1.Dd March 21 2017 2.Dt NTP_CONF 5 File Formats 3.Os 4.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) 5.\" 6.\" It has been AutoGen-ed March 21, 2017 at 10:31:09 AM by AutoGen 5.18.5 7.\" From the definitions ntp.conf.def 8.\" and the template file agmdoc-cmd.tpl 9.Sh NAME 10.Nm ntp.conf 11.Nd Network Time Protocol (NTP) daemon configuration file format 12.Sh SYNOPSIS 13.Nm 14.Op Fl \-option\-name 15.Op Fl \-option\-name Ar value 16.Pp 17All arguments must be options. 18.Pp 19.Sh DESCRIPTION 20The 21.Nm 22configuration file is read at initial startup by the 23.Xr ntpd @NTPD_MS@ 24daemon in order to specify the synchronization sources, 25modes and other related information. 26Usually, it is installed in the 27.Pa /etc 28directory, 29but could be installed elsewhere 30(see the daemon's 31.Fl c 32command line option). 33.Pp 34The file format is similar to other 35.Ux 36configuration files. 37Comments begin with a 38.Ql # 39character and extend to the end of the line; 40blank lines are ignored. 41Configuration commands consist of an initial keyword 42followed by a list of arguments, 43some of which may be optional, separated by whitespace. 44Commands may not be continued over multiple lines. 45Arguments may be host names, 46host addresses written in numeric, dotted\-quad form, 47integers, floating point numbers (when specifying times in seconds) 48and text strings. 49.Pp 50The rest of this page describes the configuration and control options. 51The 52.Qq Notes on Configuring NTP and Setting up an NTP Subnet 53page 54(available as part of the HTML documentation 55provided in 56.Pa /usr/share/doc/ntp ) 57contains an extended discussion of these options. 58In addition to the discussion of general 59.Sx Configuration Options , 60there are sections describing the following supported functionality 61and the options used to control it: 62.Bl -bullet -offset indent 63.It 64.Sx Authentication Support 65.It 66.Sx Monitoring Support 67.It 68.Sx Access Control Support 69.It 70.Sx Automatic NTP Configuration Options 71.It 72.Sx Reference Clock Support 73.It 74.Sx Miscellaneous Options 75.El 76.Pp 77Following these is a section describing 78.Sx Miscellaneous Options . 79While there is a rich set of options available, 80the only required option is one or more 81.Ic pool , 82.Ic server , 83.Ic peer , 84.Ic broadcast 85or 86.Ic manycastclient 87commands. 88.Sh Configuration Support 89Following is a description of the configuration commands in 90NTPv4. 91These commands have the same basic functions as in NTPv3 and 92in some cases new functions and new arguments. 93There are two 94classes of commands, configuration commands that configure a 95persistent association with a remote server or peer or reference 96clock, and auxiliary commands that specify environmental variables 97that control various related operations. 98.Ss Configuration Commands 99The various modes are determined by the command keyword and the 100type of the required IP address. 101Addresses are classed by type as 102(s) a remote server or peer (IPv4 class A, B and C), (b) the 103broadcast address of a local interface, (m) a multicast address (IPv4 104class D), or (r) a reference clock address (127.127.x.x). 105Note that 106only those options applicable to each command are listed below. 107Use 108of options not listed may not be caught as an error, but may result 109in some weird and even destructive behavior. 110.Pp 111If the Basic Socket Interface Extensions for IPv6 (RFC\-2553) 112is detected, support for the IPv6 address family is generated 113in addition to the default support of the IPv4 address family. 114In a few cases, including the 115.Cm reslist 116billboard generated 117by 118.Xr ntpq @NTPQ_MS@ 119or 120.Xr ntpdc @NTPDC_MS@ , 121IPv6 addresses are automatically generated. 122IPv6 addresses can be identified by the presence of colons 123.Dq \&: 124in the address field. 125IPv6 addresses can be used almost everywhere where 126IPv4 addresses can be used, 127with the exception of reference clock addresses, 128which are always IPv4. 129.Pp 130Note that in contexts where a host name is expected, a 131.Fl 4 132qualifier preceding 133the host name forces DNS resolution to the IPv4 namespace, 134while a 135.Fl 6 136qualifier forces DNS resolution to the IPv6 namespace. 137See IPv6 references for the 138equivalent classes for that address family. 139.Bl -tag -width indent 140.It Xo Ic pool Ar address 141.Op Cm burst 142.Op Cm iburst 143.Op Cm version Ar version 144.Op Cm prefer 145.Op Cm minpoll Ar minpoll 146.Op Cm maxpoll Ar maxpoll 147.Xc 148.It Xo Ic server Ar address 149.Op Cm key Ar key \&| Cm autokey 150.Op Cm burst 151.Op Cm iburst 152.Op Cm version Ar version 153.Op Cm prefer 154.Op Cm minpoll Ar minpoll 155.Op Cm maxpoll Ar maxpoll 156.Op Cm true 157.Xc 158.It Xo Ic peer Ar address 159.Op Cm key Ar key \&| Cm autokey 160.Op Cm version Ar version 161.Op Cm prefer 162.Op Cm minpoll Ar minpoll 163.Op Cm maxpoll Ar maxpoll 164.Op Cm true 165.Op Cm xleave 166.Xc 167.It Xo Ic broadcast Ar address 168.Op Cm key Ar key \&| Cm autokey 169.Op Cm version Ar version 170.Op Cm prefer 171.Op Cm minpoll Ar minpoll 172.Op Cm ttl Ar ttl 173.Op Cm xleave 174.Xc 175.It Xo Ic manycastclient Ar address 176.Op Cm key Ar key \&| Cm autokey 177.Op Cm version Ar version 178.Op Cm prefer 179.Op Cm minpoll Ar minpoll 180.Op Cm maxpoll Ar maxpoll 181.Op Cm ttl Ar ttl 182.Xc 183.El 184.Pp 185These five commands specify the time server name or address to 186be used and the mode in which to operate. 187The 188.Ar address 189can be 190either a DNS name or an IP address in dotted\-quad notation. 191Additional information on association behavior can be found in the 192.Qq Association Management 193page 194(available as part of the HTML documentation 195provided in 196.Pa /usr/share/doc/ntp ) . 197.Bl -tag -width indent 198.It Ic pool 199For type s addresses, this command mobilizes a persistent 200client mode association with a number of remote servers. 201In this mode the local clock can synchronized to the 202remote server, but the remote server can never be synchronized to 203the local clock. 204.It Ic server 205For type s and r addresses, this command mobilizes a persistent 206client mode association with the specified remote server or local 207radio clock. 208In this mode the local clock can synchronized to the 209remote server, but the remote server can never be synchronized to 210the local clock. 211This command should 212.Em not 213be used for type 214b or m addresses. 215.It Ic peer 216For type s addresses (only), this command mobilizes a 217persistent symmetric\-active mode association with the specified 218remote peer. 219In this mode the local clock can be synchronized to 220the remote peer or the remote peer can be synchronized to the local 221clock. 222This is useful in a network of servers where, depending on 223various failure scenarios, either the local or remote peer may be 224the better source of time. 225This command should NOT be used for type 226b, m or r addresses. 227.It Ic broadcast 228For type b and m addresses (only), this 229command mobilizes a persistent broadcast mode association. 230Multiple 231commands can be used to specify multiple local broadcast interfaces 232(subnets) and/or multiple multicast groups. 233Note that local 234broadcast messages go only to the interface associated with the 235subnet specified, but multicast messages go to all interfaces. 236In broadcast mode the local server sends periodic broadcast 237messages to a client population at the 238.Ar address 239specified, which is usually the broadcast address on (one of) the 240local network(s) or a multicast address assigned to NTP. 241The IANA 242has assigned the multicast group address IPv4 224.0.1.1 and 243IPv6 ff05::101 (site local) exclusively to 244NTP, but other nonconflicting addresses can be used to contain the 245messages within administrative boundaries. 246Ordinarily, this 247specification applies only to the local server operating as a 248sender; for operation as a broadcast client, see the 249.Ic broadcastclient 250or 251.Ic multicastclient 252commands 253below. 254.It Ic manycastclient 255For type m addresses (only), this command mobilizes a 256manycast client mode association for the multicast address 257specified. 258In this case a specific address must be supplied which 259matches the address used on the 260.Ic manycastserver 261command for 262the designated manycast servers. 263The NTP multicast address 264224.0.1.1 assigned by the IANA should NOT be used, unless specific 265means are taken to avoid spraying large areas of the Internet with 266these messages and causing a possibly massive implosion of replies 267at the sender. 268The 269.Ic manycastserver 270command specifies that the local server 271is to operate in client mode with the remote servers that are 272discovered as the result of broadcast/multicast messages. 273The 274client broadcasts a request message to the group address associated 275with the specified 276.Ar address 277and specifically enabled 278servers respond to these messages. 279The client selects the servers 280providing the best time and continues as with the 281.Ic server 282command. 283The remaining servers are discarded as if never 284heard. 285.El 286.Pp 287Options: 288.Bl -tag -width indent 289.It Cm autokey 290All packets sent to and received from the server or peer are to 291include authentication fields encrypted using the autokey scheme 292described in 293.Sx Authentication Options . 294.It Cm burst 295when the server is reachable, send a burst of eight packets 296instead of the usual one. 297The packet spacing is normally 2 s; 298however, the spacing between the first and second packets 299can be changed with the 300.Ic calldelay 301command to allow 302additional time for a modem or ISDN call to complete. 303This is designed to improve timekeeping quality 304with the 305.Ic server 306command and s addresses. 307.It Cm iburst 308When the server is unreachable, send a burst of eight packets 309instead of the usual one. 310The packet spacing is normally 2 s; 311however, the spacing between the first two packets can be 312changed with the 313.Ic calldelay 314command to allow 315additional time for a modem or ISDN call to complete. 316This is designed to speed the initial synchronization 317acquisition with the 318.Ic server 319command and s addresses and when 320.Xr ntpd @NTPD_MS@ 321is started with the 322.Fl q 323option. 324.It Cm key Ar key 325All packets sent to and received from the server or peer are to 326include authentication fields encrypted using the specified 327.Ar key 328identifier with values from 1 to 65534, inclusive. 329The 330default is to include no encryption field. 331.It Cm minpoll Ar minpoll 332.It Cm maxpoll Ar maxpoll 333These options specify the minimum and maximum poll intervals 334for NTP messages, as a power of 2 in seconds 335The maximum poll 336interval defaults to 10 (1,024 s), but can be increased by the 337.Cm maxpoll 338option to an upper limit of 17 (36.4 h). 339The 340minimum poll interval defaults to 6 (64 s), but can be decreased by 341the 342.Cm minpoll 343option to a lower limit of 4 (16 s). 344.It Cm noselect 345Marks the server as unused, except for display purposes. 346The server is discarded by the selection algroithm. 347.It Cm preempt 348Says the association can be preempted. 349.It Cm true 350Marks the server as a truechimer. 351Use this option only for testing. 352.It Cm prefer 353Marks the server as preferred. 354All other things being equal, 355this host will be chosen for synchronization among a set of 356correctly operating hosts. 357See the 358.Qq Mitigation Rules and the prefer Keyword 359page 360(available as part of the HTML documentation 361provided in 362.Pa /usr/share/doc/ntp ) 363for further information. 364.It Cm true 365Forces the association to always survive the selection and clustering algorithms. 366This option should almost certainly 367.Em only 368be used while testing an association. 369.It Cm ttl Ar ttl 370This option is used only with broadcast server and manycast 371client modes. 372It specifies the time\-to\-live 373.Ar ttl 374to 375use on broadcast server and multicast server and the maximum 376.Ar ttl 377for the expanding ring search with manycast 378client packets. 379Selection of the proper value, which defaults to 380127, is something of a black art and should be coordinated with the 381network administrator. 382.It Cm version Ar version 383Specifies the version number to be used for outgoing NTP 384packets. 385Versions 1\-4 are the choices, with version 4 the 386default. 387.It Cm xleave 388Valid in 389.Cm peer 390and 391.Cm broadcast 392modes only, this flag enables interleave mode. 393.El 394.Ss Auxiliary Commands 395.Bl -tag -width indent 396.It Ic broadcastclient 397This command enables reception of broadcast server messages to 398any local interface (type b) address. 399Upon receiving a message for 400the first time, the broadcast client measures the nominal server 401propagation delay using a brief client/server exchange with the 402server, then enters the broadcast client mode, in which it 403synchronizes to succeeding broadcast messages. 