
1635*2b15cb3dSCy Schubert<code>manycastserver</code>
1636*2b15cb3dSCy Schubertcommand listen on the specified group address for manycast
1637*2b15cb3dSCy Schubertclient messages.
1638*2b15cb3dSCy SchubertNote the distinction between manycast client,
1639*2b15cb3dSCy Schubertwhich actively broadcasts messages, and manycast server,
1640*2b15cb3dSCy Schubertwhich passively responds to them.
1641*2b15cb3dSCy SchubertIf a manycast server is
1642*2b15cb3dSCy Schubertin scope of the current TTL and is itself synchronized
1643*2b15cb3dSCy Schubertto a valid source and operating at a stratum level equal
1644*2b15cb3dSCy Schubertto or lower than the manycast client, it replies to the
1645*2b15cb3dSCy Schubertmanycast client message with an ordinary unicast server message.
1646*2b15cb3dSCy Schubert
1647*2b15cb3dSCy Schubert  <p>The manycast client receiving this message mobilizes
1648*2b15cb3dSCy Schubertan ephemeral client/server association according to the
1649*2b15cb3dSCy Schubertmatching manycast client template, but only if cryptographically
1650*2b15cb3dSCy Schubertauthenticated and the server stratum is less than or equal
1651*2b15cb3dSCy Schubertto the client stratum.
1652*2b15cb3dSCy SchubertAuthentication is explicitly required
1653*2b15cb3dSCy Schubertand either symmetric key or public key (Autokey) can be used.
1654*2b15cb3dSCy SchubertThen, the client polls the server at its unicast address
1655*2b15cb3dSCy Schubertin burst mode in order to reliably set the host clock
1656*2b15cb3dSCy Schubertand validate the source.
1657*2b15cb3dSCy SchubertThis normally results
1658*2b15cb3dSCy Schubertin a volley of eight client/server at 2-s intervals
1659*2b15cb3dSCy Schubertduring which both the synchronization and cryptographic
1660*2b15cb3dSCy Schubertprotocols run concurrently.
1661*2b15cb3dSCy SchubertFollowing the volley,
1662*2b15cb3dSCy Schubertthe client runs the NTP intersection and clustering
1663*2b15cb3dSCy Schubertalgorithms, which act to discard all but the "best"
1664*2b15cb3dSCy Schubertassociations according to stratum and synchronization
1665*2b15cb3dSCy Schubertdistance.
1666*2b15cb3dSCy SchubertThe surviving associations then continue
1667*2b15cb3dSCy Schubertin ordinary client/server mode.
1668*2b15cb3dSCy Schubert
1669*2b15cb3dSCy Schubert  <p>The manycast client polling strategy is designed to reduce
1670*2b15cb3dSCy Schubertas much as possible the volume of manycast client messages
1671*2b15cb3dSCy Schubertand the effects of implosion due to near-simultaneous
1672*2b15cb3dSCy Schubertarrival of manycast server messages.
1673*2b15cb3dSCy SchubertThe strategy is determined by the
1674*2b15cb3dSCy Schubert<code>manycastclient</code>,
1675*2b15cb3dSCy Schubert<code>tos</code>
1676*2b15cb3dSCy Schubertand
1677*2b15cb3dSCy Schubert<code>ttl</code>
1678*2b15cb3dSCy Schubertconfiguration commands.
1679*2b15cb3dSCy SchubertThe manycast poll interval is
1680*2b15cb3dSCy Schubertnormally eight times the system poll interval,
1681*2b15cb3dSCy Schubertwhich starts out at the
1682*2b15cb3dSCy Schubert<code>minpoll</code>
1683*2b15cb3dSCy Schubertvalue specified in the
1684*2b15cb3dSCy Schubert<code>manycastclient</code>,
1685*2b15cb3dSCy Schubertcommand and, under normal circumstances, increments to the
1686*2b15cb3dSCy Schubert<code>maxpolll</code>
1687*2b15cb3dSCy Schubertvalue specified in this command.
1688*2b15cb3dSCy SchubertInitially, the TTL is
1689*2b15cb3dSCy Schubertset at the minimum hops specified by the ttl command.
1690*2b15cb3dSCy SchubertAt each retransmission the TTL is increased until reaching
1691*2b15cb3dSCy Schubertthe maximum hops specified by this command or a sufficient
1692*2b15cb3dSCy Schubertnumber client associations have been found.
1693*2b15cb3dSCy SchubertFurther retransmissions use the same TTL.
1694*2b15cb3dSCy Schubert
1695*2b15cb3dSCy Schubert  <p>The quality and reliability of the suite of associations
1696*2b15cb3dSCy Schubertdiscovered by the manycast client is determined by the NTP
1697*2b15cb3dSCy Schubertmitigation algorithms and the
1698*2b15cb3dSCy Schubert<code>minclock</code>
1699*2b15cb3dSCy Schubertand
1700*2b15cb3dSCy Schubert<code>minsane</code>
1701*2b15cb3dSCy Schubertvalues specified in the
1702*2b15cb3dSCy Schubert<code>tos</code>
1703*2b15cb3dSCy Schubertconfiguration command.
1704*2b15cb3dSCy SchubertAt least
1705*2b15cb3dSCy Schubert<code>minsane</code>
1706*2b15cb3dSCy Schubertcandidate servers must be available and the mitigation
1707*2b15cb3dSCy Schubertalgorithms produce at least
1708*2b15cb3dSCy Schubert<code>minclock</code>
1709*2b15cb3dSCy Schubertsurvivors in order to synchronize the clock.
1710*2b15cb3dSCy SchubertByzantine agreement principles require at least four
1711*2b15cb3dSCy Schubertcandidates in order to correctly discard a single falseticker.
1712*2b15cb3dSCy SchubertFor legacy purposes,
1713*2b15cb3dSCy Schubert<code>minsane</code>
1714*2b15cb3dSCy Schubertdefaults to 1 and
1715*2b15cb3dSCy Schubert<code>minclock</code>
1716*2b15cb3dSCy Schubertdefaults to 3.
1717*2b15cb3dSCy SchubertFor manycast service
1718*2b15cb3dSCy Schubert<code>minsane</code>
1719*2b15cb3dSCy Schubertshould be explicitly set to 4, assuming at least that
1720*2b15cb3dSCy Schubertnumber of servers are available.
1721*2b15cb3dSCy Schubert
1722*2b15cb3dSCy Schubert  <p>If at least
1723*2b15cb3dSCy Schubert<code>minclock</code>
1724*2b15cb3dSCy Schubertservers are found, the manycast poll interval is immediately
1725*2b15cb3dSCy Schubertset to eight times
1726*2b15cb3dSCy Schubert<code>maxpoll</code>.
1727*2b15cb3dSCy SchubertIf less than
1728*2b15cb3dSCy Schubert<code>minclock</code>
1729*2b15cb3dSCy Schubertservers are found when the TTL has reached the maximum hops,
1730*2b15cb3dSCy Schubertthe manycast poll interval is doubled.
1731*2b15cb3dSCy SchubertFor each transmission
1732*2b15cb3dSCy Schubertafter that, the poll interval is doubled again until
1733*2b15cb3dSCy Schubertreaching the maximum of eight times
1734*2b15cb3dSCy Schubert<code>maxpoll</code>.
1735*2b15cb3dSCy SchubertFurther transmissions use the same poll interval and
1736*2b15cb3dSCy SchubertTTL values.
1737*2b15cb3dSCy SchubertNote that while all this is going on,
1738*2b15cb3dSCy Schuberteach client/server association found is operating normally
1739*2b15cb3dSCy Schubertit the system poll interval.
1740*2b15cb3dSCy Schubert
1741*2b15cb3dSCy Schubert  <p>Administratively scoped multicast boundaries are normally
1742*2b15cb3dSCy Schubertspecified by the network router configuration and,
1743*2b15cb3dSCy Schubertin the case of IPv6, the link/site scope prefix.
1744*2b15cb3dSCy SchubertBy default, the increment for TTL hops is 32 starting
1745*2b15cb3dSCy Schubertfrom 31; however, the
1746*2b15cb3dSCy Schubert<code>ttl</code>
1747*2b15cb3dSCy Schubertconfiguration command can be
1748*2b15cb3dSCy Schubertused to modify the values to match the scope rules.
1749*2b15cb3dSCy Schubert
1750*2b15cb3dSCy Schubert  <p>It is often useful to narrow the range of acceptable
1751*2b15cb3dSCy Schubertservers which can be found by manycast client associations.
1752*2b15cb3dSCy SchubertBecause manycast servers respond only when the client
1753*2b15cb3dSCy Schubertstratum is equal to or greater than the server stratum,
1754*2b15cb3dSCy Schubertprimary (stratum 1) servers fill find only primary servers
1755*2b15cb3dSCy Schubertin TTL range, which is probably the most common objective.
1756*2b15cb3dSCy SchubertHowever, unless configured otherwise, all manycast clients
1757*2b15cb3dSCy Schubertin TTL range will eventually find all primary servers
1758*2b15cb3dSCy Schubertin TTL range, which is probably not the most common
1759*2b15cb3dSCy Schubertobjective in large networks.
1760*2b15cb3dSCy SchubertThe
1761*2b15cb3dSCy Schubert<code>tos</code>
1762*2b15cb3dSCy Schubertcommand can be used to modify this behavior.
