summaryrefslogtreecommitdiff
path: root/ntpd/ntp.conf.5man
diff options
context:
space:
mode:
Diffstat (limited to 'ntpd/ntp.conf.5man')
-rw-r--r--ntpd/ntp.conf.5man154
1 files changed, 86 insertions, 68 deletions
diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man
index f1ed4b298fd9c..14438bdc7da10 100644
--- a/ntpd/ntp.conf.5man
+++ b/ntpd/ntp.conf.5man
@@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp.conf 5man "07 Apr 2015" "4.2.8p2" "File Formats"
+.TH ntp.conf 5man "29 Jun 2015" "4.2.8p3" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gKaW.1/ag-tKaO91)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-R0aO7B/ag-30aG6B)
.\"
-.\" It has been AutoGen-ed April 7, 2015 at 04:25:37 AM by AutoGen 5.18.5pre4
+.\" It has been AutoGen-ed June 29, 2015 at 04:30:16 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@@ -35,7 +35,7 @@ All arguments must be options.
The
\f\*[B-Font]ntp.conf\fP
configuration file is read at initial startup by the
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
daemon in order to specify the synchronization sources,
modes and other related information.
Usually, it is installed in the
@@ -307,7 +307,7 @@ This is designed to speed the initial synchronization
acquisition with the
\f\*[B-Font]server\f[]
command and s addresses and when
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
is started with the
\f\*[B-Font]\-q\f[]
option.
@@ -528,7 +528,7 @@ and
\f\*[B-Font]disable\f[]
commands and also by remote
configuration commands sent by a
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
program running in
another machine.
If this flag is enabled, which is the default
@@ -595,15 +595,15 @@ secure means beyond the scope of the NTP protocol itself.
Besides the keys used
for ordinary NTP associations,
additional keys can be used as passwords for the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
utility programs.
.sp \n(Ppu
.ne 2
When
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
is first started, it reads the key file specified in the
\f\*[B-Font]keys\f[]
configuration command and installs the keys
@@ -617,17 +617,17 @@ allows, for instance, the installation of possibly
several batches of keys and
then activating or deactivating each batch
remotely using
-\fCntpdc\fR(1ntpdcmdoc)\f[].
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[].
This also provides a revocation capability that can be used
if a key becomes compromised.
The
\f\*[B-Font]requestkey\f[]
command selects the key used as the password for the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
utility, while the
\f\*[B-Font]controlkey\f[]
command selects the key used as the password for the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
utility.
.SS Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
@@ -674,7 +674,7 @@ page.
The specific cryptographic environment used by Autokey servers
and clients is determined by a set of files
and soft links generated by the
-\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
+\fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[]
program.
This includes a required host key file,
required certificate file and optional sign key file,
@@ -721,7 +721,7 @@ DNS compromise is essential.
By convention, the name of an Autokey host is the name returned
by the Unix
-\fCgethostname\fR(2)\f[]
+\fCgethostname\f[]\fR(2)\f[]
system call or equivalent in other systems.
By the system design
model, there are no provisions to allow alternate names or aliases.
@@ -821,7 +821,7 @@ If verification fails,
Bob sends Cathy a thing called a crypto-NAK, which tells her
something broke.
She can see the evidence using the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
program.
.sp \n(Ppu
.ne 2
@@ -846,7 +846,7 @@ with one server and no authentication with another might not be wise.
.SS Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
-\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
+\fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[]
utility program, including symmetric key, host key and
public certificate files, as well as sign key, identity parameters
and leapseconds files.
@@ -855,9 +855,9 @@ certificate files can be generated by the OpenSSL utilities
and certificates can be imported from public certificate
authorities.
Note that symmetric keys are necessary for the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
utility programs.
The remaining files are necessary only for the
Autokey protocol.
@@ -895,7 +895,7 @@ sent.
.TP 7
.NOP \f\*[B-Font]controlkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
utility, which uses the standard
protocol defined in RFC-1305.
The
@@ -984,10 +984,10 @@ not found, the host key is also the sign key.
.NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[]
Specifies the complete path and location of the MD5 key file
containing the keys and key identifiers used by
-\fCntpd\fR(1ntpdmdoc)\f[],
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[],
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
when operating with symmetric key cryptography.
This is the same operation as the
\f\*[B-Font]\-k\f[]
@@ -1001,10 +1001,10 @@ The default is
.TP 7
.NOP \f\*[B-Font]requestkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
utility program, which uses a
proprietary protocol specific to this implementation of
-\fCntpd\fR(1ntpdmdoc)\f[].