404Note that, in order 405to avoid accidental or malicious disruption in this mode, both the 406server and client should operate using symmetric\-key or public\-key 407authentication as described in 408.Sx Authentication Options . 409.It Ic manycastserver Ar address ... 410This command enables reception of manycast client messages to 411the multicast group address(es) (type m) specified. 412At least one 413address is required, but the NTP multicast address 224.0.1.1 414assigned by the IANA should NOT be used, unless specific means are 415taken to limit the span of the reply and avoid a possibly massive 416implosion at the original sender. 417Note that, in order to avoid 418accidental or malicious disruption in this mode, both the server 419and client should operate using symmetric\-key or public\-key 420authentication as described in 421.Sx Authentication Options . 422.It Ic multicastclient Ar address ... 423This command enables reception of multicast server messages to 424the multicast group address(es) (type m) specified. 425Upon receiving 426a message for the first time, the multicast client measures the 427nominal server propagation delay using a brief client/server 428exchange with the server, then enters the broadcast client mode, in 429which it synchronizes to succeeding multicast messages. 430Note that, 431in order to avoid accidental or malicious disruption in this mode, 432both the server and client should operate using symmetric\-key or 433public\-key authentication as described in 434.Sx Authentication Options . 435.It Ic mdnstries Ar number 436If we are participating in mDNS, 437after we have synched for the first time 438we attempt to register with the mDNS system. 439If that registration attempt fails, 440we try again at one minute intervals for up to 441.Ic mdnstries 442times. 443After all, 444.Ic ntpd 445may be starting before mDNS. 446The default value for 447.Ic mdnstries 448is 5. 449.El 450.Sh Authentication Support 451Authentication support allows the NTP client to verify that the 452server is in fact known and trusted and not an intruder intending 453accidentally or on purpose to masquerade as that server. 454The NTPv3 455specification RFC\-1305 defines a scheme which provides 456cryptographic authentication of received NTP packets. 457Originally, 458this was done using the Data Encryption Standard (DES) algorithm 459operating in Cipher Block Chaining (CBC) mode, commonly called 460DES\-CBC. 461Subsequently, this was replaced by the RSA Message Digest 4625 (MD5) algorithm using a private key, commonly called keyed\-MD5. 463Either algorithm computes a message digest, or one\-way hash, which 464can be used to verify the server has the correct private key and 465key identifier. 466.Pp 467NTPv4 retains the NTPv3 scheme, properly described as symmetric key 468cryptography and, in addition, provides a new Autokey scheme 469based on public key cryptography. 470Public key cryptography is generally considered more secure 471than symmetric key cryptography, since the security is based 472on a private value which is generated by each server and 473never revealed. 474With Autokey all key distribution and 475management functions involve only public values, which 476considerably simplifies key distribution and storage. 477Public key management is based on X.509 certificates, 478which can be provided by commercial services or 479produced by utility programs in the OpenSSL software library 480or the NTPv4 distribution. 481.Pp 482While the algorithms for symmetric key cryptography are 483included in the NTPv4 distribution, public key cryptography 484requires the OpenSSL software library to be installed 485before building the NTP distribution. 486Directions for doing that 487are on the Building and Installing the Distribution page. 488.Pp 489Authentication is configured separately for each association 490using the 491.Cm key 492or 493.Cm autokey 494subcommand on the 495.Ic peer , 496.Ic server , 497.Ic broadcast 498and 499.Ic manycastclient 500configuration commands as described in 501.Sx Configuration Options 502page. 503The authentication 504options described below specify the locations of the key files, 505if other than default, which symmetric keys are trusted 506and the interval between various operations, if other than default. 507.Pp 508Authentication is always enabled, 509although ineffective if not configured as 510described below. 511If a NTP packet arrives 512including a message authentication 513code (MAC), it is accepted only if it 514passes all cryptographic checks. 515The 516checks require correct key ID, key value 517and message digest. 518If the packet has 519been modified in any way or replayed 520by an intruder, it will fail one or more 521of these checks and be discarded. 522Furthermore, the Autokey scheme requires a 523preliminary protocol exchange to obtain 524the server certificate, verify its 525credentials and initialize the protocol 526.Pp 527The 528.Cm auth 529flag controls whether new associations or 530remote configuration commands require cryptographic authentication. 531This flag can be set or reset by the 532.Ic enable 533and 534.Ic disable 535commands and also by remote 536configuration commands sent by a 537.Xr ntpdc @NTPDC_MS@ 538program running on 539another machine. 540If this flag is enabled, which is the default 541case, new broadcast client and symmetric passive associations and 542remote configuration commands must be cryptographically 543authenticated using either symmetric key or public key cryptography. 544If this 545flag is disabled, these operations are effective 546even if not cryptographic 547authenticated. 548It should be understood 549that operating with the 550.Ic auth 551flag disabled invites a significant vulnerability 552where a rogue hacker can 553masquerade as a falseticker and seriously 554disrupt system timekeeping. 555It is 556important to note that this flag has no purpose 557other than to allow or disallow 558a new association in response to new broadcast 559and symmetric active messages 560and remote configuration commands and, in particular, 561the flag has no effect on 562the authentication process itself. 563.Pp 564An attractive alternative where multicast support is available 565is manycast mode, in which clients periodically troll 566for servers as described in the 567.Sx Automatic NTP Configuration Options 568page. 569Either symmetric key or public key 570cryptographic authentication can be used in this mode. 571The principle advantage 572of manycast mode is that potential servers need not be 573configured in advance, 574since the client finds them during regular operation, 575and the configuration 576files for all clients can be identical. 577.Pp 578The security model and protocol schemes for 579both symmetric key and public key 580cryptography are summarized below; 581further details are in the briefings, papers 582and reports at the NTP project page linked from 583.Li http://www.ntp.org/ . 584.Ss Symmetric\-Key Cryptography 585The original RFC\-1305 specification allows any one of possibly 58665,534 keys, each distinguished by a 32\-bit key identifier, to 587authenticate an association. 588The servers and clients involved must 589agree on the key and key identifier to 590authenticate NTP packets. 591Keys and 592related information are specified in a key 593file, usually called 594.Pa ntp.keys , 595which must be distributed and stored using 596secure means beyond the scope of the NTP protocol itself. 597Besides the keys used 598for ordinary NTP associations, 599additional keys can be used as passwords for the 600.Xr ntpq @NTPQ_MS@ 601and 602.Xr ntpdc @NTPDC_MS@ 603utility programs. 604.Pp 605When 606.Xr ntpd @NTPD_MS@ 607is first started, it reads the key file specified in the 608.Ic keys 609configuration command and installs the keys 610in the key cache. 611However, 612individual keys must be activated with the 613.Ic trusted 614command before use. 615This 616allows, for instance, the installation of possibly 617several batches of keys and 618then activating or deactivating each batch 619remotely using 620.Xr ntpdc @NTPDC_MS@ . 621This also provides a revocation capability that can be used 622if a key becomes compromised. 623The 624.Ic requestkey 625command selects the key used as the password for the 626.Xr ntpdc @NTPDC_MS@ 627utility, while the 628.Ic controlkey 629command selects the key used as the password for the 630.Xr ntpq @NTPQ_MS@ 631utility. 632.Ss Public Key Cryptography 633NTPv4 supports the original NTPv3 symmetric key scheme 634described in RFC\-1305 and in addition the Autokey protocol, 635which is based on public key cryptography. 636The Autokey Version 2 protocol described on the Autokey Protocol 637page verifies packet integrity using MD5 message digests 638and verifies the source with digital signatures and any of several 639digest/signature schemes. 640Optional identity schemes described on the Identity Schemes 641page and based on cryptographic challenge/response algorithms 642are also available. 643Using all of these schemes provides strong security against 644replay with or without modification, spoofing, masquerade 645and most forms of clogging attacks. 646.\" .Pp 647.\" The cryptographic means necessary for all Autokey operations 648.\" is provided by the OpenSSL software library. 649.\" This library is available from http://www.openssl.org/ 650.\" and can be installed using the procedures outlined 651.\" in the Building and Installing the Distribution page. 652.\" Once installed, 653.\" the configure and build 654.\" process automatically detects the library and links 655.\" the library routines required. 656.Pp 657The Autokey protocol has several modes of operation 658corresponding to the various NTP modes supported. 659Most modes use a special cookie which can be 660computed independently by the client and server, 661but encrypted in transmission. 662All modes use in addition a variant of the S\-KEY scheme, 663in which a pseudo\-random key list is generated and used 664in reverse order. 665These schemes are described along with an executive summary, 666current status, briefing slides and reading list on the 667.Sx Autonomous Authentication 668page. 669.Pp 670The specific cryptographic environment used by Autokey servers 671and clients is determined by a set of files 672and soft links generated by the 673.Xr ntp\-keygen 1ntpkeygenmdoc 674program. 675This includes a required host key file, 676required certificate file and optional sign key file, 677leapsecond file and identity scheme files. 678The 679digest/signature scheme is specified in the X.509 certificate 680along with the matching sign key. 681There are several schemes 682available in the OpenSSL software library, each identified 683by a specific string such as 684.Cm md5WithRSAEncryption , 685which stands for the MD5 message digest with RSA 686encryption scheme. 687The current NTP distribution supports 688all the schemes in the OpenSSL library, including 689those based on RSA and DSA digital signatures. 690.Pp 691NTP secure groups can be used to define cryptographic compartments 692and security hierarchies. 693It is important that every host 694in the group be able to construct a certificate trail to one 695or more trusted hosts in the same group. 696Each group 697host runs the Autokey protocol to obtain the certificates 698for all hosts along the trail to one or more trusted hosts. 699This requires the configuration file in all hosts to be 700engineered so that, even under anticipated failure conditions, 701the NTP subnet will form such that every group host can find 702a trail to at least one trusted host. 703.Ss Naming and Addressing 704It is important to note that Autokey does not use DNS to 705resolve addresses, since DNS can't be completely trusted 706until the name servers have synchronized clocks. 707The cryptographic name used by Autokey to bind the host identity 708credentials and cryptographic values must be independent 709of interface, network and any other naming convention. 710The name appears in the host certificate in either or both 711the subject and issuer fields, so protection against 712DNS compromise is essential. 713.Pp 714By convention, the name of an Autokey host is the name returned 715by the Unix 716.Xr gethostname 2 717system call or equivalent in other systems. 718By the system design 719model, there are no provisions to allow alternate names or aliases. 720However, this is not to say that DNS aliases, different names 721for each interface, etc., are constrained in any way. 722.Pp 723It is also important to note that Autokey verifies authenticity 724using the host name, network address and public keys, 725all of which are bound together by the protocol specifically 726to deflect masquerade attacks. 727For this reason Autokey 728includes the source and destination IP addresses in message digest 729computations and so the same addresses must be available 730at both the server and client. 731For this reason operation 732with network address translation schemes is not possible. 733This reflects the intended robust security model where government 734and corporate NTP servers are operated outside firewall perimeters. 735.Ss Operation 736A specific combination of authentication scheme (none, 737symmetric key, public key) and identity scheme is called 738a cryptotype, although not all combinations are compatible. 