1763*2b15cb3dSCy SchubertServers with stratum below
1764*2b15cb3dSCy Schubert<code>floor</code>
1765*2b15cb3dSCy Schubertor above
1766*2b15cb3dSCy Schubert<code>ceiling</code>
1767*2b15cb3dSCy Schubertspecified in the
1768*2b15cb3dSCy Schubert<code>tos</code>
1769*2b15cb3dSCy Schubertcommand are strongly discouraged during the selection
1770*2b15cb3dSCy Schubertprocess; however, these servers may be temporally
1771*2b15cb3dSCy Schubertaccepted if the number of servers within TTL range is
1772*2b15cb3dSCy Schubertless than
1773*2b15cb3dSCy Schubert<code>minclock</code>.
1774*2b15cb3dSCy Schubert
1775*2b15cb3dSCy Schubert  <p>The above actions occur for each manycast client message,
1776*2b15cb3dSCy Schubertwhich repeats at the designated poll interval.
1777*2b15cb3dSCy SchubertHowever, once the ephemeral client association is mobilized,
1778*2b15cb3dSCy Schubertsubsequent manycast server replies are discarded,
1779*2b15cb3dSCy Schubertsince that would result in a duplicate association.
1780*2b15cb3dSCy SchubertIf during a poll interval the number of client associations
1781*2b15cb3dSCy Schubertfalls below
1782*2b15cb3dSCy Schubert<code>minclock</code>,
1783*2b15cb3dSCy Schubertall manycast client prototype associations are reset
1784*2b15cb3dSCy Schubertto the initial poll interval and TTL hops and operation
1785*2b15cb3dSCy Schubertresumes from the beginning.
1786*2b15cb3dSCy SchubertIt is important to avoid
1787*2b15cb3dSCy Schubertfrequent manycast client messages, since each one requires
1788*2b15cb3dSCy Schubertall manycast servers in TTL range to respond.
1789*2b15cb3dSCy SchubertThe result could well be an implosion, either minor or major,
1790*2b15cb3dSCy Schubertdepending on the number of servers in range.
1791*2b15cb3dSCy SchubertThe recommended value for
1792*2b15cb3dSCy Schubert<code>maxpoll</code>
1793*2b15cb3dSCy Schubertis 12 (4,096 s).
1794*2b15cb3dSCy Schubert
1795*2b15cb3dSCy Schubert  <p>It is possible and frequently useful to configure a host
1796*2b15cb3dSCy Schubertas both manycast client and manycast server.
1797*2b15cb3dSCy SchubertA number of hosts configured this way and sharing a common
1798*2b15cb3dSCy Schubertgroup address will automatically organize themselves
1799*2b15cb3dSCy Schubertin an optimum configuration based on stratum and
1800*2b15cb3dSCy Schubertsynchronization distance.
1801*2b15cb3dSCy SchubertFor example, consider an NTP
1802*2b15cb3dSCy Schubertsubnet of two primary servers and a hundred or more
1803*2b15cb3dSCy Schubertdependent clients.
1804*2b15cb3dSCy SchubertWith two exceptions, all servers
1805*2b15cb3dSCy Schubertand clients have identical configuration files including both
1806*2b15cb3dSCy Schubert<code>multicastclient</code>
1807*2b15cb3dSCy Schubertand
1808*2b15cb3dSCy Schubert<code>multicastserver</code>
1809*2b15cb3dSCy Schubertcommands using, for instance, multicast group address
1810*2b15cb3dSCy Schubert239.1.1.1.
1811*2b15cb3dSCy SchubertThe only exception is that each primary server
1812*2b15cb3dSCy Schubertconfiguration file must include commands for the primary
1813*2b15cb3dSCy Schubertreference source such as a GPS receiver.
1814*2b15cb3dSCy Schubert
1815*2b15cb3dSCy Schubert  <p>The remaining configuration files for all secondary
1816*2b15cb3dSCy Schubertservers and clients have the same contents, except for the
1817*2b15cb3dSCy Schubert<code>tos</code>
1818*2b15cb3dSCy Schubertcommand, which is specific for each stratum level.
1819*2b15cb3dSCy SchubertFor stratum 1 and stratum 2 servers, that command is
1820*2b15cb3dSCy Schubertnot necessary.
1821*2b15cb3dSCy SchubertFor stratum 3 and above servers the
1822*2b15cb3dSCy Schubert<code>floor</code>
1823*2b15cb3dSCy Schubertvalue is set to the intended stratum number.
1824*2b15cb3dSCy SchubertThus, all stratum 3 configuration files are identical,
1825*2b15cb3dSCy Schubertall stratum 4 files are identical and so forth.
1826*2b15cb3dSCy Schubert
1827*2b15cb3dSCy Schubert  <p>Once operations have stabilized in this scenario,
1828*2b15cb3dSCy Schubertthe primary servers will find the primary reference source
1829*2b15cb3dSCy Schubertand each other, since they both operate at the same
1830*2b15cb3dSCy Schubertstratum (1), but not with any secondary server or client,
1831*2b15cb3dSCy Schubertsince these operate at a higher stratum.
1832*2b15cb3dSCy SchubertThe secondary
1833*2b15cb3dSCy Schubertservers will find the servers at the same stratum level.
1834*2b15cb3dSCy SchubertIf one of the primary servers loses its GPS receiver,
1835*2b15cb3dSCy Schubertit will continue to operate as a client and other clients
1836*2b15cb3dSCy Schubertwill time out the corresponding association and
1837*2b15cb3dSCy Schubertre-associate accordingly.
1838*2b15cb3dSCy Schubert
1839*2b15cb3dSCy Schubert  <p>Some administrators prefer to avoid running
1840*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1841*2b15cb3dSCy Schubertcontinuously and run either
1842*2b15cb3dSCy Schubert<code>ntpdate(8)</code>
1843*2b15cb3dSCy Schubertor
1844*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1845*2b15cb3dSCy Schubert<code>-q</code>
1846*2b15cb3dSCy Schubertas a cron job.
1847*2b15cb3dSCy SchubertIn either case the servers must be
1848*2b15cb3dSCy Schubertconfigured in advance and the program fails if none are
1849*2b15cb3dSCy Schubertavailable when the cron job runs.
1850*2b15cb3dSCy SchubertA really slick
1851*2b15cb3dSCy Schubertapplication of manycast is with
1852*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
1853*2b15cb3dSCy Schubert<code>-q</code>.
1854*2b15cb3dSCy SchubertThe program wakes up, scans the local landscape looking
1855*2b15cb3dSCy Schubertfor the usual suspects, selects the best from among
1856*2b15cb3dSCy Schubertthe rascals, sets the clock and then departs.
1857*2b15cb3dSCy SchubertServers do not have to be configured in advance and
1858*2b15cb3dSCy Schubertall clients throughout the network can have the same
1859*2b15cb3dSCy Schubertconfiguration file.
1860*2b15cb3dSCy Schubert
1861*2b15cb3dSCy Schubert<h5 class="subsubsection">Manycast Interactions with Autokey</h5>
1862*2b15cb3dSCy Schubert
1863*2b15cb3dSCy Schubert<p>Each time a manycast client sends a client mode packet
1864*2b15cb3dSCy Schubertto a multicast group address, all manycast servers
1865*2b15cb3dSCy Schubertin scope generate a reply including the host name
1866*2b15cb3dSCy Schubertand status word.
1867*2b15cb3dSCy SchubertThe manycast clients then run
1868*2b15cb3dSCy Schubertthe Autokey protocol, which collects and verifies
1869*2b15cb3dSCy Schubertall certificates involved.
1870*2b15cb3dSCy SchubertFollowing the burst interval
1871*2b15cb3dSCy Schubertall but three survivors are cast off,
1872*2b15cb3dSCy Schubertbut the certificates remain in the local cache.
1873*2b15cb3dSCy SchubertIt often happens that several complete signing trails
1874*2b15cb3dSCy Schubertfrom the client to the primary servers are collected in this way.
1875*2b15cb3dSCy Schubert
1876*2b15cb3dSCy Schubert  <p>About once an hour or less often if the poll interval
1877*2b15cb3dSCy Schubertexceeds this, the client regenerates the Autokey key list.
1878*2b15cb3dSCy SchubertThis is in general transparent in client/server mode.
1879*2b15cb3dSCy SchubertHowever, about once per day the server private value
1880*2b15cb3dSCy Schubertused to generate cookies is refreshed along with all
1881*2b15cb3dSCy Schubertmanycast client associations.
1882*2b15cb3dSCy SchubertIn this case all
1883*2b15cb3dSCy Schubertcryptographic values including certificates is refreshed.
1884*2b15cb3dSCy SchubertIf a new certificate has been generated since
1885*2b15cb3dSCy Schubertthe last refresh epoch, it will automatically revoke
1886*2b15cb3dSCy Schubertall prior certificates that happen to be in the
1887*2b15cb3dSCy Schubertcertificate cache.
1888*2b15cb3dSCy SchubertAt the same time, the manycast
1889*2b15cb3dSCy Schubertscheme starts all over from the beginning and
1890*2b15cb3dSCy Schubertthe expanding ring shrinks to the minimum and increments
1891*2b15cb3dSCy Schubertfrom there while collecting all servers in scope.
