xref: /freebsd/contrib/ntp/ntpd/ntp.keys.def (revision af6a5351a1fdb1130f18be6c782c4d48916eb971)
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name	= "ntp.keys";
12file-path	= "/etc/ntp.keys";
13prog-title	= "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17	_END_EXPLAIN;
18
19doc-section	= {
20  ds-type	= 'DESCRIPTION';
21  ds-format	= 'mdoc';
22  ds-text	= <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
46.D1 Ar keyno type key opt_IP_list
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
55is the key itself, and
56.Ar opt_IP_list
57is an optional comma-separated list of IPs
58that are allowed to serve time.
59If
60.Ar opt_IP_list
61is empty,
62any properly-authenticated server message will be
63accepted.
64.Pp
65The
66.Ar key
67may be given in a format
68controlled by the
69.Ar type
70field.
71The
72.Ar type
73.Li MD5
74is always supported.
75If
76.Li ntpd
77was built with the OpenSSL library
78then any digest library supported by that library may be specified.
79However, if compliance with FIPS 140-2 is required the
80.Ar type
81must be either
82.Li SHA
83or
84.Li SHA1 .
85.Pp
86What follows are some key types, and corresponding formats:
87.Pp
88.Bl -tag -width RMD160 -compact
89.It Li MD5
90The key is 1 to 16 printable characters terminated by
91an EOL,
92whitespace,
93or
94a
95.Li #
96(which is the "start of comment" character).
97.Pp
98.It Li SHA
99.It Li SHA1
100.It Li RMD160
101The key is a hex-encoded ASCII string of 40 characters,
102which is truncated as necessary.
103.El
104.Pp
105Note that the keys used by the
106.Xr ntpq 8
107and
108.Xr ntpdc 8
109programs are checked against passwords
110requested by the programs and entered by hand,
111so it is generally appropriate to specify these keys in ASCII format.
112	_END_PROG_MDOC_DESCRIP;
113};
114
115doc-section	= {
116  ds-type	= 'FILES';
117  ds-format	= 'mdoc';
118  ds-text	= <<- _END_MDOC_FILES
119.Bl -tag -width /etc/ntp.keys -compact
120.It Pa /etc/ntp.keys
121the default name of the configuration file
122.El
123	_END_MDOC_FILES;
124};
125
126doc-section	= {
127  ds-type	= 'SEE ALSO';
128  ds-format	= 'mdoc';
129  ds-text	= <<- _END_MDOC_SEE_ALSO
130.Xr ntp.conf 5 ,
131.Xr ntpd 1ntpdmdoc ,
132.Xr ntpdate 1ntpdatemdoc ,
133.Xr ntpdc 1ntpdcmdoc ,
134.Xr sntp 1sntpmdoc
135	_END_MDOC_SEE_ALSO;
136};
137
138/*
139doc-section	= {
140  ds-type	= 'BUGS';
141  ds-format	= 'mdoc';
142  ds-text	= <<- _END_MDOC_BUGS
143.Xr ntpd 8
144has gotten rather fat.
145While not huge, it has gotten larger than might
146be desirable for an elevated-priority daemon running on a workstation,
147particularly since many of the fancy features which consume the space
148were designed more with a busy primary server, rather than a high
149stratum workstation, in mind.
150	_END_MDOC_BUGS;
151};
152*/
153
154doc-section	= {
155  ds-type	= 'NOTES';
156  ds-format	= 'mdoc';
157  ds-text	= <<- _END_MDOC_NOTES
158This document was derived from FreeBSD.
159	_END_MDOC_NOTES;
160};
161