739There may be management configurations where the clients, 740servers and peers may not all support the same cryptotypes. 741A secure NTPv4 subnet can be configured in many ways while 742keeping in mind the principles explained above and 743in this section. 744Note however that some cryptotype 745combinations may successfully interoperate with each other, 746but may not represent good security practice. 747.Pp 748The cryptotype of an association is determined at the time 749of mobilization, either at configuration time or some time 750later when a message of appropriate cryptotype arrives. 751When mobilized by a 752.Ic server 753or 754.Ic peer 755configuration command and no 756.Ic key 757or 758.Ic autokey 759subcommands are present, the association is not 760authenticated; if the 761.Ic key 762subcommand is present, the association is authenticated 763using the symmetric key ID specified; if the 764.Ic autokey 765subcommand is present, the association is authenticated 766using Autokey. 767.Pp 768When multiple identity schemes are supported in the Autokey 769protocol, the first message exchange determines which one is used. 770The client request message contains bits corresponding 771to which schemes it has available. 772The server response message 773contains bits corresponding to which schemes it has available. 774Both server and client match the received bits with their own 775and select a common scheme. 776.Pp 777Following the principle that time is a public value, 778a server responds to any client packet that matches 779its cryptotype capabilities. 780Thus, a server receiving 781an unauthenticated packet will respond with an unauthenticated 782packet, while the same server receiving a packet of a cryptotype 783it supports will respond with packets of that cryptotype. 784However, unconfigured broadcast or manycast client 785associations or symmetric passive associations will not be 786mobilized unless the server supports a cryptotype compatible 787with the first packet received. 788By default, unauthenticated associations will not be mobilized 789unless overridden in a decidedly dangerous way. 790.Pp 791Some examples may help to reduce confusion. 792Client Alice has no specific cryptotype selected. 793Server Bob has both a symmetric key file and minimal Autokey files. 794Alice's unauthenticated messages arrive at Bob, who replies with 795unauthenticated messages. 796Cathy has a copy of Bob's symmetric 797key file and has selected key ID 4 in messages to Bob. 798Bob verifies the message with his key ID 4. 799If it's the 800same key and the message is verified, Bob sends Cathy a reply 801authenticated with that key. 802If verification fails, 803Bob sends Cathy a thing called a crypto\-NAK, which tells her 804something broke. 805She can see the evidence using the 806.Xr ntpq @NTPQ_MS@ 807program. 808.Pp 809Denise has rolled her own host key and certificate. 810She also uses one of the identity schemes as Bob. 811She sends the first Autokey message to Bob and they 812both dance the protocol authentication and identity steps. 813If all comes out okay, Denise and Bob continue as described above. 814.Pp 815It should be clear from the above that Bob can support 816all the girls at the same time, as long as he has compatible 817authentication and identity credentials. 818Now, Bob can act just like the girls in his own choice of servers; 819he can run multiple configured associations with multiple different 820servers (or the same server, although that might not be useful). 821But, wise security policy might preclude some cryptotype 822combinations; for instance, running an identity scheme 823with one server and no authentication with another might not be wise. 824.Ss Key Management 825The cryptographic values used by the Autokey protocol are 826incorporated as a set of files generated by the 827.Xr ntp\-keygen 1ntpkeygenmdoc 828utility program, including symmetric key, host key and 829public certificate files, as well as sign key, identity parameters 830and leapseconds files. 831Alternatively, host and sign keys and 832certificate files can be generated by the OpenSSL utilities 833and certificates can be imported from public certificate 834authorities. 835Note that symmetric keys are necessary for the 836.Xr ntpq @NTPQ_MS@ 837and 838.Xr ntpdc @NTPDC_MS@ 839utility programs. 840The remaining files are necessary only for the 841Autokey protocol. 842.Pp 843Certificates imported from OpenSSL or public certificate 844authorities have certian limitations. 845The certificate should be in ASN.1 syntax, X.509 Version 3 846format and encoded in PEM, which is the same format 847used by OpenSSL. 848The overall length of the certificate encoded 849in ASN.1 must not exceed 1024 bytes. 850The subject distinguished 851name field (CN) is the fully qualified name of the host 852on which it is used; the remaining subject fields are ignored. 853The certificate extension fields must not contain either 854a subject key identifier or a issuer key identifier field; 855however, an extended key usage field for a trusted host must 856contain the value 857.Cm trustRoot ; . 858Other extension fields are ignored. 859.Ss Authentication Commands 860.Bl -tag -width indent 861.It Ic autokey Op Ar logsec 862Specifies the interval between regenerations of the session key 863list used with the Autokey protocol. 864Note that the size of the key 865list for each association depends on this interval and the current 866poll interval. 867The default value is 12 (4096 s or about 1.1 hours). 868For poll intervals above the specified interval, a session key list 869with a single entry will be regenerated for every message 870sent. 871.It Ic controlkey Ar key 872Specifies the key identifier to use with the 873.Xr ntpq @NTPQ_MS@ 874utility, which uses the standard 875protocol defined in RFC\-1305. 876The 877.Ar key 878argument is 879the key identifier for a trusted key, where the value can be in the 880range 1 to 65,534, inclusive. 881.It Xo Ic crypto 882.Op Cm cert Ar file 883.Op Cm leap Ar file 884.Op Cm randfile Ar file 885.Op Cm host Ar file 886.Op Cm sign Ar file 887.Op Cm gq Ar file 888.Op Cm gqpar Ar file 889.Op Cm iffpar Ar file 890.Op Cm mvpar Ar file 891.Op Cm pw Ar password 892.Xc 893This command requires the OpenSSL library. 894It activates public key 895cryptography, selects the message digest and signature 896encryption scheme and loads the required private and public 897values described above. 898If one or more files are left unspecified, 899the default names are used as described above. 900Unless the complete path and name of the file are specified, the 901location of a file is relative to the keys directory specified 902in the 903.Ic keysdir 904command or default 905.Pa /usr/local/etc . 906Following are the subcommands: 907.Bl -tag -width indent 908.It Cm cert Ar file 909Specifies the location of the required host public certificate file. 910This overrides the link 911.Pa ntpkey_cert_ Ns Ar hostname 912in the keys directory. 913.It Cm gqpar Ar file 914Specifies the location of the optional GQ parameters file. 915This 916overrides the link 917.Pa ntpkey_gq_ Ns Ar hostname 918in the keys directory. 919.It Cm host Ar file 920Specifies the location of the required host key file. 921This overrides 922the link 923.Pa ntpkey_key_ Ns Ar hostname 924in the keys directory. 925.It Cm iffpar Ar file 926Specifies the location of the optional IFF parameters file. 927This overrides the link 928.Pa ntpkey_iff_ Ns Ar hostname 929in the keys directory. 930.It Cm leap Ar file 931Specifies the location of the optional leapsecond file. 932This overrides the link 933.Pa ntpkey_leap 934in the keys directory. 935.It Cm mvpar Ar file 936Specifies the location of the optional MV parameters file. 937This overrides the link 938.Pa ntpkey_mv_ Ns Ar hostname 939in the keys directory. 940.It Cm pw Ar password 941Specifies the password to decrypt files containing private keys and 942identity parameters. 943This is required only if these files have been 944encrypted. 945.It Cm randfile Ar file 946Specifies the location of the random seed file used by the OpenSSL 947library. 948The defaults are described in the main text above. 949.It Cm sign Ar file 950Specifies the location of the optional sign key file. 951This overrides 952the link 953.Pa ntpkey_sign_ Ns Ar hostname 954in the keys directory. 955If this file is 956not found, the host key is also the sign key. 957.El 958.It Ic keys Ar keyfile 959Specifies the complete path and location of the MD5 key file 960containing the keys and key identifiers used by 961.Xr ntpd @NTPD_MS@ , 962.Xr ntpq @NTPQ_MS@ 963and 964.Xr ntpdc @NTPDC_MS@ 965when operating with symmetric key cryptography. 966This is the same operation as the 967.Fl k 968command line option. 969.It Ic keysdir Ar path 970This command specifies the default directory path for 971cryptographic keys, parameters and certificates. 972The default is 973.Pa /usr/local/etc/ . 974.It Ic requestkey Ar key 975Specifies the key identifier to use with the 976.Xr ntpdc @NTPDC_MS@ 977utility program, which uses a 978proprietary protocol specific to this implementation of 979.Xr ntpd @NTPD_MS@ . 980The 981.Ar key 982argument is a key identifier 983for the trusted key, where the value can be in the range 1 to 98465,534, inclusive. 985.It Ic revoke Ar logsec 986Specifies the interval between re\-randomization of certain 987cryptographic values used by the Autokey scheme, as a power of 2 in 988seconds. 989These values need to be updated frequently in order to 990deflect brute\-force attacks on the algorithms of the scheme; 991however, updating some values is a relatively expensive operation. 992The default interval is 16 (65,536 s or about 18 hours). 993For poll 994intervals above the specified interval, the values will be updated 995for every message sent. 996.It Ic trustedkey Ar key ... 997Specifies the key identifiers which are trusted for the 998purposes of authenticating peers with symmetric key cryptography, 999as well as keys used by the 1000.Xr ntpq @NTPQ_MS@ 1001and 1002.Xr ntpdc @NTPDC_MS@ 1003programs. 1004The authentication procedures require that both the local 1005and remote servers share the same key and key identifier for this 1006purpose, although different keys can be used with different 1007servers. 1008The 1009.Ar key 1010arguments are 32\-bit unsigned 1011integers with values from 1 to 65,534. 1012.El 1013.Ss Error Codes 1014The following error codes are reported via the NTP control 1015and monitoring protocol trap mechanism. 1016.Bl -tag -width indent 1017.It 101 1018.Pq bad field format or length 1019The packet has invalid version, length or format. 1020.It 102 1021.Pq bad timestamp 1022The packet timestamp is the same or older than the most recent received. 1023This could be due to a replay or a server clock time step. 1024.It 103 1025.Pq bad filestamp 1026The packet filestamp is the same or older than the most recent received. 1027This could be due to a replay or a key file generation error. 1028.It 104 1029.Pq bad or missing public key 1030The public key is missing, has incorrect format or is an unsupported type. 1031.It 105 1032.Pq unsupported digest type 1033The server requires an unsupported digest/signature scheme. 1034.It 106 1035.Pq mismatched digest types 1036Not used. 1037.It 107 1038.Pq bad signature length 1039The signature length does not match the current public key. 1040.It 108 1041.Pq signature not verified 1042The message fails the signature check. 1043It could be bogus or signed by a 1044different private key. 1045.It 109 1046.Pq certificate not verified 1047The certificate is invalid or signed with the wrong key. 1048.It 110 1049.Pq certificate not verified 1050The certificate is not yet valid or has expired or the signature could not 1051be verified. 1052.It 111 1053.Pq bad or missing cookie 1054The cookie is missing, corrupted or bogus. 1055.It 112 1056.Pq bad or missing leapseconds table 1057The leapseconds table is missing, corrupted or bogus. 1058.It 113 1059.Pq bad or missing certificate 1060The certificate is missing, corrupted or bogus. 1061.It 114 1062.Pq bad or missing identity 1063The identity key is missing, corrupt or bogus. 1064.El 1065.Sh Monitoring Support 1066.Xr ntpd @NTPD_MS@ 1067includes a comprehensive monitoring facility suitable 1068for continuous, long term recording of server and client 1069timekeeping performance. 1070See the 1071.Ic statistics 1072command below 1073for a listing and example of each type of statistics currently 1074supported. 1075Statistic files are managed using file generation sets 1076and scripts in the 1077.Pa ./scripts 1078directory of the source code distribution. 1079Using 1080these facilities and 1081.Ux 1082.Xr cron 8 1083jobs, the data can be 1084automatically summarized and archived for retrospective analysis. 1085.Ss Monitoring Commands 1086.Bl -tag -width indent 1087.It Ic statistics Ar name ... 1088Enables writing of statistics records. 1089Currently, eight kinds of 1090.Ar name 1091statistics are supported. 1092.Bl -tag -width indent 1093.It Cm clockstats 1094Enables recording of clock driver statistics information. 