1892*2b15cb3dSCy Schubert
1893*2b15cb3dSCy Schubert<h5 class="subsubsection">Manycast Options</h5>
1894*2b15cb3dSCy Schubert
1895*2b15cb3dSCy Schubert     <dl>
1896*2b15cb3dSCy Schubert<dt><code>tos</code> <code>[ceiling </code><kbd>ceiling</kbd><code> | cohort { 0 | 1 } | floor </code><kbd>floor</kbd><code> | minclock </code><kbd>minclock</kbd><code> | minsane </code><kbd>minsane</kbd><code>]</code><dd>This command affects the clock selection and clustering
1897*2b15cb3dSCy Schubertalgorithms.
1898*2b15cb3dSCy SchubertIt can be used to select the quality and
1899*2b15cb3dSCy Schubertquantity of peers used to synchronize the system clock
1900*2b15cb3dSCy Schubertand is most useful in manycast mode.
1901*2b15cb3dSCy SchubertThe variables operate
1902*2b15cb3dSCy Schubertas follows:
1903*2b15cb3dSCy Schubert          <dl>
1904*2b15cb3dSCy Schubert<dt><code>ceiling</code> <kbd>ceiling</kbd><dd>Peers with strata above
1905*2b15cb3dSCy Schubert<code>ceiling</code>
1906*2b15cb3dSCy Schubertwill be discarded if there are at least
1907*2b15cb3dSCy Schubert<code>minclock</code>
1908*2b15cb3dSCy Schubertpeers remaining.
1909*2b15cb3dSCy SchubertThis value defaults to 15, but can be changed
1910*2b15cb3dSCy Schubertto any number from 1 to 15.
1911*2b15cb3dSCy Schubert<br><dt><code>cohort</code> <code>{0 | 1}</code><dd>This is a binary flag which enables (0) or disables (1)
1912*2b15cb3dSCy Schubertmanycast server replies to manycast clients with the same
1913*2b15cb3dSCy Schubertstratum level.
1914*2b15cb3dSCy SchubertThis is useful to reduce implosions where
1915*2b15cb3dSCy Schubertlarge numbers of clients with the same stratum level
1916*2b15cb3dSCy Schubertare present.
1917*2b15cb3dSCy SchubertThe default is to enable these replies.
1918*2b15cb3dSCy Schubert<br><dt><code>floor</code> <kbd>floor</kbd><dd>Peers with strata below
1919*2b15cb3dSCy Schubert<code>floor</code>
1920*2b15cb3dSCy Schubertwill be discarded if there are at least
1921*2b15cb3dSCy Schubert<code>minclock</code>
1922*2b15cb3dSCy Schubertpeers remaining.
1923*2b15cb3dSCy SchubertThis value defaults to 1, but can be changed
1924*2b15cb3dSCy Schubertto any number from 1 to 15.
1925*2b15cb3dSCy Schubert<br><dt><code>minclock</code> <kbd>minclock</kbd><dd>The clustering algorithm repeatedly casts out outlyer
1926*2b15cb3dSCy Schubertassociations until no more than
1927*2b15cb3dSCy Schubert<code>minclock</code>
1928*2b15cb3dSCy Schubertassociations remain.
1929*2b15cb3dSCy SchubertThis value defaults to 3,
1930*2b15cb3dSCy Schubertbut can be changed to any number from 1 to the number of
1931*2b15cb3dSCy Schubertconfigured sources.
1932*2b15cb3dSCy Schubert<br><dt><code>minsane</code> <kbd>minsane</kbd><dd>This is the minimum number of candidates available
1933*2b15cb3dSCy Schubertto the clock selection algorithm in order to produce
1934*2b15cb3dSCy Schubertone or more truechimers for the clustering algorithm.
1935*2b15cb3dSCy SchubertIf fewer than this number are available, the clock is
1936*2b15cb3dSCy Schubertundisciplined and allowed to run free.
1937*2b15cb3dSCy SchubertThe default is 1
1938*2b15cb3dSCy Schubertfor legacy purposes.
1939*2b15cb3dSCy SchubertHowever, according to principles of
1940*2b15cb3dSCy SchubertByzantine agreement,
1941*2b15cb3dSCy Schubert<code>minsane</code>
1942*2b15cb3dSCy Schubertshould be at least 4 in order to detect and discard
1943*2b15cb3dSCy Schuberta single falseticker.
1944*2b15cb3dSCy Schubert</dl>
1945*2b15cb3dSCy Schubert     <br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing
1946*2b15cb3dSCy Schubertorder, up to 8 values can be specified.
1947*2b15cb3dSCy SchubertIn manycast mode these values are used in turn
1948*2b15cb3dSCy Schubertin an expanding-ring search.
1949*2b15cb3dSCy SchubertThe default is eight
1950*2b15cb3dSCy Schubertmultiples of 32 starting at 31.
1951*2b15cb3dSCy Schubert</dl>
1952*2b15cb3dSCy Schubert<div class="node">
1953*2b15cb3dSCy Schubert<p><hr>
1954*2b15cb3dSCy Schubert<a name="Reference-Clock-Support"></a>
1955*2b15cb3dSCy Schubert<br>
1956*2b15cb3dSCy Schubert</div>
1957*2b15cb3dSCy Schubert
1958*2b15cb3dSCy Schubert<h4 class="subsection">Reference Clock Support</h4>
1959*2b15cb3dSCy Schubert
1960*2b15cb3dSCy Schubert<p>The NTP Version 4 daemon supports some three dozen different radio,
1961*2b15cb3dSCy Schubertsatellite and modem reference clocks plus a special pseudo-clock
1962*2b15cb3dSCy Schubertused for backup or when no other clock source is available.
1963*2b15cb3dSCy SchubertDetailed descriptions of individual device drivers and options can
1964*2b15cb3dSCy Schubertbe found in the
1965*2b15cb3dSCy Schubert"Reference Clock Drivers"
1966*2b15cb3dSCy Schubertpage
1967*2b15cb3dSCy Schubert(available as part of the HTML documentation
1968*2b15cb3dSCy Schubertprovided in
1969*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
1970*2b15cb3dSCy SchubertAdditional information can be found in the pages linked
1971*2b15cb3dSCy Schubertthere, including the
1972*2b15cb3dSCy Schubert"Debugging Hints for Reference Clock Drivers"
1973*2b15cb3dSCy Schubertand
1974*2b15cb3dSCy Schubert"How To Write a Reference Clock Driver"
1975*2b15cb3dSCy Schubertpages
1976*2b15cb3dSCy Schubert(available as part of the HTML documentation
1977*2b15cb3dSCy Schubertprovided in
1978*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
1979*2b15cb3dSCy SchubertIn addition, support for a PPS
1980*2b15cb3dSCy Schubertsignal is available as described in the
1981*2b15cb3dSCy Schubert"Pulse-per-second (PPS) Signal Interfacing"
1982*2b15cb3dSCy Schubertpage
1983*2b15cb3dSCy Schubert(available as part of the HTML documentation
1984*2b15cb3dSCy Schubertprovided in
1985*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
1986*2b15cb3dSCy SchubertMany
1987*2b15cb3dSCy Schubertdrivers support special line discipline/streams modules which can
1988*2b15cb3dSCy Schubertsignificantly improve the accuracy using the driver.
1989*2b15cb3dSCy SchubertThese are
1990*2b15cb3dSCy Schubertdescribed in the
1991*2b15cb3dSCy Schubert"Line Disciplines and Streams Drivers"
1992*2b15cb3dSCy Schubertpage
1993*2b15cb3dSCy Schubert(available as part of the HTML documentation
1994*2b15cb3dSCy Schubertprovided in
1995*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
1996*2b15cb3dSCy Schubert
1997*2b15cb3dSCy Schubert  <p>A reference clock will generally (though not always) be a radio
1998*2b15cb3dSCy Schuberttimecode receiver which is synchronized to a source of standard
1999*2b15cb3dSCy Schuberttime such as the services offered by the NRC in Canada and NIST and
2000*2b15cb3dSCy SchubertUSNO in the US.
2001*2b15cb3dSCy SchubertThe interface between the computer and the timecode
2002*2b15cb3dSCy Schubertreceiver is device dependent, but is usually a serial port.
2003*2b15cb3dSCy SchubertA
2004*2b15cb3dSCy Schubertdevice driver specific to each reference clock must be selected and
2005*2b15cb3dSCy Schubertcompiled in the distribution; however, most common radio, satellite
2006*2b15cb3dSCy Schubertand modem clocks are included by default.
2007*2b15cb3dSCy SchubertNote that an attempt to
2008*2b15cb3dSCy Schubertconfigure a reference clock when the driver has not been compiled
2009*2b15cb3dSCy Schubertor the hardware port has not been appropriately configured results
2010*2b15cb3dSCy Schubertin a scalding remark to the system log file, but is otherwise non
2011*2b15cb3dSCy Schuberthazardous.
2012*2b15cb3dSCy Schubert
2013*2b15cb3dSCy Schubert  <p>For the purposes of configuration,
2014*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
2015*2b15cb3dSCy Schuberttreats
2016*2b15cb3dSCy Schubertreference clocks in a manner analogous to normal NTP peers as much
2017*2b15cb3dSCy Schubertas possible.