+\fCntpd\f[]\fR(1ntpdmdoc)\f[].
The
\f\*[I-Font]key\f[]
argument is a key identifier
@@ -1027,9 +1027,9 @@ for every message sent.
Specifies the key identifiers which are trusted for the
purposes of authenticating peers with symmetric key cryptography,
as well as keys used by the
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
programs.
The authentication procedures require that both the local
and remote servers share the same key and key identifier for this
@@ -1106,7 +1106,7 @@ The certificate is missing, corrupted or bogus.
The identity key is missing, corrupt or bogus.
.PP
.SH Monitoring Support
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
includes a comprehensive monitoring facility suitable
for continuous, long term recording of server and client
timekeeping performance.
@@ -1122,7 +1122,7 @@ directory of this distribution.
Using
these facilities and
UNIX
-\fCcron\fR(8)\f[]
+\fCcron\f[]\fR(8)\f[]
jobs, the data can be
automatically summarized and archived for retrospective analysis.
.SS Monitoring Commands
@@ -1348,7 +1348,7 @@ produced.)
.ne 2
Note that this command can be sent from the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
program running at a remote location.
.RS
.TP 7
@@ -1422,7 +1422,7 @@ server.
This type does not perform any changes to file set
members during runtime, however it provides an easy way of
separating files belonging to different
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
server incarnations.
The set member filename is built by appending a
\[oq]\&.\[cq]
@@ -1432,7 +1432,7 @@ and
\f\*[I-Font]filename\f[]
strings, and
appending the decimal representation of the process ID of the
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
server process.
.TP 7
.NOP \f\*[B-Font]day\f[]
@@ -1524,7 +1524,7 @@ Enables or disables the recording function.
.PP
.SH Access Control Support
The
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
daemon implements a general purpose address/mask based restriction
list.
The list contains address/match entries sorted first
@@ -1672,9 +1672,9 @@ may be specified:
.TP 7
.NOP \f\*[B-Font]ignore\f[]
Deny packets of all kinds, including
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
queries.
.TP 7
.NOP \f\*[B-Font]kod\f[]
@@ -1690,7 +1690,7 @@ Deny service if the packet spacing violates the lower limits specified
in the discard command.
A history of clients is kept using the
monitoring capability of
-\fCntpd\fR(1ntpdmdoc)\f[].
+\fCntpd\f[]\fR(1ntpdmdoc)\f[].
Thus, monitoring is always active as
long as there is a restriction entry with the
\f\*[B-Font]limited\f[]
@@ -1709,9 +1709,9 @@ be overridden by later requests for normal priority traps.
.TP 7
.NOP \f\*[B-Font]nomodify\f[]
Deny
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
queries which attempt to modify the state of the
server (i.e., run time reconfiguration).
Queries which return
@@ -1719,9 +1719,9 @@ information are permitted.
.TP 7
.NOP \f\*[B-Font]noquery\f[]
Deny
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
queries.
Time service is not affected.
.TP 7
@@ -1746,9 +1746,9 @@ directive.
.TP 7
.NOP \f\*[B-Font]noserve\f[]
Deny all packets except
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
and
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
queries.
.TP 7
.NOP \f\*[B-Font]notrap\f[]
@@ -2078,11 +2078,11 @@ re-associate accordingly.
.ne 2
Some administrators prefer to avoid running
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
continuously and run either
-\fCntpdate\fR(8)\f[]
+\fCntpdate\f[]\fR(8)\f[]
or
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
\f\*[B-Font]\-q\f[]
as a cron job.
In either case the servers must be
@@ -2090,7 +2090,7 @@ configured in advance and the program fails if none are
available when the cron job runs.
A really slick
application of manycast is with
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
\f\*[B-Font]\-q\f[].
The program wakes up, scans the local landscape looking
for the usual suspects, selects the best from among
@@ -2260,7 +2260,7 @@ hazardous.
.ne 2
For the purposes of configuration,
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
treats
reference clocks in a manner analogous to normal NTP peers as much
as possible.
@@ -2348,7 +2348,7 @@ command as well.
The stratum number of a reference clock is by default zero.
Since the
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
daemon adds one to the stratum of each
peer, a primary server ordinarily displays an external stratum of
one.
@@ -2422,7 +2422,7 @@ It must immediately follow the
command which configures the driver.
Note that the same capability
is possible at run time using the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
program.