1095Each update 1096received from a clock driver appends a line of the following form to 1097the file generation set named 1098.Cm clockstats : 1099.Bd -literal 110049213 525.624 127.127.4.1 93 226 00:08:29.606 D 1101.Ed 1102.Pp 1103The first two fields show the date (Modified Julian Day) and time 1104(seconds and fraction past UTC midnight). 1105The next field shows the 1106clock address in dotted\-quad notation. 1107The final field shows the last 1108timecode received from the clock in decoded ASCII format, where 1109meaningful. 1110In some clock drivers a good deal of additional information 1111can be gathered and displayed as well. 1112See information specific to each 1113clock for further details. 1114.It Cm cryptostats 1115This option requires the OpenSSL cryptographic software library. 1116It 1117enables recording of cryptographic public key protocol information. 1118Each message received by the protocol module appends a line of the 1119following form to the file generation set named 1120.Cm cryptostats : 1121.Bd -literal 112249213 525.624 127.127.4.1 message 1123.Ed 1124.Pp 1125The first two fields show the date (Modified Julian Day) and time 1126(seconds and fraction past UTC midnight). 1127The next field shows the peer 1128address in dotted\-quad notation, The final message field includes the 1129message type and certain ancillary information. 1130See the 1131.Sx Authentication Options 1132section for further information. 1133.It Cm loopstats 1134Enables recording of loop filter statistics information. 1135Each 1136update of the local clock outputs a line of the following form to 1137the file generation set named 1138.Cm loopstats : 1139.Bd -literal 114050935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 1141.Ed 1142.Pp 1143The first two fields show the date (Modified Julian Day) and 1144time (seconds and fraction past UTC midnight). 1145The next five fields 1146show time offset (seconds), frequency offset (parts per million \- 1147PPM), RMS jitter (seconds), Allan deviation (PPM) and clock 1148discipline time constant. 1149.It Cm peerstats 1150Enables recording of peer statistics information. 1151This includes 1152statistics records of all peers of a NTP server and of special 1153signals, where present and configured. 1154Each valid update appends a 1155line of the following form to the current element of a file 1156generation set named 1157.Cm peerstats : 1158.Bd -literal 115948773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674 1160.Ed 1161.Pp 1162The first two fields show the date (Modified Julian Day) and 1163time (seconds and fraction past UTC midnight). 1164The next two fields 1165show the peer address in dotted\-quad notation and status, 1166respectively. 1167The status field is encoded in hex in the format 1168described in Appendix A of the NTP specification RFC 1305. 1169The final four fields show the offset, 1170delay, dispersion and RMS jitter, all in seconds. 1171.It Cm rawstats 1172Enables recording of raw\-timestamp statistics information. 1173This 1174includes statistics records of all peers of a NTP server and of 1175special signals, where present and configured. 1176Each NTP message 1177received from a peer or clock driver appends a line of the 1178following form to the file generation set named 1179.Cm rawstats : 1180.Bd -literal 118150928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 1182.Ed 1183.Pp 1184The first two fields show the date (Modified Julian Day) and 1185time (seconds and fraction past UTC midnight). 1186The next two fields 1187show the remote peer or clock address followed by the local address 1188in dotted\-quad notation. 1189The final four fields show the originate, 1190receive, transmit and final NTP timestamps in order. 1191The timestamp 1192values are as received and before processing by the various data 1193smoothing and mitigation algorithms. 1194.It Cm sysstats 1195Enables recording of ntpd statistics counters on a periodic basis. 1196Each 1197hour a line of the following form is appended to the file generation 1198set named 1199.Cm sysstats : 1200.Bd -literal 120150928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 1202.Ed 1203.Pp 1204The first two fields show the date (Modified Julian Day) and time 1205(seconds and fraction past UTC midnight). 1206The remaining ten fields show 1207the statistics counter values accumulated since the last generated 1208line. 1209.Bl -tag -width indent 1210.It Time since restart Cm 36000 1211Time in hours since the system was last rebooted. 1212.It Packets received Cm 81965 1213Total number of packets received. 1214.It Packets processed Cm 0 1215Number of packets received in response to previous packets sent 1216.It Current version Cm 9546 1217Number of packets matching the current NTP version. 1218.It Previous version Cm 56 1219Number of packets matching the previous NTP version. 1220.It Bad version Cm 71793 1221Number of packets matching neither NTP version. 1222.It Access denied Cm 512 1223Number of packets denied access for any reason. 1224.It Bad length or format Cm 540 1225Number of packets with invalid length, format or port number. 1226.It Bad authentication Cm 10 1227Number of packets not verified as authentic. 1228.It Rate exceeded Cm 147 1229Number of packets discarded due to rate limitation. 1230.El 1231.It Cm statsdir Ar directory_path 1232Indicates the full path of a directory where statistics files 1233should be created (see below). 1234This keyword allows 1235the (otherwise constant) 1236.Cm filegen 1237filename prefix to be modified for file generation sets, which 1238is useful for handling statistics logs. 1239.It Cm filegen Ar name Xo 1240.Op Cm file Ar filename 1241.Op Cm type Ar typename 1242.Op Cm link | nolink 1243.Op Cm enable | disable 1244.Xc 1245Configures setting of generation file set name. 1246Generation 1247file sets provide a means for handling files that are 1248continuously growing during the lifetime of a server. 1249Server statistics are a typical example for such files. 1250Generation file sets provide access to a set of files used 1251to store the actual data. 1252At any time at most one element 1253of the set is being written to. 1254The type given specifies 1255when and how data will be directed to a new element of the set. 1256This way, information stored in elements of a file set 1257that are currently unused are available for administrational 1258operations without the risk of disturbing the operation of ntpd. 1259(Most important: they can be removed to free space for new data 1260produced.) 1261.Pp 1262Note that this command can be sent from the 1263.Xr ntpdc @NTPDC_MS@ 1264program running at a remote location. 1265.Bl -tag -width indent 1266.It Cm name 1267This is the type of the statistics records, as shown in the 1268.Cm statistics 1269command. 1270.It Cm file Ar filename 1271This is the file name for the statistics records. 1272Filenames of set 1273members are built from three concatenated elements 1274.Ar Cm prefix , 1275.Ar Cm filename 1276and 1277.Ar Cm suffix : 1278.Bl -tag -width indent 1279.It Cm prefix 1280This is a constant filename path. 1281It is not subject to 1282modifications via the 1283.Ar filegen 1284option. 1285It is defined by the 1286server, usually specified as a compile\-time constant. 1287It may, 1288however, be configurable for individual file generation sets 1289via other commands. 1290For example, the prefix used with 1291.Ar loopstats 1292and 1293.Ar peerstats 1294generation can be configured using the 1295.Ar statsdir 1296option explained above. 1297.It Cm filename 1298This string is directly concatenated to the prefix mentioned 1299above (no intervening 1300.Ql / ) . 1301This can be modified using 1302the file argument to the 1303.Ar filegen 1304statement. 1305No 1306.Pa .. 1307elements are 1308allowed in this component to prevent filenames referring to 1309parts outside the filesystem hierarchy denoted by 1310.Ar prefix . 1311.It Cm suffix 1312This part is reflects individual elements of a file set. 1313It is 1314generated according to the type of a file set. 1315.El 1316.It Cm type Ar typename 1317A file generation set is characterized by its type. 1318The following 1319types are supported: 1320.Bl -tag -width indent 1321.It Cm none 1322The file set is actually a single plain file. 1323.It Cm pid 1324One element of file set is used per incarnation of a ntpd 1325server. 1326This type does not perform any changes to file set 1327members during runtime, however it provides an easy way of 1328separating files belonging to different 1329.Xr ntpd @NTPD_MS@ 1330server incarnations. 1331The set member filename is built by appending a 1332.Ql \&. 1333to concatenated 1334.Ar prefix 1335and 1336.Ar filename 1337strings, and 1338appending the decimal representation of the process ID of the 1339.Xr ntpd @NTPD_MS@ 1340server process. 1341.It Cm day 1342One file generation set element is created per day. 1343A day is 1344defined as the period between 00:00 and 24:00 UTC. 1345The file set 1346member suffix consists of a 1347.Ql \&. 1348and a day specification in 1349the form 1350.Cm YYYYMMdd . 1351.Cm YYYY 1352is a 4\-digit year number (e.g., 1992). 1353.Cm MM 1354is a two digit month number. 1355.Cm dd 1356is a two digit day number. 1357Thus, all information written at 10 December 1992 would end up 1358in a file named 1359.Ar prefix 1360.Ar filename Ns .19921210 . 1361.It Cm week 1362Any file set member contains data related to a certain week of 1363a year. 1364The term week is defined by computing day\-of\-year 1365modulo 7. 1366Elements of such a file generation set are 1367distinguished by appending the following suffix to the file set 1368filename base: A dot, a 4\-digit year number, the letter 1369.Cm W , 1370and a 2\-digit week number. 1371For example, information from January, 137210th 1992 would end up in a file with suffix 1373.No . Ns Ar 1992W1 . 1374.It Cm month 1375One generation file set element is generated per month. 1376The 1377file name suffix consists of a dot, a 4\-digit year number, and 1378a 2\-digit month. 1379.It Cm year 1380One generation file element is generated per year. 1381The filename 1382suffix consists of a dot and a 4 digit year number. 1383.It Cm age 1384This type of file generation sets changes to a new element of 1385the file set every 24 hours of server operation. 1386The filename 1387suffix consists of a dot, the letter 1388.Cm a , 1389and an 8\-digit number. 1390This number is taken to be the number of seconds the server is 1391running at the start of the corresponding 24\-hour period. 1392Information is only written to a file generation by specifying 1393.Cm enable ; 1394output is prevented by specifying 1395.Cm disable . 1396.El 1397.It Cm link | nolink 1398It is convenient to be able to access the current element of a file 1399generation set by a fixed name. 1400This feature is enabled by 1401specifying 1402.Cm link 1403and disabled using 1404.Cm nolink . 1405If link is specified, a 1406hard link from the current file set element to a file without 1407suffix is created. 1408When there is already a file with this name and 1409the number of links of this file is one, it is renamed appending a 1410dot, the letter 1411.Cm C , 1412and the pid of the 1413.Xr ntpd @NTPD_MS@ 1414server process. 1415When the 1416number of links is greater than one, the file is unlinked. 1417This 1418allows the current file to be accessed by a constant name. 1419.It Cm enable \&| Cm disable 1420Enables or disables the recording function. 1421.El 1422.El 1423.El 1424.Sh Access Control Support 1425The 1426.Xr ntpd @NTPD_MS@ 1427daemon implements a general purpose address/mask based restriction 1428list. 1429The list contains address/match entries sorted first 1430by increasing address values and and then by increasing mask values. 1431A match occurs when the bitwise AND of the mask and the packet 1432source address is equal to the bitwise AND of the mask and 1433address in the list. 1434The list is searched in order with the 1435last match found defining the restriction flags associated 1436with the entry. 1437Additional information and examples can be found in the 1438.Qq Notes on Configuring NTP and Setting up a NTP Subnet 1439page 1440(available as part of the HTML documentation 1441provided in 1442.Pa /usr/share/doc/ntp ) . 1443.Pp 1444The restriction facility was implemented in conformance 1445with the access policies for the original NSFnet backbone 1446time servers. 1447Later the facility was expanded to deflect 1448cryptographic and clogging attacks. 1449While this facility may 1450be useful for keeping unwanted or broken or malicious clients 1451from congesting innocent servers, it should not be considered 1452an alternative to the NTP authentication facilities. 1453Source address based restrictions are easily circumvented 1454by a determined cracker. 1455.Pp 1456Clients can be denied service because they are explicitly 1457included in the restrict list created by the 1458.Ic restrict 1459command 1460or implicitly as the result of cryptographic or rate limit 1461violations. 1462Cryptographic violations include certificate 1463or identity verification failure; rate limit violations generally 1464result from defective NTP implementations that send packets 1465at abusive rates. 1466Some violations cause denied service 1467only for the offending packet, others cause denied service 1468for a timed period and others cause the denied service for 1469an indefinite period. 