2018*2b15cb3dSCy SchubertReference clocks are identified by a syntactically
2019*2b15cb3dSCy Schubertcorrect but invalid IP address, in order to distinguish them from
2020*2b15cb3dSCy Schubertnormal NTP peers.
2021*2b15cb3dSCy SchubertReference clock addresses are of the form
2022*2b15cb3dSCy Schubert<code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd>,
2023*2b15cb3dSCy Schubertwhere
2024*2b15cb3dSCy Schubert<kbd>t</kbd>
2025*2b15cb3dSCy Schubertis an integer
2026*2b15cb3dSCy Schubertdenoting the clock type and
2027*2b15cb3dSCy Schubert<kbd>u</kbd>
2028*2b15cb3dSCy Schubertindicates the unit
2029*2b15cb3dSCy Schubertnumber in the range 0-3.
2030*2b15cb3dSCy SchubertWhile it may seem overkill, it is in fact
2031*2b15cb3dSCy Schubertsometimes useful to configure multiple reference clocks of the same
2032*2b15cb3dSCy Schuberttype, in which case the unit numbers must be unique.
2033*2b15cb3dSCy Schubert
2034*2b15cb3dSCy Schubert  <p>The
2035*2b15cb3dSCy Schubert<code>server</code>
2036*2b15cb3dSCy Schubertcommand is used to configure a reference
2037*2b15cb3dSCy Schubertclock, where the
2038*2b15cb3dSCy Schubert<kbd>address</kbd>
2039*2b15cb3dSCy Schubertargument in that command
2040*2b15cb3dSCy Schubertis the clock address.
2041*2b15cb3dSCy SchubertThe
2042*2b15cb3dSCy Schubert<code>key</code>,
2043*2b15cb3dSCy Schubert<code>version</code>
2044*2b15cb3dSCy Schubertand
2045*2b15cb3dSCy Schubert<code>ttl</code>
2046*2b15cb3dSCy Schubertoptions are not used for reference clock support.
2047*2b15cb3dSCy SchubertThe
2048*2b15cb3dSCy Schubert<code>mode</code>
2049*2b15cb3dSCy Schubertoption is added for reference clock support, as
2050*2b15cb3dSCy Schubertdescribed below.
2051*2b15cb3dSCy SchubertThe
2052*2b15cb3dSCy Schubert<code>prefer</code>
2053*2b15cb3dSCy Schubertoption can be useful to
2054*2b15cb3dSCy Schubertpersuade the server to cherish a reference clock with somewhat more
2055*2b15cb3dSCy Schubertenthusiasm than other reference clocks or peers.
2056*2b15cb3dSCy SchubertFurther
2057*2b15cb3dSCy Schubertinformation on this option can be found in the
2058*2b15cb3dSCy Schubert"Mitigation Rules and the prefer Keyword"
2059*2b15cb3dSCy Schubert(available as part of the HTML documentation
2060*2b15cb3dSCy Schubertprovided in
2061*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>)
2062*2b15cb3dSCy Schubertpage.
2063*2b15cb3dSCy SchubertThe
2064*2b15cb3dSCy Schubert<code>minpoll</code>
2065*2b15cb3dSCy Schubertand
2066*2b15cb3dSCy Schubert<code>maxpoll</code>
2067*2b15cb3dSCy Schubertoptions have
2068*2b15cb3dSCy Schubertmeaning only for selected clock drivers.
2069*2b15cb3dSCy SchubertSee the individual clock
2070*2b15cb3dSCy Schubertdriver document pages for additional information.
2071*2b15cb3dSCy Schubert
2072*2b15cb3dSCy Schubert  <p>The
2073*2b15cb3dSCy Schubert<code>fudge</code>
2074*2b15cb3dSCy Schubertcommand is used to provide additional
2075*2b15cb3dSCy Schubertinformation for individual clock drivers and normally follows
2076*2b15cb3dSCy Schubertimmediately after the
2077*2b15cb3dSCy Schubert<code>server</code>
2078*2b15cb3dSCy Schubertcommand.
2079*2b15cb3dSCy SchubertThe
2080*2b15cb3dSCy Schubert<kbd>address</kbd>
2081*2b15cb3dSCy Schubertargument specifies the clock address.
2082*2b15cb3dSCy SchubertThe
2083*2b15cb3dSCy Schubert<code>refid</code>
2084*2b15cb3dSCy Schubertand
2085*2b15cb3dSCy Schubert<code>stratum</code>
2086*2b15cb3dSCy Schubertoptions can be used to
2087*2b15cb3dSCy Schubertoverride the defaults for the device.
2088*2b15cb3dSCy SchubertThere are two optional
2089*2b15cb3dSCy Schubertdevice-dependent time offsets and four flags that can be included
2090*2b15cb3dSCy Schubertin the
2091*2b15cb3dSCy Schubert<code>fudge</code>
2092*2b15cb3dSCy Schubertcommand as well.
2093*2b15cb3dSCy Schubert
2094*2b15cb3dSCy Schubert  <p>The stratum number of a reference clock is by default zero.
2095*2b15cb3dSCy SchubertSince the
2096*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
2097*2b15cb3dSCy Schubertdaemon adds one to the stratum of each
2098*2b15cb3dSCy Schubertpeer, a primary server ordinarily displays an external stratum of
2099*2b15cb3dSCy Schubertone.
2100*2b15cb3dSCy SchubertIn order to provide engineered backups, it is often useful to
2101*2b15cb3dSCy Schubertspecify the reference clock stratum as greater than zero.
2102*2b15cb3dSCy SchubertThe
2103*2b15cb3dSCy Schubert<code>stratum</code>
2104*2b15cb3dSCy Schubertoption is used for this purpose.
2105*2b15cb3dSCy SchubertAlso, in cases
2106*2b15cb3dSCy Schubertinvolving both a reference clock and a pulse-per-second (PPS)
2107*2b15cb3dSCy Schubertdiscipline signal, it is useful to specify the reference clock
2108*2b15cb3dSCy Schubertidentifier as other than the default, depending on the driver.
2109*2b15cb3dSCy SchubertThe
2110*2b15cb3dSCy Schubert<code>refid</code>
2111*2b15cb3dSCy Schubertoption is used for this purpose.
2112*2b15cb3dSCy SchubertExcept where noted,
2113*2b15cb3dSCy Schubertthese options apply to all clock drivers.
2114*2b15cb3dSCy Schubert
2115*2b15cb3dSCy Schubert<h5 class="subsubsection">Reference Clock Commands</h5>
2116*2b15cb3dSCy Schubert
2117*2b15cb3dSCy Schubert     <dl>
2118*2b15cb3dSCy Schubert<dt><code>server</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[prefer]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[minpoll </code><kbd>int</kbd><code>]</code> <code>[maxpoll </code><kbd>int</kbd><code>]</code><dd>This command can be used to configure reference clocks in
2119*2b15cb3dSCy Schubertspecial ways.
2120*2b15cb3dSCy SchubertThe options are interpreted as follows:
2121*2b15cb3dSCy Schubert          <dl>
2122*2b15cb3dSCy Schubert<dt><code>prefer</code><dd>Marks the reference clock as preferred.
2123*2b15cb3dSCy SchubertAll other things being
2124*2b15cb3dSCy Schubertequal, this host will be chosen for synchronization among a set of
2125*2b15cb3dSCy Schubertcorrectly operating hosts.
2126*2b15cb3dSCy SchubertSee the
2127*2b15cb3dSCy Schubert"Mitigation Rules and the prefer Keyword"
2128*2b15cb3dSCy Schubertpage
2129*2b15cb3dSCy Schubert(available as part of the HTML documentation
2130*2b15cb3dSCy Schubertprovided in
2131*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>)
2132*2b15cb3dSCy Schubertfor further information.
2133*2b15cb3dSCy Schubert<br><dt><code>mode</code> <kbd>int</kbd><dd>Specifies a mode number which is interpreted in a
2134*2b15cb3dSCy Schubertdevice-specific fashion.
2135*2b15cb3dSCy SchubertFor instance, it selects a dialing
2136*2b15cb3dSCy Schubertprotocol in the ACTS driver and a device subtype in the
2137*2b15cb3dSCy Schubertparse
2138*2b15cb3dSCy Schubertdrivers.
2139*2b15cb3dSCy Schubert<br><dt><code>minpoll</code> <kbd>int</kbd><br><dt><code>maxpoll</code> <kbd>int</kbd><dd>These options specify the minimum and maximum polling interval
2140*2b15cb3dSCy Schubertfor reference clock messages, as a power of 2 in seconds
2141*2b15cb3dSCy SchubertFor
2142*2b15cb3dSCy Schubertmost directly connected reference clocks, both
2143*2b15cb3dSCy Schubert<code>minpoll</code>
2144*2b15cb3dSCy Schubertand
2145*2b15cb3dSCy Schubert<code>maxpoll</code>
2146*2b15cb3dSCy Schubertdefault to 6 (64 s).
2147*2b15cb3dSCy SchubertFor modem reference clocks,
2148*2b15cb3dSCy Schubert<code>minpoll</code>
2149*2b15cb3dSCy Schubertdefaults to 10 (17.1 m) and
2150*2b15cb3dSCy Schubert<code>maxpoll</code>
2151*2b15cb3dSCy Schubertdefaults to 14 (4.5 h).
