1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6#include version.def 7 8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name 9// to be ntp.keys - the latter is also how autogen produces the output 10// file name. 11prog-name = "ntp.keys"; 12file-path = "/etc/ntp.keys"; 13prog-title = "NTP symmetric key file format"; 14 15/* explain: Additional information whenever the usage routine is invoked */ 16explain = <<- _END_EXPLAIN 17 _END_EXPLAIN; 18 19doc-section = { 20 ds-type = 'DESCRIPTION'; 21 ds-format = 'mdoc'; 22 ds-text = <<- _END_PROG_MDOC_DESCRIP 23This document describes the format of an NTP symmetric key file. 24For a description of the use of this type of file, see the 25.Qq Authentication Support 26section of the 27.Xr ntp.conf 5 28page. 29.Pp 30.Xr ntpd 8 31reads its keys from a file specified using the 32.Fl k 33command line option or the 34.Ic keys 35statement in the configuration file. 36While key number 0 is fixed by the NTP standard 37(as 56 zero bits) 38and may not be changed, 39one or more keys numbered between 1 and 65534 40may be arbitrarily set in the keys file. 41.Pp 42The key file uses the same comment conventions 43as the configuration file. 44Key entries use a fixed format of the form 45.Pp 46.D1 Ar keyno type key opt_IP_list 47.Pp 48where 49.Ar keyno 50is a positive integer (between 1 and 65534), 51.Ar type 52is the message digest algorithm, 53and 54.Ar key 55is the key itself, and 56.Ar opt_IP_list 57is an optional comma-separated list of IPs 58that are allowed to serve time. 59If 60.Ar opt_IP_list 61is empty, 62any properly-authenticated server message will be 63accepted. 64.Pp 65The 66.Ar key 67may be given in a format 68controlled by the 69.Ar type 70field. 71The 72.Ar type 73.Li MD5 74is always supported. 75If 76.Li ntpd 77was built with the OpenSSL library 78then any digest library supported by that library may be specified. 79However, if compliance with FIPS 140-2 is required the 80.Ar type 81must be either 82.Li SHA 83or 84.Li SHA1 . 85.Pp 86What follows are some key types, and corresponding formats: 87.Pp 88.Bl -tag -width RMD160 -compact 89.It Li MD5 90The key is 1 to 16 printable characters terminated by 91an EOL, 92whitespace, 93or 94a 95.Li # 96(which is the "start of comment" character). 97.Pp 98.It Li SHA 99.It Li SHA1 100.It Li RMD160 101The key is a hex-encoded ASCII string of 40 characters, 102which is truncated as necessary. 103.El 104.Pp 105Note that the keys used by the 106.Xr ntpq 8 107and 108.Xr ntpdc 8 109programs are checked against passwords 110requested by the programs and entered by hand, 111so it is generally appropriate to specify these keys in ASCII format. 112 _END_PROG_MDOC_DESCRIP; 113}; 114 115doc-section = { 116 ds-type = 'FILES'; 117 ds-format = 'mdoc'; 118 ds-text = <<- _END_MDOC_FILES 119.Bl -tag -width /etc/ntp.keys -compact 120.It Pa /etc/ntp.keys 121the default name of the configuration file 122.El 123 _END_MDOC_FILES; 124}; 125 126doc-section = { 127 ds-type = 'SEE ALSO'; 128 ds-format = 'mdoc'; 129 ds-text = <<- _END_MDOC_SEE_ALSO 130.Xr ntp.conf 5 , 131.Xr ntpd 1ntpdmdoc , 132.Xr ntpdate 1ntpdatemdoc , 133.Xr ntpdc 1ntpdcmdoc , 134.Xr sntp 1sntpmdoc 135 _END_MDOC_SEE_ALSO; 136}; 137 138/* 139doc-section = { 140 ds-type = 'BUGS'; 141 ds-format = 'mdoc'; 142 ds-text = <<- _END_MDOC_BUGS 143.Xr ntpd 8 144has gotten rather fat. 145While not huge, it has gotten larger than might 146be desirable for an elevated-priority daemon running on a workstation, 147particularly since many of the fancy features which consume the space 148were designed more with a busy primary server, rather than a high 149stratum workstation, in mind. 150 _END_MDOC_BUGS; 151}; 152*/ 153 154doc-section = { 155 ds-type = 'NOTES'; 156 ds-format = 'mdoc'; 157 ds-text = <<- _END_MDOC_NOTES 158This document was derived from FreeBSD. 159 _END_MDOC_NOTES; 160}; 161