1470When a client or network is denied access 1471for an indefinite period, the only way at present to remove 1472the restrictions is by restarting the server. 1473.Ss The Kiss\-of\-Death Packet 1474Ordinarily, packets denied service are simply dropped with no 1475further action except incrementing statistics counters. 1476Sometimes a 1477more proactive response is needed, such as a server message that 1478explicitly requests the client to stop sending and leave a message 1479for the system operator. 1480A special packet format has been created 1481for this purpose called the "kiss\-of\-death" (KoD) packet. 1482KoD packets have the leap bits set unsynchronized and stratum set 1483to zero and the reference identifier field set to a four\-byte 1484ASCII code. 1485If the 1486.Cm noserve 1487or 1488.Cm notrust 1489flag of the matching restrict list entry is set, 1490the code is "DENY"; if the 1491.Cm limited 1492flag is set and the rate limit 1493is exceeded, the code is "RATE". 1494Finally, if a cryptographic violation occurs, the code is "CRYP". 1495.Pp 1496A client receiving a KoD performs a set of sanity checks to 1497minimize security exposure, then updates the stratum and 1498reference identifier peer variables, sets the access 1499denied (TEST4) bit in the peer flash variable and sends 1500a message to the log. 1501As long as the TEST4 bit is set, 1502the client will send no further packets to the server. 1503The only way at present to recover from this condition is 1504to restart the protocol at both the client and server. 1505This 1506happens automatically at the client when the association times out. 1507It will happen at the server only if the server operator cooperates. 1508.Ss Access Control Commands 1509.Bl -tag -width indent 1510.It Xo Ic discard 1511.Op Cm average Ar avg 1512.Op Cm minimum Ar min 1513.Op Cm monitor Ar prob 1514.Xc 1515Set the parameters of the 1516.Cm limited 1517facility which protects the server from 1518client abuse. 1519The 1520.Cm average 1521subcommand specifies the minimum average packet 1522spacing, while the 1523.Cm minimum 1524subcommand specifies the minimum packet spacing. 1525Packets that violate these minima are discarded 1526and a kiss\-o'\-death packet returned if enabled. 1527The default 1528minimum average and minimum are 5 and 2, respectively. 1529The 1530.Ic monitor 1531subcommand specifies the probability of discard 1532for packets that overflow the rate\-control window. 1533.It Xo Ic restrict address 1534.Op Cm mask Ar mask 1535.Op Ar flag ... 1536.Xc 1537The 1538.Ar address 1539argument expressed in 1540dotted\-quad form is the address of a host or network. 1541Alternatively, the 1542.Ar address 1543argument can be a valid host DNS name. 1544The 1545.Ar mask 1546argument expressed in dotted\-quad form defaults to 1547.Cm 255.255.255.255 , 1548meaning that the 1549.Ar address 1550is treated as the address of an individual host. 1551A default entry (address 1552.Cm 0.0.0.0 , 1553mask 1554.Cm 0.0.0.0 ) 1555is always included and is always the first entry in the list. 1556Note that text string 1557.Cm default , 1558with no mask option, may 1559be used to indicate the default entry. 1560In the current implementation, 1561.Cm flag 1562always 1563restricts access, i.e., an entry with no flags indicates that free 1564access to the server is to be given. 1565The flags are not orthogonal, 1566in that more restrictive flags will often make less restrictive 1567ones redundant. 1568The flags can generally be classed into two 1569categories, those which restrict time service and those which 1570restrict informational queries and attempts to do run\-time 1571reconfiguration of the server. 1572One or more of the following flags 1573may be specified: 1574.Bl -tag -width indent 1575.It Cm ignore 1576Deny packets of all kinds, including 1577.Xr ntpq @NTPQ_MS@ 1578and 1579.Xr ntpdc @NTPDC_MS@ 1580queries. 1581.It Cm kod 1582If this flag is set when an access violation occurs, a kiss\-o'\-death 1583(KoD) packet is sent. 1584KoD packets are rate limited to no more than one 1585per second. 1586If another KoD packet occurs within one second after the 1587last one, the packet is dropped. 1588.It Cm limited 1589Deny service if the packet spacing violates the lower limits specified 1590in the 1591.Ic discard 1592command. 1593A history of clients is kept using the 1594monitoring capability of 1595.Xr ntpd @NTPD_MS@ . 1596Thus, monitoring is always active as 1597long as there is a restriction entry with the 1598.Cm limited 1599flag. 1600.It Cm lowpriotrap 1601Declare traps set by matching hosts to be low priority. 1602The 1603number of traps a server can maintain is limited (the current limit 1604is 3). 1605Traps are usually assigned on a first come, first served 1606basis, with later trap requestors being denied service. 1607This flag 1608modifies the assignment algorithm by allowing low priority traps to 1609be overridden by later requests for normal priority traps. 1610.It Cm nomodify 1611Deny 1612.Xr ntpq @NTPQ_MS@ 1613and 1614.Xr ntpdc @NTPDC_MS@ 1615queries which attempt to modify the state of the 1616server (i.e., run time reconfiguration). 1617Queries which return 1618information are permitted. 1619.It Cm noquery 1620Deny 1621.Xr ntpq @NTPQ_MS@ 1622and 1623.Xr ntpdc @NTPDC_MS@ 1624queries. 1625Time service is not affected. 1626.It Cm nopeer 1627Deny packets which would result in mobilizing a new association. 1628This 1629includes broadcast and symmetric active packets when a configured 1630association does not exist. 1631It also includes 1632.Cm pool 1633associations, so if you want to use servers from a 1634.Cm pool 1635directive and also want to use 1636.Cm nopeer 1637by default, you'll want a 1638.Cm "restrict source ..." line as well that does 1639.It not 1640include the 1641.Cm nopeer 1642directive. 1643.It Cm noserve 1644Deny all packets except 1645.Xr ntpq @NTPQ_MS@ 1646and 1647.Xr ntpdc @NTPDC_MS@ 1648queries. 1649.It Cm notrap 1650Decline to provide mode 6 control message trap service to matching 1651hosts. 1652The trap service is a subsystem of the 1653.Xr ntpq @NTPQ_MS@ 1654control message 1655protocol which is intended for use by remote event logging programs. 1656.It Cm notrust 1657Deny service unless the packet is cryptographically authenticated. 1658.It Cm ntpport 1659This is actually a match algorithm modifier, rather than a 1660restriction flag. 1661Its presence causes the restriction entry to be 1662matched only if the source port in the packet is the standard NTP 1663UDP port (123). 1664Both 1665.Cm ntpport 1666and 1667.Cm non\-ntpport 1668may 1669be specified. 1670The 1671.Cm ntpport 1672is considered more specific and 1673is sorted later in the list. 1674.It Cm version 1675Deny packets that do not match the current NTP version. 1676.El 1677.Pp 1678Default restriction list entries with the flags ignore, interface, 1679ntpport, for each of the local host's interface addresses are 1680inserted into the table at startup to prevent the server 1681from attempting to synchronize to its own time. 1682A default entry is also always present, though if it is 1683otherwise unconfigured; no flags are associated 1684with the default entry (i.e., everything besides your own 1685NTP server is unrestricted). 1686.El 1687.Sh Automatic NTP Configuration Options 1688.Ss Manycasting 1689Manycasting is a automatic discovery and configuration paradigm 1690new to NTPv4. 1691It is intended as a means for a multicast client 1692to troll the nearby network neighborhood to find cooperating 1693manycast servers, validate them using cryptographic means 1694and evaluate their time values with respect to other servers 1695that might be lurking in the vicinity. 1696The intended result is that each manycast client mobilizes 1697client associations with some number of the "best" 1698of the nearby manycast servers, yet automatically reconfigures 1699to sustain this number of servers should one or another fail. 1700.Pp 1701Note that the manycasting paradigm does not coincide 1702with the anycast paradigm described in RFC\-1546, 1703which is designed to find a single server from a clique 1704of servers providing the same service. 1705The manycast paradigm is designed to find a plurality 1706of redundant servers satisfying defined optimality criteria. 1707.Pp 1708Manycasting can be used with either symmetric key 1709or public key cryptography. 1710The public key infrastructure (PKI) 1711offers the best protection against compromised keys 1712and is generally considered stronger, at least with relatively 1713large key sizes. 1714It is implemented using the Autokey protocol and 1715the OpenSSL cryptographic library available from 1716.Li http://www.openssl.org/ . 1717The library can also be used with other NTPv4 modes 1718as well and is highly recommended, especially for broadcast modes. 1719.Pp 1720A persistent manycast client association is configured 1721using the 1722.Ic manycastclient 1723command, which is similar to the 1724.Ic server 1725command but with a multicast (IPv4 class 1726.Cm D 1727or IPv6 prefix 1728.Cm FF ) 1729group address. 1730The IANA has designated IPv4 address 224.1.1.1 1731and IPv6 address FF05::101 (site local) for NTP. 1732When more servers are needed, it broadcasts manycast 1733client messages to this address at the minimum feasible rate 1734and minimum feasible time\-to\-live (TTL) hops, depending 1735on how many servers have already been found. 1736There can be as many manycast client associations 1737as different group address, each one serving as a template 1738for a future ephemeral unicast client/server association. 1739.Pp 1740Manycast servers configured with the 1741.Ic manycastserver 1742command listen on the specified group address for manycast 1743client messages. 1744Note the distinction between manycast client, 1745which actively broadcasts messages, and manycast server, 1746which passively responds to them. 1747If a manycast server is 1748in scope of the current TTL and is itself synchronized 1749to a valid source and operating at a stratum level equal 1750to or lower than the manycast client, it replies to the 1751manycast client message with an ordinary unicast server message. 1752.Pp 1753The manycast client receiving this message mobilizes 1754an ephemeral client/server association according to the 1755matching manycast client template, but only if cryptographically 1756authenticated and the server stratum is less than or equal 1757to the client stratum. 1758Authentication is explicitly required 1759and either symmetric key or public key (Autokey) can be used. 1760Then, the client polls the server at its unicast address 1761in burst mode in order to reliably set the host clock 1762and validate the source. 1763This normally results 1764in a volley of eight client/server at 2\-s intervals 1765during which both the synchronization and cryptographic 1766protocols run concurrently. 1767Following the volley, 1768the client runs the NTP intersection and clustering 1769algorithms, which act to discard all but the "best" 1770associations according to stratum and synchronization 1771distance. 1772The surviving associations then continue 1773in ordinary client/server mode. 1774.Pp 1775The manycast client polling strategy is designed to reduce 1776as much as possible the volume of manycast client messages 1777and the effects of implosion due to near\-simultaneous 1778arrival of manycast server messages. 1779The strategy is determined by the 1780.Ic manycastclient , 1781.Ic tos 1782and 1783.Ic ttl 1784configuration commands. 1785The manycast poll interval is 1786normally eight times the system poll interval, 1787which starts out at the 1788.Cm minpoll 1789value specified in the 1790.Ic manycastclient , 1791command and, under normal circumstances, increments to the 1792.Cm maxpolll 1793value specified in this command. 1794Initially, the TTL is 1795set at the minimum hops specified by the 1796.Ic ttl 1797command. 1798At each retransmission the TTL is increased until reaching 1799the maximum hops specified by this command or a sufficient 1800number client associations have been found. 1801Further retransmissions use the same TTL. 1802.Pp 1803The quality and reliability of the suite of associations 1804discovered by the manycast client is determined by the NTP 1805mitigation algorithms and the 1806.Cm minclock 1807and 1808.Cm minsane 1809values specified in the 1810.Ic tos 1811configuration command. 1812At least 1813.Cm minsane 1814candidate servers must be available and the mitigation 1815algorithms produce at least 1816.Cm minclock 1817survivors in order to synchronize the clock. 1818Byzantine agreement principles require at least four 1819candidates in order to correctly discard a single falseticker. 1820For legacy purposes, 1821.Cm minsane 1822defaults to 1 and 1823.Cm minclock 1824defaults to 3. 1825For manycast service 1826.Cm minsane 1827should be explicitly set to 4, assuming at least that 1828number of servers are available. 1829.Pp 1830If at least 1831.Cm minclock 1832servers are found, the manycast poll interval is immediately 1833set to eight times 1834.Cm maxpoll . 1835If less than 1836.Cm minclock 1837servers are found when the TTL has reached the maximum hops, 1838the manycast poll interval is doubled. 