2152*2b15cb3dSCy SchubertThe allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
2153*2b15cb3dSCy Schubert</dl>
2154*2b15cb3dSCy Schubert     <br><dt><code>fudge</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[time1 </code><kbd>sec</kbd><code>]</code> <code>[time2 </code><kbd>sec</kbd><code>]</code> <code>[stratum </code><kbd>int</kbd><code>]</code> <code>[refid </code><kbd>string</kbd><code>]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[flag1 0 | 1]</code> <code>[flag2 0 | 1]</code> <code>[flag3 0 | 1]</code> <code>[flag4 0 | 1]</code><dd>This command can be used to configure reference clocks in
2155*2b15cb3dSCy Schubertspecial ways.
2156*2b15cb3dSCy SchubertIt must immediately follow the
2157*2b15cb3dSCy Schubert<code>server</code>
2158*2b15cb3dSCy Schubertcommand which configures the driver.
2159*2b15cb3dSCy SchubertNote that the same capability
2160*2b15cb3dSCy Schubertis possible at run time using the
2161*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
2162*2b15cb3dSCy Schubertprogram.
2163*2b15cb3dSCy SchubertThe options are interpreted as
2164*2b15cb3dSCy Schubertfollows:
2165*2b15cb3dSCy Schubert          <dl>
2166*2b15cb3dSCy Schubert<dt><code>time1</code> <kbd>sec</kbd><dd>Specifies a constant to be added to the time offset produced by
2167*2b15cb3dSCy Schubertthe driver, a fixed-point decimal number in seconds.
2168*2b15cb3dSCy SchubertThis is used
2169*2b15cb3dSCy Schubertas a calibration constant to adjust the nominal time offset of a
2170*2b15cb3dSCy Schubertparticular clock to agree with an external standard, such as a
2171*2b15cb3dSCy Schubertprecision PPS signal.
2172*2b15cb3dSCy SchubertIt also provides a way to correct a
2173*2b15cb3dSCy Schubertsystematic error or bias due to serial port or operating system
2174*2b15cb3dSCy Schubertlatencies, different cable lengths or receiver internal delay.
2175*2b15cb3dSCy SchubertThe
2176*2b15cb3dSCy Schubertspecified offset is in addition to the propagation delay provided
2177*2b15cb3dSCy Schubertby other means, such as internal DIPswitches.
2178*2b15cb3dSCy SchubertWhere a calibration
2179*2b15cb3dSCy Schubertfor an individual system and driver is available, an approximate
2180*2b15cb3dSCy Schubertcorrection is noted in the driver documentation pages.
2181*2b15cb3dSCy SchubertNote: in order to facilitate calibration when more than one
2182*2b15cb3dSCy Schubertradio clock or PPS signal is supported, a special calibration
2183*2b15cb3dSCy Schubertfeature is available.
2184*2b15cb3dSCy SchubertIt takes the form of an argument to the
2185*2b15cb3dSCy Schubert<code>enable</code>
2186*2b15cb3dSCy Schubertcommand described in
2187*2b15cb3dSCy Schubert<a href="#Miscellaneous-Options">Miscellaneous Options</a>
2188*2b15cb3dSCy Schubertpage and operates as described in the
2189*2b15cb3dSCy Schubert"Reference Clock Drivers"
2190*2b15cb3dSCy Schubertpage
2191*2b15cb3dSCy Schubert(available as part of the HTML documentation
2192*2b15cb3dSCy Schubertprovided in
2193*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
2194*2b15cb3dSCy Schubert<br><dt><code>time2</code> <kbd>secs</kbd><dd>Specifies a fixed-point decimal number in seconds, which is
2195*2b15cb3dSCy Schubertinterpreted in a driver-dependent way.
2196*2b15cb3dSCy SchubertSee the descriptions of
2197*2b15cb3dSCy Schubertspecific drivers in the
2198*2b15cb3dSCy Schubert"Reference Clock Drivers"
2199*2b15cb3dSCy Schubertpage
2200*2b15cb3dSCy Schubert(available as part of the HTML documentation
2201*2b15cb3dSCy Schubertprovided in
2202*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>).
2203*2b15cb3dSCy Schubert<br><dt><code>stratum</code> <kbd>int</kbd><dd>Specifies the stratum number assigned to the driver, an integer
2204*2b15cb3dSCy Schubertbetween 0 and 15.
2205*2b15cb3dSCy SchubertThis number overrides the default stratum number
2206*2b15cb3dSCy Schubertordinarily assigned by the driver itself, usually zero.
2207*2b15cb3dSCy Schubert<br><dt><code>refid</code> <kbd>string</kbd><dd>Specifies an ASCII string of from one to four characters which
2208*2b15cb3dSCy Schubertdefines the reference identifier used by the driver.
2209*2b15cb3dSCy SchubertThis string
2210*2b15cb3dSCy Schubertoverrides the default identifier ordinarily assigned by the driver
2211*2b15cb3dSCy Schubertitself.
2212*2b15cb3dSCy Schubert<br><dt><code>mode</code> <kbd>int</kbd><dd>Specifies a mode number which is interpreted in a
2213*2b15cb3dSCy Schubertdevice-specific fashion.
2214*2b15cb3dSCy SchubertFor instance, it selects a dialing
2215*2b15cb3dSCy Schubertprotocol in the ACTS driver and a device subtype in the
2216*2b15cb3dSCy Schubertparse
2217*2b15cb3dSCy Schubertdrivers.
2218*2b15cb3dSCy Schubert<br><dt><code>flag1</code> <code>0</code> <code>|</code> <code>1</code><br><dt><code>flag2</code> <code>0</code> <code>|</code> <code>1</code><br><dt><code>flag3</code> <code>0</code> <code>|</code> <code>1</code><br><dt><code>flag4</code> <code>0</code> <code>|</code> <code>1</code><dd>These four flags are used for customizing the clock driver.
2219*2b15cb3dSCy SchubertThe
2220*2b15cb3dSCy Schubertinterpretation of these values, and whether they are used at all,
2221*2b15cb3dSCy Schubertis a function of the particular clock driver.
2222*2b15cb3dSCy SchubertHowever, by
2223*2b15cb3dSCy Schubertconvention
2224*2b15cb3dSCy Schubert<code>flag4</code>
2225*2b15cb3dSCy Schubertis used to enable recording monitoring
2226*2b15cb3dSCy Schubertdata to the
2227*2b15cb3dSCy Schubert<code>clockstats</code>
2228*2b15cb3dSCy Schubertfile configured with the
2229*2b15cb3dSCy Schubert<code>filegen</code>
2230*2b15cb3dSCy Schubertcommand.
2231*2b15cb3dSCy SchubertFurther information on the
2232*2b15cb3dSCy Schubert<code>filegen</code>
2233*2b15cb3dSCy Schubertcommand can be found in
2234*2b15cb3dSCy Schubert<a href="#Monitoring-Options">Monitoring Options</a>.
2235*2b15cb3dSCy Schubert</dl>
2236*2b15cb3dSCy Schubert     </dl>
2237*2b15cb3dSCy Schubert<div class="node">
2238*2b15cb3dSCy Schubert<p><hr>
2239*2b15cb3dSCy Schubert<a name="Miscellaneous-Options"></a>
2240*2b15cb3dSCy Schubert<br>
2241*2b15cb3dSCy Schubert</div>
2242*2b15cb3dSCy Schubert
2243*2b15cb3dSCy Schubert<h4 class="subsection">Miscellaneous Options</h4>
2244*2b15cb3dSCy Schubert
2245*2b15cb3dSCy Schubert     <dl>
2246*2b15cb3dSCy Schubert<dt><code>broadcastdelay</code> <kbd>seconds</kbd><dd>The broadcast and multicast modes require a special calibration
2247*2b15cb3dSCy Schubertto determine the network delay between the local and remote
2248*2b15cb3dSCy Schubertservers.
2249*2b15cb3dSCy SchubertOrdinarily, this is done automatically by the initial
2250*2b15cb3dSCy Schubertprotocol exchanges between the client and server.
2251*2b15cb3dSCy SchubertIn some cases,
2252*2b15cb3dSCy Schubertthe calibration procedure may fail due to network or server access
2253*2b15cb3dSCy Schubertcontrols, for example.
2254*2b15cb3dSCy SchubertThis command specifies the default delay to
2255*2b15cb3dSCy Schubertbe used under these circumstances.
2256*2b15cb3dSCy SchubertTypically (for Ethernet), a
2257*2b15cb3dSCy Schubertnumber between 0.003 and 0.007 seconds is appropriate.
2258*2b15cb3dSCy SchubertThe default
2259*2b15cb3dSCy Schubertwhen this command is not used is 0.004 seconds.
2260*2b15cb3dSCy Schubert<br><dt><code>calldelay</code> <kbd>delay</kbd><dd>This option controls the delay in seconds between the first and second
2261*2b15cb3dSCy Schubertpackets sent in burst or iburst mode to allow additional time for a modem
2262*2b15cb3dSCy Schubertor ISDN call to complete.
2263*2b15cb3dSCy Schubert<br><dt><code>driftfile</code> <kbd>driftfile</kbd><dd>This command specifies the complete path and name of the file used to
2264*2b15cb3dSCy Schubertrecord the frequency of the local clock oscillator.
