xref: /freebsd/contrib/ntp/ntpd/ntp.keys.def (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name	= "ntp.keys";
12file-path	= "/etc/ntp.keys";
13prog-title	= "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17	_END_EXPLAIN;
18
19doc-section	= {
20  ds-type	= 'DESCRIPTION';
21  ds-format	= 'mdoc';
22  ds-text	= <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
46.D1 Ar keyno type key
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
55is the key itself.
56.Pp
57The
58.Ar key
59may be given in a format
60controlled by the
61.Ar type
62field.
63The
64.Ar type
65.Li MD5
66is always supported.
67If
68.Li ntpd
69was built with the OpenSSL library
70then any digest library supported by that library may be specified.
71However, if compliance with FIPS 140-2 is required the
72.Ar type
73must be either
74.Li SHA
75or
76.Li SHA1 .
77.Pp
78What follows are some key types, and corresponding formats:
79.Pp
80.Bl -tag -width RMD160 -compact
81.It Li MD5
82The key is 1 to 16 printable characters terminated by
83an EOL,
84whitespace,
85or
86a
87.Li #
88(which is the "start of comment" character).
89.Pp
90.It Li SHA
91.It Li SHA1
92.It Li RMD160
93The key is a hex-encoded ASCII string of 40 characters,
94which is truncated as necessary.
95.El
96.Pp
97Note that the keys used by the
98.Xr ntpq 8
99and
100.Xr ntpdc 8
101programs are checked against passwords
102requested by the programs and entered by hand,
103so it is generally appropriate to specify these keys in ASCII format.
104	_END_PROG_MDOC_DESCRIP;
105};
106
107doc-section	= {
108  ds-type	= 'FILES';
109  ds-format	= 'mdoc';
110  ds-text	= <<- _END_MDOC_FILES
111.Bl -tag -width /etc/ntp.keys -compact
112.It Pa /etc/ntp.keys
113the default name of the configuration file
114.El
115	_END_MDOC_FILES;
116};
117
118doc-section	= {
119  ds-type	= 'SEE ALSO';
120  ds-format	= 'mdoc';
121  ds-text	= <<- _END_MDOC_SEE_ALSO
122.Xr ntp.conf 5 ,
123.Xr ntpd 1ntpdmdoc ,
124.Xr ntpdate 1ntpdatemdoc ,
125.Xr ntpdc 1ntpdcmdoc ,
126.Xr sntp 1sntpmdoc
127	_END_MDOC_SEE_ALSO;
128};
129
130/*
131doc-section	= {
132  ds-type	= 'BUGS';
133  ds-format	= 'mdoc';
134  ds-text	= <<- _END_MDOC_BUGS
135.Xr ntpd 8
136has gotten rather fat.
137While not huge, it has gotten larger than might
138be desirable for an elevated-priority daemon running on a workstation,
139particularly since many of the fancy features which consume the space
140were designed more with a busy primary server, rather than a high
141stratum workstation, in mind.
142	_END_MDOC_BUGS;
143};
144*/
145
146doc-section	= {
147  ds-type	= 'NOTES';
148  ds-format	= 'mdoc';
149  ds-text	= <<- _END_MDOC_NOTES
150This document was derived from FreeBSD.
151	_END_MDOC_NOTES;
152};
153