1839For each transmission 1840after that, the poll interval is doubled again until 1841reaching the maximum of eight times 1842.Cm maxpoll . 1843Further transmissions use the same poll interval and 1844TTL values. 1845Note that while all this is going on, 1846each client/server association found is operating normally 1847it the system poll interval. 1848.Pp 1849Administratively scoped multicast boundaries are normally 1850specified by the network router configuration and, 1851in the case of IPv6, the link/site scope prefix. 1852By default, the increment for TTL hops is 32 starting 1853from 31; however, the 1854.Ic ttl 1855configuration command can be 1856used to modify the values to match the scope rules. 1857.Pp 1858It is often useful to narrow the range of acceptable 1859servers which can be found by manycast client associations. 1860Because manycast servers respond only when the client 1861stratum is equal to or greater than the server stratum, 1862primary (stratum 1) servers fill find only primary servers 1863in TTL range, which is probably the most common objective. 1864However, unless configured otherwise, all manycast clients 1865in TTL range will eventually find all primary servers 1866in TTL range, which is probably not the most common 1867objective in large networks. 1868The 1869.Ic tos 1870command can be used to modify this behavior. 1871Servers with stratum below 1872.Cm floor 1873or above 1874.Cm ceiling 1875specified in the 1876.Ic tos 1877command are strongly discouraged during the selection 1878process; however, these servers may be temporally 1879accepted if the number of servers within TTL range is 1880less than 1881.Cm minclock . 1882.Pp 1883The above actions occur for each manycast client message, 1884which repeats at the designated poll interval. 1885However, once the ephemeral client association is mobilized, 1886subsequent manycast server replies are discarded, 1887since that would result in a duplicate association. 1888If during a poll interval the number of client associations 1889falls below 1890.Cm minclock , 1891all manycast client prototype associations are reset 1892to the initial poll interval and TTL hops and operation 1893resumes from the beginning. 1894It is important to avoid 1895frequent manycast client messages, since each one requires 1896all manycast servers in TTL range to respond. 1897The result could well be an implosion, either minor or major, 1898depending on the number of servers in range. 1899The recommended value for 1900.Cm maxpoll 1901is 12 (4,096 s). 1902.Pp 1903It is possible and frequently useful to configure a host 1904as both manycast client and manycast server. 1905A number of hosts configured this way and sharing a common 1906group address will automatically organize themselves 1907in an optimum configuration based on stratum and 1908synchronization distance. 1909For example, consider an NTP 1910subnet of two primary servers and a hundred or more 1911dependent clients. 1912With two exceptions, all servers 1913and clients have identical configuration files including both 1914.Ic multicastclient 1915and 1916.Ic multicastserver 1917commands using, for instance, multicast group address 1918239.1.1.1. 1919The only exception is that each primary server 1920configuration file must include commands for the primary 1921reference source such as a GPS receiver. 1922.Pp 1923The remaining configuration files for all secondary 1924servers and clients have the same contents, except for the 1925.Ic tos 1926command, which is specific for each stratum level. 1927For stratum 1 and stratum 2 servers, that command is 1928not necessary. 1929For stratum 3 and above servers the 1930.Cm floor 1931value is set to the intended stratum number. 1932Thus, all stratum 3 configuration files are identical, 1933all stratum 4 files are identical and so forth. 1934.Pp 1935Once operations have stabilized in this scenario, 1936the primary servers will find the primary reference source 1937and each other, since they both operate at the same 1938stratum (1), but not with any secondary server or client, 1939since these operate at a higher stratum. 1940The secondary 1941servers will find the servers at the same stratum level. 1942If one of the primary servers loses its GPS receiver, 1943it will continue to operate as a client and other clients 1944will time out the corresponding association and 1945re\-associate accordingly. 1946.Pp 1947Some administrators prefer to avoid running 1948.Xr ntpd @NTPD_MS@ 1949continuously and run either 1950.Xr sntp @SNTP_MS@ 1951or 1952.Xr ntpd @NTPD_MS@ 1953.Fl q 1954as a cron job. 1955In either case the servers must be 1956configured in advance and the program fails if none are 1957available when the cron job runs. 1958A really slick 1959application of manycast is with 1960.Xr ntpd @NTPD_MS@ 1961.Fl q . 1962The program wakes up, scans the local landscape looking 1963for the usual suspects, selects the best from among 1964the rascals, sets the clock and then departs. 1965Servers do not have to be configured in advance and 1966all clients throughout the network can have the same 1967configuration file. 1968.Ss Manycast Interactions with Autokey 1969Each time a manycast client sends a client mode packet 1970to a multicast group address, all manycast servers 1971in scope generate a reply including the host name 1972and status word. 1973The manycast clients then run 1974the Autokey protocol, which collects and verifies 1975all certificates involved. 1976Following the burst interval 1977all but three survivors are cast off, 1978but the certificates remain in the local cache. 1979It often happens that several complete signing trails 1980from the client to the primary servers are collected in this way. 1981.Pp 1982About once an hour or less often if the poll interval 1983exceeds this, the client regenerates the Autokey key list. 1984This is in general transparent in client/server mode. 1985However, about once per day the server private value 1986used to generate cookies is refreshed along with all 1987manycast client associations. 1988In this case all 1989cryptographic values including certificates is refreshed. 1990If a new certificate has been generated since 1991the last refresh epoch, it will automatically revoke 1992all prior certificates that happen to be in the 1993certificate cache. 1994At the same time, the manycast 1995scheme starts all over from the beginning and 1996the expanding ring shrinks to the minimum and increments 1997from there while collecting all servers in scope. 1998.Ss Broadcast Options 1999.Bl -tag -width indent 2000.It Xo Ic tos 2001.Oo 2002.Cm bcpollbstep Ar gate 2003.Oc 2004.Xc 2005This command provides a way to delay, 2006by the specified number of broadcast poll intervals, 2007believing backward time steps from a broadcast server. 2008Broadcast time networks are expected to be trusted. 2009In the event a broadcast server's time is stepped backwards, 2010there is clear benefit to having the clients notice this change 2011as soon as possible. 2012Attacks such as replay attacks can happen, however, 2013and even though there are a number of protections built in to 2014broadcast mode, attempts to perform a replay attack are possible. 2015This value defaults to 0, but can be changed 2016to any number of poll intervals between 0 and 4. 2017.Ss Manycast Options 2018.Bl -tag -width indent 2019.It Xo Ic tos 2020.Oo 2021.Cm ceiling Ar ceiling | 2022.Cm cohort { 0 | 1 } | 2023.Cm floor Ar floor | 2024.Cm minclock Ar minclock | 2025.Cm minsane Ar minsane 2026.Oc 2027.Xc 2028This command affects the clock selection and clustering 2029algorithms. 2030It can be used to select the quality and 2031quantity of peers used to synchronize the system clock 2032and is most useful in manycast mode. 2033The variables operate 2034as follows: 2035.Bl -tag -width indent 2036.It Cm ceiling Ar ceiling 2037Peers with strata above 2038.Cm ceiling 2039will be discarded if there are at least 2040.Cm minclock 2041peers remaining. 2042This value defaults to 15, but can be changed 2043to any number from 1 to 15. 2044.It Cm cohort Bro 0 | 1 Brc 2045This is a binary flag which enables (0) or disables (1) 2046manycast server replies to manycast clients with the same 2047stratum level. 2048This is useful to reduce implosions where 2049large numbers of clients with the same stratum level 2050are present. 2051The default is to enable these replies. 2052.It Cm floor Ar floor 2053Peers with strata below 2054.Cm floor 2055will be discarded if there are at least 2056.Cm minclock 2057peers remaining. 2058This value defaults to 1, but can be changed 2059to any number from 1 to 15. 2060.It Cm minclock Ar minclock 2061The clustering algorithm repeatedly casts out outlier 2062associations until no more than 2063.Cm minclock 2064associations remain. 2065This value defaults to 3, 2066but can be changed to any number from 1 to the number of 2067configured sources. 2068.It Cm minsane Ar minsane 2069This is the minimum number of candidates available 2070to the clock selection algorithm in order to produce 2071one or more truechimers for the clustering algorithm. 2072If fewer than this number are available, the clock is 2073undisciplined and allowed to run free. 2074The default is 1 2075for legacy purposes. 2076However, according to principles of 2077Byzantine agreement, 2078.Cm minsane 2079should be at least 4 in order to detect and discard 2080a single falseticker. 2081.El 2082.It Cm ttl Ar hop ... 2083This command specifies a list of TTL values in increasing 2084order, up to 8 values can be specified. 2085In manycast mode these values are used in turn 2086in an expanding\-ring search. 2087The default is eight 2088multiples of 32 starting at 31. 2089.El 2090.Sh Reference Clock Support 2091The NTP Version 4 daemon supports some three dozen different radio, 2092satellite and modem reference clocks plus a special pseudo\-clock 2093used for backup or when no other clock source is available. 2094Detailed descriptions of individual device drivers and options can 2095be found in the 2096.Qq Reference Clock Drivers 2097page 2098(available as part of the HTML documentation 2099provided in 2100.Pa /usr/share/doc/ntp ) . 2101Additional information can be found in the pages linked 2102there, including the 2103.Qq Debugging Hints for Reference Clock Drivers 2104and 2105.Qq How To Write a Reference Clock Driver 2106pages 2107(available as part of the HTML documentation 2108provided in 2109.Pa /usr/share/doc/ntp ) . 2110In addition, support for a PPS 2111signal is available as described in the 2112.Qq Pulse\-per\-second (PPS) Signal Interfacing 2113page 2114(available as part of the HTML documentation 2115provided in 2116.Pa /usr/share/doc/ntp ) . 2117Many 2118drivers support special line discipline/streams modules which can 2119significantly improve the accuracy using the driver. 2120These are 2121described in the 2122.Qq Line Disciplines and Streams Drivers 2123page 2124(available as part of the HTML documentation 2125provided in 2126.Pa /usr/share/doc/ntp ) . 2127.Pp 2128A reference clock will generally (though not always) be a radio 2129timecode receiver which is synchronized to a source of standard 2130time such as the services offered by the NRC in Canada and NIST and 2131USNO in the US. 2132The interface between the computer and the timecode 2133receiver is device dependent, but is usually a serial port. 2134A 2135device driver specific to each reference clock must be selected and 2136compiled in the distribution; however, most common radio, satellite 2137and modem clocks are included by default. 2138Note that an attempt to 2139configure a reference clock when the driver has not been compiled 2140or the hardware port has not been appropriately configured results 2141in a scalding remark to the system log file, but is otherwise non 2142hazardous. 2143.Pp 2144For the purposes of configuration, 2145.Xr ntpd @NTPD_MS@ 2146treats 2147reference clocks in a manner analogous to normal NTP peers as much 2148as possible. 2149Reference clocks are identified by a syntactically 2150correct but invalid IP address, in order to distinguish them from 2151normal NTP peers. 2152Reference clock addresses are of the form 2153.Sm off 2154.Li 127.127. Ar t . Ar u , 2155.Sm on 2156where 2157.Ar t 2158is an integer 2159denoting the clock type and 2160.Ar u 2161indicates the unit 2162number in the range 0\-3. 2163While it may seem overkill, it is in fact 2164sometimes useful to configure multiple reference clocks of the same 2165type, in which case the unit numbers must be unique. 2166.Pp 2167The 2168.Ic server 2169command is used to configure a reference 2170clock, where the 2171.Ar address 2172argument in that command 2173is the clock address. 2174The 2175.Cm key , 2176.Cm version 2177and 2178.Cm ttl 2179options are not used for reference clock support. 2180The 2181.Cm mode 2182option is added for reference clock support, as 2183described below. 2184The 2185.Cm prefer 2186option can be useful to 2187persuade the server to cherish a reference clock with somewhat more 2188enthusiasm than other reference clocks or peers. 2189Further 2190information on this option can be found in the 2191.Qq Mitigation Rules and the prefer Keyword 2192(available as part of the HTML documentation 2193provided in 2194.Pa /usr/share/doc/ntp ) 2195page. 2196The 2197.Cm minpoll 2198and 2199.Cm maxpoll 2200options have 2201meaning only for selected clock drivers. 