xref: /freebsd/contrib/ntp/ntpd/ntp.keys.5mdoc (revision ba3c1f5972d7b90feb6e6da47905ff2757e0fe57)
1.Dd June 6 2023
2.Dt NTP_KEYS 5mdoc File Formats
3.Os FreeBSD 12.1-RELEASE_SI
4.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
5.\"
6.\"  It has been AutoGen-ed  June  6, 2023 at 04:37:34 AM by AutoGen 5.18.16
7.\"  From the definitions    ntp.keys.def
8.\"  and the template file   agmdoc-file.tpl
9.Sh NAME
10.Nm ntp.keys
11.Nd NTP symmetric key file format
12
13.Sh NAME
14.Nm ntp.keys
15.Nd NTP symmetric key file format
16.Sh SYNOPSIS
17.Nm
18.Op Fl \-option\-name
19.Op Fl \-option\-name Ar value
20.Pp
21All arguments must be options.
22.Pp
23.Sh DESCRIPTION
24This document describes the format of an NTP symmetric key file.
25For a description of the use of this type of file, see the
26.Qq Authentication Support
27section of the
28.Xr ntp.conf 5
29page.
30.Pp
31.Xr ntpd 8
32reads its keys from a file specified using the
33.Fl k
34command line option or the
35.Ic keys
36statement in the configuration file.
37While key number 0 is fixed by the NTP standard
38(as 56 zero bits)
39and may not be changed,
40one or more keys numbered between 1 and 65535
41may be arbitrarily set in the keys file.
42.Pp
43The key file uses the same comment conventions
44as the configuration file.
45Key entries use a fixed format of the form
46.Pp
47.D1 Ar keyno type key opt_IP_list
48.Pp
49where
50.Ar keyno
51is a positive integer (between 1 and 65535),
52.Ar type
53is the message digest algorithm,
54.Ar key
55is the key itself, and
56.Ar opt_IP_list
57is an optional comma\-separated list of IPs
58where the
59.Ar keyno
60should be trusted.
61that are allowed to serve time.
62Each IP in
63.Ar opt_IP_list
64may contain an optional
65.Cm /subnetbits
66specification which identifies the number of bits for
67the desired subnet of trust.
68If
69.Ar opt_IP_list
70is empty,
71any properly\-authenticated message will be
72accepted.
73.Pp
74The
75.Ar key
76may be given in a format
77controlled by the
78.Ar type
79field.
80The
81.Ar type
82.Li MD5
83is always supported.
84If
85.Li ntpd
86was built with the OpenSSL library
87then any digest library supported by that library may be specified.
88However, if compliance with FIPS 140\-2 is required the
89.Ar type
90must be either
91.Li SHA
92or
93.Li SHA1 .
94.Pp
95What follows are some key types, and corresponding formats:
96.Pp
97.Bl -tag -width RMD160 -compact
98.It Li MD5
99The key is 1 to 16 printable characters terminated by
100an EOL,
101whitespace,
102or
103a
104.Li #
105(which is the "start of comment" character).
106.Pp
107.It Li SHA
108.It Li SHA1
109.It Li RMD160
110The key is a hex\-encoded ASCII string of 40 characters,
111which is truncated as necessary.
112.El
113.Pp
114Note that the keys used by the
115.Xr ntpq 8
116and
117.Xr ntpdc 8
118programs are checked against passwords
119requested by the programs and entered by hand,
120so it is generally appropriate to specify these keys in ASCII format.
121.Sh "OPTIONS"
122.Bl -tag
123.It Fl \-help
124Display usage information and exit.
125.It Fl \-more\-help
126Pass the extended usage information through a pager.
127.It Fl \-version Op Brq Ar v|c|n
128Output version of program and exit.  The default mode is `v', a simple
129version.  The `c' mode will print copyright information and `n' will
130print the full copyright notice.
131.El
132.Sh "OPTION PRESETS"
133Any option that is not marked as \fInot presettable\fP may be preset
134by loading values from environment variables named:
135.nf
136  \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP
137.fi
138.ad
139.Sh "ENVIRONMENT"
140See \fBOPTION PRESETS\fP for configuration environment variables.
141.Sh FILES
142.Bl -tag -width /etc/ntp.keys -compact
143.It Pa /etc/ntp.keys
144the default name of the configuration file
145.El
146.Sh "EXIT STATUS"
147One of the following exit values will be returned:
148.Bl -tag
149.It 0 " (EXIT_SUCCESS)"
150Successful program execution.
151.It 1 " (EXIT_FAILURE)"
152The operation failed or the command syntax was not valid.
153.It 70 " (EX_SOFTWARE)"
154libopts had an internal operational error.  Please report
155it to autogen\-users@lists.sourceforge.net.  Thank you.
156.El
157.Sh "SEE ALSO"
158.Xr ntp.conf 5 ,
159.Xr ntpd 1ntpdmdoc ,
160.Xr ntpdate 1ntpdatemdoc ,
161.Xr ntpdc 1ntpdcmdoc ,
162.Xr sntp 1sntpmdoc
163.Sh "AUTHORS"
164The University of Delaware and Network Time Foundation
165.Sh "COPYRIGHT"
166Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved.
167This program is released under the terms of the NTP license, <http://ntp.org/license>.
168.Sh "BUGS"
169Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org
170.Sh NOTES
171This document was derived from FreeBSD.
172.Pp
173This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
174option definitions.
175