2265*2b15cb3dSCy SchubertThis is the same
2266*2b15cb3dSCy Schubertoperation as the
2267*2b15cb3dSCy Schubert<code>-f</code>
2268*2b15cb3dSCy Schubertcommand line option.
2269*2b15cb3dSCy SchubertIf the file exists, it is read at
2270*2b15cb3dSCy Schubertstartup in order to set the initial frequency and then updated once per
2271*2b15cb3dSCy Schuberthour with the current frequency computed by the daemon.
2272*2b15cb3dSCy SchubertIf the file name is
2273*2b15cb3dSCy Schubertspecified, but the file itself does not exist, the starts with an initial
2274*2b15cb3dSCy Schubertfrequency of zero and creates the file when writing it for the first time.
2275*2b15cb3dSCy SchubertIf this command is not given, the daemon will always start with an initial
2276*2b15cb3dSCy Schubertfrequency of zero.
2277*2b15cb3dSCy Schubert
2278*2b15cb3dSCy Schubert     <p>The file format consists of a single line containing a single
2279*2b15cb3dSCy Schubertfloating point number, which records the frequency offset measured
2280*2b15cb3dSCy Schubertin parts-per-million (PPM).
2281*2b15cb3dSCy SchubertThe file is updated by first writing
2282*2b15cb3dSCy Schubertthe current drift value into a temporary file and then renaming
2283*2b15cb3dSCy Schubertthis file to replace the old version.
2284*2b15cb3dSCy SchubertThis implies that
2285*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
2286*2b15cb3dSCy Schubertmust have write permission for the directory the
2287*2b15cb3dSCy Schubertdrift file is located in, and that file system links, symbolic or
2288*2b15cb3dSCy Schubertotherwise, should be avoided.
2289*2b15cb3dSCy Schubert<br><dt><code>enable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><br><dt><code>disable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><dd>Provides a way to enable or disable various server options.
2290*2b15cb3dSCy SchubertFlags not mentioned are unaffected.
2291*2b15cb3dSCy SchubertNote that all of these flags
2292*2b15cb3dSCy Schubertcan be controlled remotely using the
2293*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
2294*2b15cb3dSCy Schubertutility program.
2295*2b15cb3dSCy Schubert          <dl>
2296*2b15cb3dSCy Schubert<dt><code>auth</code><dd>Enables the server to synchronize with unconfigured peers only if the
2297*2b15cb3dSCy Schubertpeer has been correctly authenticated using either public key or
2298*2b15cb3dSCy Schubertprivate key cryptography.
2299*2b15cb3dSCy SchubertThe default for this flag is
2300*2b15cb3dSCy Schubert<code>enable</code>.
2301*2b15cb3dSCy Schubert<br><dt><code>bclient</code><dd>Enables the server to listen for a message from a broadcast or
2302*2b15cb3dSCy Schubertmulticast server, as in the
2303*2b15cb3dSCy Schubert<code>multicastclient</code>
2304*2b15cb3dSCy Schubertcommand with default
2305*2b15cb3dSCy Schubertaddress.
2306*2b15cb3dSCy SchubertThe default for this flag is
2307*2b15cb3dSCy Schubert<code>disable</code>.
2308*2b15cb3dSCy Schubert<br><dt><code>calibrate</code><dd>Enables the calibrate feature for reference clocks.
2309*2b15cb3dSCy SchubertThe default for
2310*2b15cb3dSCy Schubertthis flag is
2311*2b15cb3dSCy Schubert<code>disable</code>.
2312*2b15cb3dSCy Schubert<br><dt><code>kernel</code><dd>Enables the kernel time discipline, if available.
2313*2b15cb3dSCy SchubertThe default for this
2314*2b15cb3dSCy Schubertflag is
2315*2b15cb3dSCy Schubert<code>enable</code>
2316*2b15cb3dSCy Schubertif support is available, otherwise
2317*2b15cb3dSCy Schubert<code>disable</code>.
2318*2b15cb3dSCy Schubert<br><dt><code>mode7</code><dd>Enables processing of NTP mode 7 implementation-specific requests
2319*2b15cb3dSCy Schubertwhich are used by the deprecated
2320*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
2321*2b15cb3dSCy Schubertprogram.
2322*2b15cb3dSCy SchubertThe default for this flag is disable.
2323*2b15cb3dSCy SchubertThis flag is excluded from runtime configuration using
2324*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>.
2325*2b15cb3dSCy SchubertThe
2326*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
2327*2b15cb3dSCy Schubertprogram provides the same capabilities as
2328*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
2329*2b15cb3dSCy Schubertusing standard mode 6 requests.
2330*2b15cb3dSCy Schubert<br><dt><code>monitor</code><dd>Enables the monitoring facility.
2331*2b15cb3dSCy SchubertSee the
2332*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>
2333*2b15cb3dSCy Schubertprogram
2334*2b15cb3dSCy Schubertand the
2335*2b15cb3dSCy Schubert<code>monlist</code>
2336*2b15cb3dSCy Schubertcommand or further information.
2337*2b15cb3dSCy SchubertThe
2338*2b15cb3dSCy Schubertdefault for this flag is
2339*2b15cb3dSCy Schubert<code>enable</code>.
2340*2b15cb3dSCy Schubert<br><dt><code>ntp</code><dd>Enables time and frequency discipline.
2341*2b15cb3dSCy SchubertIn effect, this switch opens and
2342*2b15cb3dSCy Schubertcloses the feedback loop, which is useful for testing.
2343*2b15cb3dSCy SchubertThe default for
2344*2b15cb3dSCy Schubertthis flag is
2345*2b15cb3dSCy Schubert<code>enable</code>.
2346*2b15cb3dSCy Schubert<br><dt><code>stats</code><dd>Enables the statistics facility.
2347*2b15cb3dSCy SchubertSee the
2348*2b15cb3dSCy Schubert<a href="#Monitoring-Options">Monitoring Options</a>
2349*2b15cb3dSCy Schubertsection for further information.
2350*2b15cb3dSCy SchubertThe default for this flag is
2351*2b15cb3dSCy Schubert<code>disable</code>.
2352*2b15cb3dSCy Schubert</dl>
2353*2b15cb3dSCy Schubert     <br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
2354*2b15cb3dSCy Schubertto be included from a separate file.
2355*2b15cb3dSCy SchubertInclude files may
2356*2b15cb3dSCy Schubertbe nested to a depth of five; upon reaching the end of any
2357*2b15cb3dSCy Schubertinclude file, command processing resumes in the previous
2358*2b15cb3dSCy Schubertconfiguration file.
2359*2b15cb3dSCy SchubertThis option is useful for sites that run
2360*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
2361*2b15cb3dSCy Schuberton multiple hosts, with (mostly) common options (e.g., a
2362*2b15cb3dSCy Schubertrestriction list).
2363*2b15cb3dSCy Schubert<br><dt><code>logconfig</code> <kbd>configkeyword</kbd><dd>This command controls the amount and type of output written to
2364*2b15cb3dSCy Schubertthe system
2365*2b15cb3dSCy Schubert<code>syslog(3)</code>
2366*2b15cb3dSCy Schubertfacility or the alternate
2367*2b15cb3dSCy Schubert<code>logfile</code>
2368*2b15cb3dSCy Schubertlog file.
2369*2b15cb3dSCy SchubertBy default, all output is turned on.
2370*2b15cb3dSCy SchubertAll
2371*2b15cb3dSCy Schubert<kbd>configkeyword</kbd>
2372*2b15cb3dSCy Schubertkeywords can be prefixed with
2373*2b15cb3dSCy Schubert=,
2374*2b15cb3dSCy Schubert+
2375*2b15cb3dSCy Schubertand
2376*2b15cb3dSCy Schubert-,
2377*2b15cb3dSCy Schubertwhere
2378*2b15cb3dSCy Schubert=
2379*2b15cb3dSCy Schubertsets the
2380*2b15cb3dSCy Schubert<code>syslog(3)</code>
2381*2b15cb3dSCy Schubertpriority mask,
2382*2b15cb3dSCy Schubert+
2383*2b15cb3dSCy Schubertadds and
2384*2b15cb3dSCy Schubert-
2385*2b15cb3dSCy Schubertremoves
2386*2b15cb3dSCy Schubertmessages.
2387*2b15cb3dSCy Schubert<code>syslog(3)</code>
2388*2b15cb3dSCy Schubertmessages can be controlled in four
2389*2b15cb3dSCy Schubertclasses
2390*2b15cb3dSCy Schubert(<code>clock</code>, <code>peer</code>, <code>sys</code> and <code>sync</code>).
2391*2b15cb3dSCy SchubertWithin these classes four types of messages can be
2392*2b15cb3dSCy Schubertcontrolled: informational messages
2393*2b15cb3dSCy Schubert(<code>info</code>),
2394*2b15cb3dSCy Schubertevent messages
2395*2b15cb3dSCy Schubert(<code>events</code>),
2396*2b15cb3dSCy Schubertstatistics messages
2397*2b15cb3dSCy Schubert(<code>statistics</code>)
2398*2b15cb3dSCy Schubertand
2399*2b15cb3dSCy Schubertstatus messages
2400*2b15cb3dSCy Schubert(<code>status</code>).
2401*2b15cb3dSCy Schubert
2402*2b15cb3dSCy Schubert     <p>Configuration keywords are formed by concatenating the message class with
2403*2b15cb3dSCy Schubertthe event class.
