1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6#include version.def 7 8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name 9// to be ntp.keys - the latter is also how autogen produces the output 10// file name. 11prog-name = "ntp.keys"; 12file-path = "/etc/ntp.keys"; 13prog-title = "NTP symmetric key file format"; 14 15/* explain: Additional information whenever the usage routine is invoked */ 16explain = <<- _END_EXPLAIN 17 _END_EXPLAIN; 18 19doc-section = { 20 ds-type = 'DESCRIPTION'; 21 ds-format = 'mdoc'; 22 ds-text = <<- _END_PROG_MDOC_DESCRIP 23This document describes the format of an NTP symmetric key file. 24For a description of the use of this type of file, see the 25.Qq Authentication Support 26section of the 27.Xr ntp.conf 5 28page. 29.Pp 30.Xr ntpd 8 31reads its keys from a file specified using the 32.Fl k 33command line option or the 34.Ic keys 35statement in the configuration file. 36While key number 0 is fixed by the NTP standard 37(as 56 zero bits) 38and may not be changed, 39one or more keys numbered between 1 and 65534 40may be arbitrarily set in the keys file. 41.Pp 42The key file uses the same comment conventions 43as the configuration file. 44Key entries use a fixed format of the form 45.Pp 46.D1 Ar keyno type key 47.Pp 48where 49.Ar keyno 50is a positive integer (between 1 and 65534), 51.Ar type 52is the message digest algorithm, 53and 54.Ar key 55is the key itself. 56.Pp 57The 58.Ar key 59may be given in a format 60controlled by the 61.Ar type 62field. 63The 64.Ar type 65.Li MD5 66is always supported. 67If 68.Li ntpd 69was built with the OpenSSL library 70then any digest library supported by that library may be specified. 71However, if compliance with FIPS 140-2 is required the 72.Ar type 73must be either 74.Li SHA 75or 76.Li SHA1 . 77.Pp 78What follows are some key types, and corresponding formats: 79.Pp 80.Bl -tag -width RMD160 -compact 81.It Li MD5 82The key is 1 to 16 printable characters terminated by 83an EOL, 84whitespace, 85or 86a 87.Li # 88(which is the "start of comment" character). 89.Pp 90.It Li SHA 91.It Li SHA1 92.It Li RMD160 93The key is a hex-encoded ASCII string of 40 characters, 94which is truncated as necessary. 95.El 96.Pp 97Note that the keys used by the 98.Xr ntpq 8 99and 100.Xr ntpdc 8 101programs are checked against passwords 102requested by the programs and entered by hand, 103so it is generally appropriate to specify these keys in ASCII format. 104 _END_PROG_MDOC_DESCRIP; 105}; 106 107doc-section = { 108 ds-type = 'FILES'; 109 ds-format = 'mdoc'; 110 ds-text = <<- _END_MDOC_FILES 111.Bl -tag -width /etc/ntp.keys -compact 112.It Pa /etc/ntp.keys 113the default name of the configuration file 114.El 115 _END_MDOC_FILES; 116}; 117 118doc-section = { 119 ds-type = 'SEE ALSO'; 120 ds-format = 'mdoc'; 121 ds-text = <<- _END_MDOC_SEE_ALSO 122.Xr ntp.conf 5 , 123.Xr ntpd 1ntpdmdoc , 124.Xr ntpdate 1ntpdatemdoc , 125.Xr ntpdc 1ntpdcmdoc , 126.Xr sntp 1sntpmdoc 127 _END_MDOC_SEE_ALSO; 128}; 129 130/* 131doc-section = { 132 ds-type = 'BUGS'; 133 ds-format = 'mdoc'; 134 ds-text = <<- _END_MDOC_BUGS 135.Xr ntpd 8 136has gotten rather fat. 137While not huge, it has gotten larger than might 138be desirable for an elevated-priority daemon running on a workstation, 139particularly since many of the fancy features which consume the space 140were designed more with a busy primary server, rather than a high 141stratum workstation, in mind. 142 _END_MDOC_BUGS; 143}; 144*/ 145 146doc-section = { 147 ds-type = 'NOTES'; 148 ds-format = 'mdoc'; 149 ds-text = <<- _END_MDOC_NOTES 150This document was derived from FreeBSD. 151 _END_MDOC_NOTES; 152}; 153