2202See the individual clock 2203driver document pages for additional information. 2204.Pp 2205The 2206.Ic fudge 2207command is used to provide additional 2208information for individual clock drivers and normally follows 2209immediately after the 2210.Ic server 2211command. 2212The 2213.Ar address 2214argument specifies the clock address. 2215The 2216.Cm refid 2217and 2218.Cm stratum 2219options can be used to 2220override the defaults for the device. 2221There are two optional 2222device\-dependent time offsets and four flags that can be included 2223in the 2224.Ic fudge 2225command as well. 2226.Pp 2227The stratum number of a reference clock is by default zero. 2228Since the 2229.Xr ntpd @NTPD_MS@ 2230daemon adds one to the stratum of each 2231peer, a primary server ordinarily displays an external stratum of 2232one. 2233In order to provide engineered backups, it is often useful to 2234specify the reference clock stratum as greater than zero. 2235The 2236.Cm stratum 2237option is used for this purpose. 2238Also, in cases 2239involving both a reference clock and a pulse\-per\-second (PPS) 2240discipline signal, it is useful to specify the reference clock 2241identifier as other than the default, depending on the driver. 2242The 2243.Cm refid 2244option is used for this purpose. 2245Except where noted, 2246these options apply to all clock drivers. 2247.Ss Reference Clock Commands 2248.Bl -tag -width indent 2249.It Xo Ic server 2250.Sm off 2251.Li 127.127. Ar t . Ar u 2252.Sm on 2253.Op Cm prefer 2254.Op Cm mode Ar int 2255.Op Cm minpoll Ar int 2256.Op Cm maxpoll Ar int 2257.Xc 2258This command can be used to configure reference clocks in 2259special ways. 2260The options are interpreted as follows: 2261.Bl -tag -width indent 2262.It Cm prefer 2263Marks the reference clock as preferred. 2264All other things being 2265equal, this host will be chosen for synchronization among a set of 2266correctly operating hosts. 2267See the 2268.Qq Mitigation Rules and the prefer Keyword 2269page 2270(available as part of the HTML documentation 2271provided in 2272.Pa /usr/share/doc/ntp ) 2273for further information. 2274.It Cm mode Ar int 2275Specifies a mode number which is interpreted in a 2276device\-specific fashion. 2277For instance, it selects a dialing 2278protocol in the ACTS driver and a device subtype in the 2279parse 2280drivers. 2281.It Cm minpoll Ar int 2282.It Cm maxpoll Ar int 2283These options specify the minimum and maximum polling interval 2284for reference clock messages, as a power of 2 in seconds 2285For 2286most directly connected reference clocks, both 2287.Cm minpoll 2288and 2289.Cm maxpoll 2290default to 6 (64 s). 2291For modem reference clocks, 2292.Cm minpoll 2293defaults to 10 (17.1 m) and 2294.Cm maxpoll 2295defaults to 14 (4.5 h). 2296The allowable range is 4 (16 s) to 17 (36.4 h) inclusive. 2297.El 2298.It Xo Ic fudge 2299.Sm off 2300.Li 127.127. Ar t . Ar u 2301.Sm on 2302.Op Cm time1 Ar sec 2303.Op Cm time2 Ar sec 2304.Op Cm stratum Ar int 2305.Op Cm refid Ar string 2306.Op Cm mode Ar int 2307.Op Cm flag1 Cm 0 \&| Cm 1 2308.Op Cm flag2 Cm 0 \&| Cm 1 2309.Op Cm flag3 Cm 0 \&| Cm 1 2310.Op Cm flag4 Cm 0 \&| Cm 1 2311.Xc 2312This command can be used to configure reference clocks in 2313special ways. 2314It must immediately follow the 2315.Ic server 2316command which configures the driver. 2317Note that the same capability 2318is possible at run time using the 2319.Xr ntpdc @NTPDC_MS@ 2320program. 2321The options are interpreted as 2322follows: 2323.Bl -tag -width indent 2324.It Cm time1 Ar sec 2325Specifies a constant to be added to the time offset produced by 2326the driver, a fixed\-point decimal number in seconds. 2327This is used 2328as a calibration constant to adjust the nominal time offset of a 2329particular clock to agree with an external standard, such as a 2330precision PPS signal. 2331It also provides a way to correct a 2332systematic error or bias due to serial port or operating system 2333latencies, different cable lengths or receiver internal delay. 2334The 2335specified offset is in addition to the propagation delay provided 2336by other means, such as internal DIPswitches. 2337Where a calibration 2338for an individual system and driver is available, an approximate 2339correction is noted in the driver documentation pages. 2340Note: in order to facilitate calibration when more than one 2341radio clock or PPS signal is supported, a special calibration 2342feature is available. 2343It takes the form of an argument to the 2344.Ic enable 2345command described in 2346.Sx Miscellaneous Options 2347page and operates as described in the 2348.Qq Reference Clock Drivers 2349page 2350(available as part of the HTML documentation 2351provided in 2352.Pa /usr/share/doc/ntp ) . 2353.It Cm time2 Ar secs 2354Specifies a fixed\-point decimal number in seconds, which is 2355interpreted in a driver\-dependent way. 2356See the descriptions of 2357specific drivers in the 2358.Qq Reference Clock Drivers 2359page 2360(available as part of the HTML documentation 2361provided in 2362.Pa /usr/share/doc/ntp ) . 2363.It Cm stratum Ar int 2364Specifies the stratum number assigned to the driver, an integer 2365between 0 and 15. 2366This number overrides the default stratum number 2367ordinarily assigned by the driver itself, usually zero. 2368.It Cm refid Ar string 2369Specifies an ASCII string of from one to four characters which 2370defines the reference identifier used by the driver. 2371This string 2372overrides the default identifier ordinarily assigned by the driver 2373itself. 2374.It Cm mode Ar int 2375Specifies a mode number which is interpreted in a 2376device\-specific fashion. 2377For instance, it selects a dialing 2378protocol in the ACTS driver and a device subtype in the 2379parse 2380drivers. 2381.It Cm flag1 Cm 0 \&| Cm 1 2382.It Cm flag2 Cm 0 \&| Cm 1 2383.It Cm flag3 Cm 0 \&| Cm 1 2384.It Cm flag4 Cm 0 \&| Cm 1 2385These four flags are used for customizing the clock driver. 2386The 2387interpretation of these values, and whether they are used at all, 2388is a function of the particular clock driver. 2389However, by 2390convention 2391.Cm flag4 2392is used to enable recording monitoring 2393data to the 2394.Cm clockstats 2395file configured with the 2396.Ic filegen 2397command. 2398Further information on the 2399.Ic filegen 2400command can be found in 2401.Sx Monitoring Options . 2402.El 2403.El 2404.Sh Miscellaneous Options 2405.Bl -tag -width indent 2406.It Ic broadcastdelay Ar seconds 2407The broadcast and multicast modes require a special calibration 2408to determine the network delay between the local and remote 2409servers. 2410Ordinarily, this is done automatically by the initial 2411protocol exchanges between the client and server. 2412In some cases, 2413the calibration procedure may fail due to network or server access 2414controls, for example. 2415This command specifies the default delay to 2416be used under these circumstances. 2417Typically (for Ethernet), a 2418number between 0.003 and 0.007 seconds is appropriate. 2419The default 2420when this command is not used is 0.004 seconds. 2421.It Ic calldelay Ar delay 2422This option controls the delay in seconds between the first and second 2423packets sent in burst or iburst mode to allow additional time for a modem 2424or ISDN call to complete. 2425.It Ic driftfile Ar driftfile 2426This command specifies the complete path and name of the file used to 2427record the frequency of the local clock oscillator. 2428This is the same 2429operation as the 2430.Fl f 2431command line option. 2432If the file exists, it is read at 2433startup in order to set the initial frequency and then updated once per 2434hour with the current frequency computed by the daemon. 2435If the file name is 2436specified, but the file itself does not exist, the starts with an initial 2437frequency of zero and creates the file when writing it for the first time. 2438If this command is not given, the daemon will always start with an initial 2439frequency of zero. 2440.Pp 2441The file format consists of a single line containing a single 2442floating point number, which records the frequency offset measured 2443in parts\-per\-million (PPM). 2444The file is updated by first writing 2445the current drift value into a temporary file and then renaming 2446this file to replace the old version. 2447This implies that 2448.Xr ntpd @NTPD_MS@ 2449must have write permission for the directory the 2450drift file is located in, and that file system links, symbolic or 2451otherwise, should be avoided. 2452.It Ic dscp Ar value 2453This option specifies the Differentiated Services Control Point (DSCP) value, 2454a 6\-bit code. 2455The default value is 46, signifying Expedited Forwarding. 2456.It Xo Ic enable 2457.Oo 2458.Cm auth | Cm bclient | 2459.Cm calibrate | Cm kernel | 2460.Cm mode7 | Cm monitor | 2461.Cm ntp | Cm stats | 2462.Cm peer_clear_digest_early | 2463.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early 2464.Oc 2465.Xc 2466.It Xo Ic disable 2467.Oo 2468.Cm auth | Cm bclient | 2469.Cm calibrate | Cm kernel | 2470.Cm mode7 | Cm monitor | 2471.Cm ntp | Cm stats | 2472.Cm peer_clear_digest_early | 2473.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early 2474.Oc 2475.Xc 2476Provides a way to enable or disable various server options. 2477Flags not mentioned are unaffected. 2478Note that all of these flags 2479can be controlled remotely using the 2480.Xr ntpdc @NTPDC_MS@ 2481utility program. 2482.Bl -tag -width indent 2483.It Cm auth 2484Enables the server to synchronize with unconfigured peers only if the 2485peer has been correctly authenticated using either public key or 2486private key cryptography. 2487The default for this flag is 2488.Ic enable . 2489.It Cm bclient 2490Enables the server to listen for a message from a broadcast or 2491multicast server, as in the 2492.Ic multicastclient 2493command with default 2494address. 2495The default for this flag is 2496.Ic disable . 2497.It Cm calibrate 2498Enables the calibrate feature for reference clocks. 2499The default for 2500this flag is 2501.Ic disable . 2502.It Cm kernel 2503Enables the kernel time discipline, if available. 2504The default for this 2505flag is 2506.Ic enable 2507if support is available, otherwise 2508.Ic disable . 2509.It Cm mode7 2510Enables processing of NTP mode 7 implementation\-specific requests 2511which are used by the deprecated 2512.Xr ntpdc @NTPDC_MS@ 2513program. 2514The default for this flag is disable. 2515This flag is excluded from runtime configuration using 2516.Xr ntpq @NTPQ_MS@ . 2517The 2518.Xr ntpq @NTPQ_MS@ 2519program provides the same capabilities as 2520.Xr ntpdc @NTPDC_MS@ 2521using standard mode 6 requests. 2522.It Cm monitor 2523Enables the monitoring facility. 2524See the 2525.Xr ntpdc @NTPDC_MS@ 2526program 2527and the 2528.Ic monlist 2529command or further information. 2530The 2531default for this flag is 2532.Ic enable . 2533.It Cm ntp 2534Enables time and frequency discipline. 2535In effect, this switch opens and 2536closes the feedback loop, which is useful for testing. 2537The default for 2538this flag is 2539.Ic enable . 2540.It Cm peer_clear_digest_early 2541By default, if 2542.Xr ntpd @NTPD_MS@ 2543is using autokey and it 2544receives a crypto\-NAK packet that 2545passes the duplicate packet and origin timestamp checks 2546the peer variables are immediately cleared. 2547While this is generally a feature 2548as it allows for quick recovery if a server key has changed, 2549a properly forged and appropriately delivered crypto\-NAK packet 2550can be used in a DoS attack. 2551If you have active noticable problems with this type of DoS attack 2552then you should consider 2553disabling this option. 2554You can check your 2555.Cm peerstats 2556file for evidence of any of these attacks. 2557The 2558default for this flag is 2559.Ic enable . 2560.It Cm stats 2561Enables the statistics facility. 2562See the 2563.Sx Monitoring Options 2564section for further information. 2565The default for this flag is 2566.Ic disable . 2567.It Cm unpeer_crypto_early 2568By default, if 2569.Xr ntpd @NTPD_MS@ 2570receives an autokey packet that fails TEST9, 2571a crypto failure, 2572the association is immediately cleared. 2573This is almost certainly a feature, 2574but if, in spite of the current recommendation of not using autokey, 2575you are 2576.B still 2577using autokey 2578.B and 2579you are seeing this sort of DoS attack 2580disabling this flag will delay 2581tearing down the association until the reachability counter 2582becomes zero. 2583You can check your 2584.Cm peerstats 2585file for evidence of any of these attacks. 2586The 2587default for this flag is 2588.Ic enable . 2589.It Cm unpeer_crypto_nak_early 2590By default, if 2591.Xr ntpd @NTPD_MS@ 2592receives a crypto\-NAK packet that 2593passes the duplicate packet and origin timestamp checks 2594the association is immediately cleared. 2595While this is generally a feature 2596as it allows for quick recovery if a server key has changed, 2597a properly forged and appropriately delivered crypto\-NAK packet 2598can be used in a DoS attack. 2599If you have active noticable problems with this type of DoS attack 2600then you should consider 2601disabling this option. 