2404*2b15cb3dSCy SchubertThe
2405*2b15cb3dSCy Schubert<code>all</code>
2406*2b15cb3dSCy Schubertprefix can be used instead of a message class.
2407*2b15cb3dSCy SchubertA
2408*2b15cb3dSCy Schubertmessage class may also be followed by the
2409*2b15cb3dSCy Schubert<code>all</code>
2410*2b15cb3dSCy Schubertkeyword to enable/disable all
2411*2b15cb3dSCy Schubertmessages of the respective message class.Thus, a minimal log configuration
2412*2b15cb3dSCy Schubertcould look like this:
2413*2b15cb3dSCy Schubert<pre class="verbatim">
2414*2b15cb3dSCy Schubert     logconfig =syncstatus +sysevents
2415*2b15cb3dSCy Schubert</pre>
2416*2b15cb3dSCy Schubert
2417*2b15cb3dSCy Schubert     <p>This would just list the synchronizations state of
2418*2b15cb3dSCy Schubert<code>ntpd(1ntpdmdoc)</code>
2419*2b15cb3dSCy Schubertand the major system events.
2420*2b15cb3dSCy SchubertFor a simple reference server, the
2421*2b15cb3dSCy Schubertfollowing minimum message configuration could be useful:
2422*2b15cb3dSCy Schubert<pre class="verbatim">
2423*2b15cb3dSCy Schubert     logconfig =syncall +clockall
2424*2b15cb3dSCy Schubert</pre>
2425*2b15cb3dSCy Schubert
2426*2b15cb3dSCy Schubert     <p>This configuration will list all clock information and
2427*2b15cb3dSCy Schubertsynchronization information.
2428*2b15cb3dSCy SchubertAll other events and messages about
2429*2b15cb3dSCy Schubertpeers, system events and so on is suppressed.
2430*2b15cb3dSCy Schubert<br><dt><code>logfile</code> <kbd>logfile</kbd><dd>This command specifies the location of an alternate log file to
2431*2b15cb3dSCy Schubertbe used instead of the default system
2432*2b15cb3dSCy Schubert<code>syslog(3)</code>
2433*2b15cb3dSCy Schubertfacility.
2434*2b15cb3dSCy SchubertThis is the same operation as the -l command line option.
2435*2b15cb3dSCy Schubert<br><dt><code>setvar</code> <kbd>variable</kbd> <code>[default]</code><dd>This command adds an additional system variable.
2436*2b15cb3dSCy SchubertThese
2437*2b15cb3dSCy Schubertvariables can be used to distribute additional information such as
2438*2b15cb3dSCy Schubertthe access policy.
2439*2b15cb3dSCy SchubertIf the variable of the form
2440*2b15cb3dSCy Schubert<code>name</code><code>=</code><kbd>value</kbd>
2441*2b15cb3dSCy Schubertis followed by the
2442*2b15cb3dSCy Schubert<code>default</code>
2443*2b15cb3dSCy Schubertkeyword, the
2444*2b15cb3dSCy Schubertvariable will be listed as part of the default system variables
2445*2b15cb3dSCy Schubert(<code>rv</code> command)).
2446*2b15cb3dSCy SchubertThese additional variables serve
2447*2b15cb3dSCy Schubertinformational purposes only.
2448*2b15cb3dSCy SchubertThey are not related to the protocol
2449*2b15cb3dSCy Schubertother that they can be listed.
2450*2b15cb3dSCy SchubertThe known protocol variables will
2451*2b15cb3dSCy Schubertalways override any variables defined via the
2452*2b15cb3dSCy Schubert<code>setvar</code>
2453*2b15cb3dSCy Schubertmechanism.
2454*2b15cb3dSCy SchubertThere are three special variables that contain the names
2455*2b15cb3dSCy Schubertof all variable of the same group.
2456*2b15cb3dSCy SchubertThe
2457*2b15cb3dSCy Schubert<code>sys_var_list</code>
2458*2b15cb3dSCy Schubertholds
2459*2b15cb3dSCy Schubertthe names of all system variables.
2460*2b15cb3dSCy SchubertThe
2461*2b15cb3dSCy Schubert<code>peer_var_list</code>
2462*2b15cb3dSCy Schubertholds
2463*2b15cb3dSCy Schubertthe names of all peer variables and the
2464*2b15cb3dSCy Schubert<code>clock_var_list</code>
2465*2b15cb3dSCy Schubertholds the names of the reference clock variables.
2466*2b15cb3dSCy Schubert<br><dt><code>tinker</code> <code>[allan </code><kbd>allan</kbd><code> | dispersion </code><kbd>dispersion</kbd><code> | freq </code><kbd>freq</kbd><code> | huffpuff </code><kbd>huffpuff</kbd><code> | panic </code><kbd>panic</kbd><code> | step </code><kbd>srep</kbd><code> | stepout </code><kbd>stepout</kbd><code>]</code><dd>This command can be used to alter several system variables in
2467*2b15cb3dSCy Schubertvery exceptional circumstances.
2468*2b15cb3dSCy SchubertIt should occur in the
2469*2b15cb3dSCy Schubertconfiguration file before any other configuration options.
2470*2b15cb3dSCy SchubertThe
2471*2b15cb3dSCy Schubertdefault values of these variables have been carefully optimized for
2472*2b15cb3dSCy Schuberta wide range of network speeds and reliability expectations.
2473*2b15cb3dSCy SchubertIn
2474*2b15cb3dSCy Schubertgeneral, they interact in intricate ways that are hard to predict
2475*2b15cb3dSCy Schubertand some combinations can result in some very nasty behavior.
2476*2b15cb3dSCy SchubertVery
2477*2b15cb3dSCy Schubertrarely is it necessary to change the default values; but, some
2478*2b15cb3dSCy Schubertfolks cannot resist twisting the knobs anyway and this command is
2479*2b15cb3dSCy Schubertfor them.
2480*2b15cb3dSCy SchubertEmphasis added: twisters are on their own and can expect
2481*2b15cb3dSCy Schubertno help from the support group.
2482*2b15cb3dSCy Schubert
2483*2b15cb3dSCy Schubert     <p>The variables operate as follows:
2484*2b15cb3dSCy Schubert          <dl>
2485*2b15cb3dSCy Schubert<dt><code>allan</code> <kbd>allan</kbd><dd>The argument becomes the new value for the minimum Allan
2486*2b15cb3dSCy Schubertintercept, which is a parameter of the PLL/FLL clock discipline
2487*2b15cb3dSCy Schubertalgorithm.
2488*2b15cb3dSCy SchubertThe value in log2 seconds defaults to 7 (1024 s), which is also the lower
2489*2b15cb3dSCy Schubertlimit.
2490*2b15cb3dSCy Schubert<br><dt><code>dispersion</code> <kbd>dispersion</kbd><dd>The argument becomes the new value for the dispersion increase rate,
2491*2b15cb3dSCy Schubertnormally .000015 s/s.
2492*2b15cb3dSCy Schubert<br><dt><code>freq</code> <kbd>freq</kbd><dd>The argument becomes the initial value of the frequency offset in
2493*2b15cb3dSCy Schubertparts-per-million.
2494*2b15cb3dSCy SchubertThis overrides the value in the frequency file, if
2495*2b15cb3dSCy Schubertpresent, and avoids the initial training state if it is not.
2496*2b15cb3dSCy Schubert<br><dt><code>huffpuff</code> <kbd>huffpuff</kbd><dd>The argument becomes the new value for the experimental
2497*2b15cb3dSCy Schuberthuff-n'-puff filter span, which determines the most recent interval
2498*2b15cb3dSCy Schubertthe algorithm will search for a minimum delay.
2499*2b15cb3dSCy SchubertThe lower limit is
2500*2b15cb3dSCy Schubert900 s (15 m), but a more reasonable value is 7200 (2 hours).
2501*2b15cb3dSCy SchubertThere
2502*2b15cb3dSCy Schubertis no default, since the filter is not enabled unless this command
2503*2b15cb3dSCy Schubertis given.
2504*2b15cb3dSCy Schubert<br><dt><code>panic</code> <kbd>panic</kbd><dd>The argument is the panic threshold, normally 1000 s.
2505*2b15cb3dSCy SchubertIf set to zero,
2506*2b15cb3dSCy Schubertthe panic sanity check is disabled and a clock offset of any value will
2507*2b15cb3dSCy Schubertbe accepted.
2508*2b15cb3dSCy Schubert<br><dt><code>step</code> <kbd>step</kbd><dd>The argument is the step threshold, which by default is 0.128 s.
2509*2b15cb3dSCy SchubertIt can
2510*2b15cb3dSCy Schubertbe set to any positive number in seconds.
2511*2b15cb3dSCy SchubertIf set to zero, step
2512*2b15cb3dSCy Schubertadjustments will never occur.
2513*2b15cb3dSCy SchubertNote: The kernel time discipline is
2514*2b15cb3dSCy Schubertdisabled if the step threshold is set to zero or greater than the
2515*2b15cb3dSCy Schubertdefault.
2516*2b15cb3dSCy Schubert<br><dt><code>stepout</code> <kbd>stepout</kbd><dd>The argument is the stepout timeout, which by default is 900 s.
2517*2b15cb3dSCy SchubertIt can
2518*2b15cb3dSCy Schubertbe set to any positive number in seconds.
2519*2b15cb3dSCy SchubertIf set to zero, the stepout
2520*2b15cb3dSCy Schubertpulses will not be suppressed.
2521*2b15cb3dSCy Schubert</dl>
2522*2b15cb3dSCy Schubert     <br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
2523*2b15cb3dSCy Schubert          <dl>
2524*2b15cb3dSCy Schubert<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that can be allocated.
2525*2b15cb3dSCy SchubertProbably only available under Linux, this option is useful
2526*2b15cb3dSCy Schubertwhen dropping root (the
2527*2b15cb3dSCy Schubert<code>-i</code>
2528*2b15cb3dSCy Schubertoption).
2529*2b15cb3dSCy SchubertThe default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
2530*2b15cb3dSCy Schubert<br><dt><code>stacksize</code> <kbd>N4kPages</kbd><dd>Specifies the maximum size of the process stack on systems with the
2531*2b15cb3dSCy Schubert<br><dt><code>filenum</code> <kbd>Nfiledescriptors</kbd><dd>Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
2532*2b15cb3dSCy Schubert<code>mlockall()</code>
2533*2b15cb3dSCy Schubertfunction.
2534*2b15cb3dSCy SchubertDefaults to 50 4k pages (200 4k pages in OpenBSD).
2535*2b15cb3dSCy Schubert</dl>
2536*2b15cb3dSCy Schubert     <br><dt><code>trap</code> <kbd>host_address</kbd> <code>[port </code><kbd>port_number</kbd><code>]</code> <code>[interface </code><kbd>interface_address</kbd><code>]</code><dd>This command configures a trap receiver at the given host
2537*2b15cb3dSCy Schubertaddress and port number for sending messages with the specified
2538*2b15cb3dSCy Schubertlocal interface address.
2539*2b15cb3dSCy SchubertIf the port number is unspecified, a value
2540*2b15cb3dSCy Schubertof 18447 is used.
2541*2b15cb3dSCy SchubertIf the interface address is not specified, the
2542*2b15cb3dSCy Schubertmessage is sent with a source address of the local interface the
2543*2b15cb3dSCy Schubertmessage is sent through.
2544*2b15cb3dSCy SchubertNote that on a multihomed host the
2545*2b15cb3dSCy Schubertinterface used may vary from time to time with routing changes.
2546*2b15cb3dSCy Schubert
2547*2b15cb3dSCy Schubert     <p>The trap receiver will generally log event messages and other
2548*2b15cb3dSCy Schubertinformation from the server in a log file.
2549*2b15cb3dSCy SchubertWhile such monitor
2550*2b15cb3dSCy Schubertprograms may also request their own trap dynamically, configuring a
2551*2b15cb3dSCy Schuberttrap receiver will ensure that no messages are lost when the server
2552*2b15cb3dSCy Schubertis started.
2553*2b15cb3dSCy Schubert<br><dt><code>hop</code> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing order, up to 8
2554*2b15cb3dSCy Schubertvalues can be specified.
2555*2b15cb3dSCy SchubertIn manycast mode these values are used in turn in
2556*2b15cb3dSCy Schubertan expanding-ring search.
2557*2b15cb3dSCy SchubertThe default is eight multiples of 32 starting at
2558*2b15cb3dSCy Schubert31.
2559*2b15cb3dSCy Schubert</dl>
2560*2b15cb3dSCy Schubert
2561*2b15cb3dSCy Schubert  <p>This section was generated by <strong>AutoGen</strong>,
2562*2b15cb3dSCy Schubertusing the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.conf</code> program.
2563*2b15cb3dSCy SchubertThis software is released under the NTP license, &lt;http://ntp.org/license&gt;.
2564*2b15cb3dSCy Schubert
2565*2b15cb3dSCy Schubert<ul class="menu">
2566*2b15cb3dSCy Schubert<li><a accesskey="1" href="#ntp_002econf-Files">ntp.conf Files</a>:                   Files
2567*2b15cb3dSCy Schubert<li><a accesskey="2" href="#ntp_002econf-See-Also">ntp.conf See Also</a>:                See Also
2568*2b15cb3dSCy Schubert<li><a accesskey="3" href="#ntp_002econf-Bugs">ntp.conf Bugs</a>:                    Bugs
2569*2b15cb3dSCy Schubert<li><a accesskey="4" href="#ntp_002econf-Notes">ntp.conf Notes</a>:                   Notes
2570*2b15cb3dSCy Schubert</ul>
2571*2b15cb3dSCy Schubert
2572*2b15cb3dSCy Schubert<div class="node">
2573*2b15cb3dSCy Schubert<p><hr>
2574*2b15cb3dSCy Schubert<a name="ntp_002econf-Files"></a>
2575*2b15cb3dSCy Schubert<br>
2576*2b15cb3dSCy Schubert</div>
2577*2b15cb3dSCy Schubert
2578*2b15cb3dSCy Schubert<h4 class="subsection">ntp.conf Files</h4>
2579*2b15cb3dSCy Schubert
2580*2b15cb3dSCy Schubert     <dl>
2581*2b15cb3dSCy Schubert<dt><span class="file">/etc/ntp.conf</span><dd>the default name of the configuration file
2582*2b15cb3dSCy Schubert<br><dt><span class="file">ntp.keys</span><dd>private MD5 keys
2583*2b15cb3dSCy Schubert<br><dt><span class="file">ntpkey</span><dd>RSA private key
2584*2b15cb3dSCy Schubert<br><dt><span class="file">ntpkey_</span><kbd>host</kbd><dd>RSA public key
2585*2b15cb3dSCy Schubert<br><dt><span class="file">ntp_dh</span><dd>Diffie-Hellman agreement parameters
2586*2b15cb3dSCy Schubert</dl>
2587*2b15cb3dSCy Schubert<div class="node">
2588*2b15cb3dSCy Schubert<p><hr>
2589*2b15cb3dSCy Schubert<a name="ntp_002econf-See-Also"></a>
2590*2b15cb3dSCy Schubert<br>
2591*2b15cb3dSCy Schubert</div>
2592*2b15cb3dSCy Schubert
2593*2b15cb3dSCy Schubert<h4 class="subsection">ntp.conf See Also</h4>
2594*2b15cb3dSCy Schubert
2595*2b15cb3dSCy Schubert<p><code>ntpd(1ntpdmdoc)</code>,
2596*2b15cb3dSCy Schubert<code>ntpdc(1ntpdcmdoc)</code>,
2597*2b15cb3dSCy Schubert<code>ntpq(1ntpqmdoc)</code>
2598*2b15cb3dSCy Schubert
2599*2b15cb3dSCy Schubert  <p>In addition to the manual pages provided,
2600*2b15cb3dSCy Schubertcomprehensive documentation is available on the world wide web
2601*2b15cb3dSCy Schubertat
2602*2b15cb3dSCy Schubert<code>http://www.ntp.org/</code>.
2603*2b15cb3dSCy SchubertA snapshot of this documentation is available in HTML format in
2604*2b15cb3dSCy Schubert<span class="file">/usr/share/doc/ntp</span>.
2605*2b15cb3dSCy Schubert<br>
2606*2b15cb3dSCy Schubert
2607*2b15cb3dSCy Schubert  <p><br>
2608*2b15cb3dSCy SchubertDavid L. Mills, <em>Network Time Protocol (Version 4)</em>, RFC5905
2609*2b15cb3dSCy Schubert<div class="node">
2610*2b15cb3dSCy Schubert<p><hr>
2611*2b15cb3dSCy Schubert<a name="ntp_002econf-Bugs"></a>
2612*2b15cb3dSCy Schubert<br>
2613*2b15cb3dSCy Schubert</div>
2614*2b15cb3dSCy Schubert
2615*2b15cb3dSCy Schubert<h4 class="subsection">ntp.conf Bugs</h4>
2616*2b15cb3dSCy Schubert
2617*2b15cb3dSCy Schubert<p>The syntax checking is not picky; some combinations of
2618*2b15cb3dSCy Schubertridiculous and even hilarious options and modes may not be
2619*2b15cb3dSCy Schubertdetected.
2620*2b15cb3dSCy Schubert
2621*2b15cb3dSCy Schubert  <p>The
2622*2b15cb3dSCy Schubert<span class="file">ntpkey_</span><kbd>host</kbd>
2623*2b15cb3dSCy Schubertfiles are really digital
2624*2b15cb3dSCy Schubertcertificates.
2625*2b15cb3dSCy SchubertThese should be obtained via secure directory
2626*2b15cb3dSCy Schubertservices when they become universally available.
2627*2b15cb3dSCy Schubert<div class="node">
2628*2b15cb3dSCy Schubert<p><hr>
2629*2b15cb3dSCy Schubert<a name="ntp_002econf-Notes"></a>
2630*2b15cb3dSCy Schubert<br>
2631*2b15cb3dSCy Schubert</div>
2632*2b15cb3dSCy Schubert
2633*2b15cb3dSCy Schubert<h4 class="subsection">ntp.conf Notes</h4>
2634*2b15cb3dSCy Schubert
2635*2b15cb3dSCy Schubert<p>This document was derived from FreeBSD.
2636*2b15cb3dSCy Schubert
2637*2b15cb3dSCy Schubert</body></html>
2638*2b15cb3dSCy Schubert
2639