2602You can check your 2603.Cm peerstats 2604file for evidence of any of these attacks. 2605The 2606default for this flag is 2607.Ic enable . 2608.It Cm unpeer_digest_early 2609By default, if 2610.Xr ntpd @NTPD_MS@ 2611receives what should be an authenticated packet 2612that passes other packet sanity checks but 2613contains an invalid digest 2614the association is immediately cleared. 2615While this is generally a feature 2616as it allows for quick recovery, 2617if this type of packet is carefully forged and sent 2618during an appropriate window it can be used for a DoS attack. 2619If you have active noticable problems with this type of DoS attack 2620then you should consider 2621disabling this option. 2622You can check your 2623.Cm peerstats 2624file for evidence of any of these attacks. 2625The 2626default for this flag is 2627.Ic enable . 2628.El 2629.It Ic includefile Ar includefile 2630This command allows additional configuration commands 2631to be included from a separate file. 2632Include files may 2633be nested to a depth of five; upon reaching the end of any 2634include file, command processing resumes in the previous 2635configuration file. 2636This option is useful for sites that run 2637.Xr ntpd @NTPD_MS@ 2638on multiple hosts, with (mostly) common options (e.g., a 2639restriction list). 2640.It Ic leapsmearinterval Ar seconds 2641This EXPERIMENTAL option is only available if 2642.Xr ntpd @NTPD_MS@ 2643was built with the 2644.Cm \-\-enable\-leap\-smear 2645option to the 2646.Cm configure 2647script. 2648It specifies the interval over which a leap second correction will be applied. 2649Recommended values for this option are between 26507200 (2 hours) and 86400 (24 hours). 2651.Sy DO NOT USE THIS OPTION ON PUBLIC\-ACCESS SERVERS! 2652See http://bugs.ntp.org/2855 for more information. 2653.It Ic logconfig Ar configkeyword 2654This command controls the amount and type of output written to 2655the system 2656.Xr syslog 3 2657facility or the alternate 2658.Ic logfile 2659log file. 2660By default, all output is turned on. 2661All 2662.Ar configkeyword 2663keywords can be prefixed with 2664.Ql = , 2665.Ql + 2666and 2667.Ql \- , 2668where 2669.Ql = 2670sets the 2671.Xr syslog 3 2672priority mask, 2673.Ql + 2674adds and 2675.Ql \- 2676removes 2677messages. 2678.Xr syslog 3 2679messages can be controlled in four 2680classes 2681.Po 2682.Cm clock , 2683.Cm peer , 2684.Cm sys 2685and 2686.Cm sync 2687.Pc . 2688Within these classes four types of messages can be 2689controlled: informational messages 2690.Po 2691.Cm info 2692.Pc , 2693event messages 2694.Po 2695.Cm events 2696.Pc , 2697statistics messages 2698.Po 2699.Cm statistics 2700.Pc 2701and 2702status messages 2703.Po 2704.Cm status 2705.Pc . 2706.Pp 2707Configuration keywords are formed by concatenating the message class with 2708the event class. 2709The 2710.Cm all 2711prefix can be used instead of a message class. 2712A 2713message class may also be followed by the 2714.Cm all 2715keyword to enable/disable all 2716messages of the respective message class. 2717Thus, a minimal log configuration 2718could look like this: 2719.Bd -literal 2720logconfig =syncstatus +sysevents 2721.Ed 2722.Pp 2723This would just list the synchronizations state of 2724.Xr ntpd @NTPD_MS@ 2725and the major system events. 2726For a simple reference server, the 2727following minimum message configuration could be useful: 2728.Bd -literal 2729logconfig =syncall +clockall 2730.Ed 2731.Pp 2732This configuration will list all clock information and 2733synchronization information. 2734All other events and messages about 2735peers, system events and so on is suppressed. 2736.It Ic logfile Ar logfile 2737This command specifies the location of an alternate log file to 2738be used instead of the default system 2739.Xr syslog 3 2740facility. 2741This is the same operation as the 2742.Fl l 2743command line option. 2744.It Ic setvar Ar variable Op Cm default 2745This command adds an additional system variable. 2746These 2747variables can be used to distribute additional information such as 2748the access policy. 2749If the variable of the form 2750.Sm off 2751.Va name = Ar value 2752.Sm on 2753is followed by the 2754.Cm default 2755keyword, the 2756variable will be listed as part of the default system variables 2757.Po 2758.Xr ntpq @NTPQ_MS@ 2759.Ic rv 2760command 2761.Pc ) . 2762These additional variables serve 2763informational purposes only. 2764They are not related to the protocol 2765other that they can be listed. 2766The known protocol variables will 2767always override any variables defined via the 2768.Ic setvar 2769mechanism. 2770There are three special variables that contain the names 2771of all variable of the same group. 2772The 2773.Va sys_var_list 2774holds 2775the names of all system variables. 2776The 2777.Va peer_var_list 2778holds 2779the names of all peer variables and the 2780.Va clock_var_list 2781holds the names of the reference clock variables. 2782.It Xo Ic tinker 2783.Oo 2784.Cm allan Ar allan | 2785.Cm dispersion Ar dispersion | 2786.Cm freq Ar freq | 2787.Cm huffpuff Ar huffpuff | 2788.Cm panic Ar panic | 2789.Cm step Ar step | 2790.Cm stepback Ar stepback | 2791.Cm stepfwd Ar stepfwd | 2792.Cm stepout Ar stepout 2793.Oc 2794.Xc 2795This command can be used to alter several system variables in 2796very exceptional circumstances. 2797It should occur in the 2798configuration file before any other configuration options. 2799The 2800default values of these variables have been carefully optimized for 2801a wide range of network speeds and reliability expectations. 2802In 2803general, they interact in intricate ways that are hard to predict 2804and some combinations can result in some very nasty behavior. 2805Very 2806rarely is it necessary to change the default values; but, some 2807folks cannot resist twisting the knobs anyway and this command is 2808for them. 2809Emphasis added: twisters are on their own and can expect 2810no help from the support group. 2811.Pp 2812The variables operate as follows: 2813.Bl -tag -width indent 2814.It Cm allan Ar allan 2815The argument becomes the new value for the minimum Allan 2816intercept, which is a parameter of the PLL/FLL clock discipline 2817algorithm. 2818The value in log2 seconds defaults to 7 (1024 s), which is also the lower 2819limit. 2820.It Cm dispersion Ar dispersion 2821The argument becomes the new value for the dispersion increase rate, 2822normally .000015 s/s. 2823.It Cm freq Ar freq 2824The argument becomes the initial value of the frequency offset in 2825parts\-per\-million. 2826This overrides the value in the frequency file, if 2827present, and avoids the initial training state if it is not. 2828.It Cm huffpuff Ar huffpuff 2829The argument becomes the new value for the experimental 2830huff\-n'\-puff filter span, which determines the most recent interval 2831the algorithm will search for a minimum delay. 2832The lower limit is 2833900 s (15 m), but a more reasonable value is 7200 (2 hours). 2834There 2835is no default, since the filter is not enabled unless this command 2836is given. 2837.It Cm panic Ar panic 2838The argument is the panic threshold, normally 1000 s. 2839If set to zero, 2840the panic sanity check is disabled and a clock offset of any value will 2841be accepted. 2842.It Cm step Ar step 2843The argument is the step threshold, which by default is 0.128 s. 2844It can 2845be set to any positive number in seconds. 2846If set to zero, step 2847adjustments will never occur. 2848Note: The kernel time discipline is 2849disabled if the step threshold is set to zero or greater than the 2850default. 2851.It Cm stepback Ar stepback 2852The argument is the step threshold for the backward direction, 2853which by default is 0.128 s. 2854It can 2855be set to any positive number in seconds. 2856If both the forward and backward step thresholds are set to zero, step 2857adjustments will never occur. 2858Note: The kernel time discipline is 2859disabled if 2860each direction of step threshold are either 2861set to zero or greater than .5 second. 2862.It Cm stepfwd Ar stepfwd 2863As for stepback, but for the forward direction. 2864.It Cm stepout Ar stepout 2865The argument is the stepout timeout, which by default is 900 s. 2866It can 2867be set to any positive number in seconds. 2868If set to zero, the stepout 2869pulses will not be suppressed. 2870.El 2871.It Xo Ic rlimit 2872.Oo 2873.Cm memlock Ar Nmegabytes | 2874.Cm stacksize Ar N4kPages 2875.Cm filenum Ar Nfiledescriptors 2876.Oc 2877.Xc 2878.Bl -tag -width indent 2879.It Cm memlock Ar Nmegabytes 2880Specify the number of megabytes of memory that should be 2881allocated and locked. 2882Probably only available under Linux, this option may be useful 2883when dropping root (the 2884.Fl i 2885option). 2886The default is 32 megabytes on non\-Linux machines, and \-1 under Linux. 2887-1 means "do not lock the process into memory". 28880 means "lock whatever memory the process wants into memory". 2889.It Cm stacksize Ar N4kPages 2890Specifies the maximum size of the process stack on systems with the 2891.Fn mlockall 2892function. 2893Defaults to 50 4k pages (200 4k pages in OpenBSD). 2894.It Cm filenum Ar Nfiledescriptors 2895Specifies the maximum number of file descriptors ntpd may have open at once. 2896Defaults to the system default. 2897.El 2898.It Xo Ic trap Ar host_address 2899.Op Cm port Ar port_number 2900.Op Cm interface Ar interface_address 2901.Xc 2902This command configures a trap receiver at the given host 2903address and port number for sending messages with the specified 2904local interface address. 2905If the port number is unspecified, a value 2906of 18447 is used. 2907If the interface address is not specified, the 2908message is sent with a source address of the local interface the 2909message is sent through. 2910Note that on a multihomed host the 2911interface used may vary from time to time with routing changes. 2912.Pp 2913The trap receiver will generally log event messages and other 2914information from the server in a log file. 2915While such monitor 2916programs may also request their own trap dynamically, configuring a 2917trap receiver will ensure that no messages are lost when the server 2918is started. 2919.It Cm hop Ar ... 2920This command specifies a list of TTL values in increasing order, up to 8 2921values can be specified. 2922In manycast mode these values are used in turn in 2923an expanding\-ring search. 2924The default is eight multiples of 32 starting at 292531. 2926.El 2927.Sh "OPTIONS" 2928.Bl -tag 2929.It Fl \-help 2930Display usage information and exit. 2931.It Fl \-more\-help 2932Pass the extended usage information through a pager. 2933.It Fl \-version Op Brq Ar v|c|n 2934Output version of program and exit. The default mode is `v', a simple 2935version. The `c' mode will print copyright information and `n' will 2936print the full copyright notice. 2937.El 2938.Sh "OPTION PRESETS" 2939Any option that is not marked as \fInot presettable\fP may be preset 2940by loading values from environment variables named: 2941.nf 2942 \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP 2943.fi 2944.ad 2945.Sh "ENVIRONMENT" 2946See \fBOPTION PRESETS\fP for configuration environment variables. 2947.Sh FILES 2948.Bl -tag -width /etc/ntp.drift -compact 2949.It Pa /etc/ntp.conf 2950the default name of the configuration file 2951.It Pa ntp.keys 2952private MD5 keys 2953.It Pa ntpkey 2954RSA private key 2955.It Pa ntpkey_ Ns Ar host 2956RSA public key 2957.It Pa ntp_dh 2958Diffie\-Hellman agreement parameters 2959.El 2960.Sh "EXIT STATUS" 2961One of the following exit values will be returned: 2962.Bl -tag 2963.It 0 " (EXIT_SUCCESS)" 2964Successful program execution. 2965.It 1 " (EXIT_FAILURE)" 2966The operation failed or the command syntax was not valid. 2967.It 70 " (EX_SOFTWARE)" 2968libopts had an internal operational error. Please report 2969it to autogen\-users@lists.sourceforge.net. Thank you. 2970.El 2971.Sh "SEE ALSO" 2972.Xr ntpd @NTPD_MS@ , 2973.Xr ntpdc @NTPDC_MS@ , 2974.Xr ntpq @NTPQ_MS@ 2975.Pp 2976In addition to the manual pages provided, 2977comprehensive documentation is available on the world wide web 2978at 2979.Li http://www.ntp.org/ . 2980A snapshot of this documentation is available in HTML format in 2981.Pa /usr/share/doc/ntp . 2982.Rs 2983.%A David L. Mills 2984.%T Network Time Protocol (Version 4) 2985.%O RFC5905 2986.Re 2987.Sh "AUTHORS" 2988The University of Delaware and Network Time Foundation 2989.Sh "COPYRIGHT" 2990Copyright (C) 1992\-2017 The University of Delaware and Network Time Foundation all rights reserved. 2991This program is released under the terms of the NTP license, <http://ntp.org/license>. 2992.Sh BUGS 2993The syntax checking is not picky; some combinations of 2994ridiculous and even hilarious options and modes may not be 2995detected. 2996.Pp 2997The 2998.Pa ntpkey_ Ns Ar host 2999files are really digital 3000certificates. 3001These should be obtained via secure directory 3002services when they become universally available. 3003.Pp 3004Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org 3005.Sh NOTES 3006This document was derived from FreeBSD. 3007.Pp 3008This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP 3009option definitions. 3010