The options are interpreted as
follows:
@@ -2564,11 +2564,15 @@ The file is updated by first writing
the current drift value into a temporary file and then renaming
this file to replace the old version.
This implies that
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
must have write permission for the directory the
drift file is located in, and that file system links, symbolic or
otherwise, should be avoided.
.TP 7
+.NOP \f\*[B-Font]dscp\f[] \f\*[I-Font]value\f[]
+This option specifies the Differentiated Services Control Point (DSCP) value,
+a 6-bit code. The default value is 46, signifying Expedited Forwarding.
+.TP 7
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
.TP 7
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
@@ -2576,7 +2580,7 @@ Provides a way to enable or disable various server options.
Flags not mentioned are unaffected.
Note that all of these flags
can be controlled remotely using the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
utility program.
.RS
.TP 7
@@ -2613,21 +2617,21 @@ if support is available, otherwise
.NOP \f\*[B-Font]mode7\f[]
Enables processing of NTP mode 7 implementation-specific requests
which are used by the deprecated
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
program.
The default for this flag is disable.
This flag is excluded from runtime configuration using
-\fCntpq\fR(1ntpqmdoc)\f[].
+\fCntpq\f[]\fR(1ntpqmdoc)\f[].
The
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
program provides the same capabilities as
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
using standard mode 6 requests.
.TP 7
.NOP \f\*[B-Font]monitor\f[]
Enables the monitoring facility.
See the
-\fCntpdc\fR(1ntpdcmdoc)\f[]
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[]
program
and the
\f\*[B-Font]monlist\f[]
@@ -2661,14 +2665,28 @@ be nested to a depth of five; upon reaching the end of any
include file, command processing resumes in the previous
configuration file.
This option is useful for sites that run
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.TP 7
+.NOP \f\*[B-Font]leapsmearinterval\f[] \f\*[I-Font]seconds\f[]
+This EXPERIMENTAL option is only available if
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
+was built with the
+\f\*[B-Font]\--enable-leap-smear\f[]
+option to the
+\f\*[B-Font]configure\f[]
+script.
+It specifies the interval over which a leap second correction will be applied.
+Recommended values for this option are between
+7200 (2 hours) and 86400 (24 hours).
+.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS!
+See http://bugs.ntp.org/2855 for more information.
+.TP 7
.NOP \f\*[B-Font]logconfig\f[] \f\*[I-Font]configkeyword\f[]
This command controls the amount and type of output written to
the system
-\fCsyslog\fR(3)\f[]
+\fCsyslog\f[]\fR(3)\f[]
facility or the alternate
\f\*[B-Font]logfile\f[]
log file.
@@ -2683,14 +2701,14 @@ and
where
\[oq]=\[cq]
sets the
-\fCsyslog\fR(3)\f[]
+\fCsyslog\f[]\fR(3)\f[]
priority mask,
\[oq]+\[cq]
adds and
\[oq]\-\[cq]
removes
messages.
-\fCsyslog\fR(3)\f[]
+\fCsyslog\f[]\fR(3)\f[]
messages can be controlled in four
classes
(\f\*[B-Font]clock\f[], \f\*[B-Font]peer\f[], \f\*[B-Font]sys\f[] and \f\*[B-Font]sync\f[]).
@@ -2728,7 +2746,7 @@ logconfig =syncstatus +sysevents
.ne 2
This would just list the synchronizations state of
-\fCntpd\fR(1ntpdmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[]
and the major system events.
For a simple reference server, the
following minimum message configuration could be useful:
@@ -2749,7 +2767,7 @@ peers, system events and so on is suppressed.
.NOP \f\*[B-Font]logfile\f[] \f\*[I-Font]logfile\f[]
This command specifies the location of an alternate log file to
be used instead of the default system
-\fCsyslog\fR(3)\f[]
+\fCsyslog\f[]\fR(3)\f[]
facility.
This is the same operation as the \-l command line option.
.TP 7
@@ -2764,7 +2782,7 @@ is followed by the
\f\*[B-Font]default\f[]
keyword, the
variable will be listed as part of the default system variables
-(\fCntpq\fR(1ntpqmdoc)\f[] \f\*[B-Font]rv\f[] command)).
+(\fCntpq\f[]\fR(1ntpqmdoc)\f[] \f\*[B-Font]rv\f[] command)).
These additional variables serve
informational purposes only.
They are not related to the protocol
@@ -2888,12 +2906,12 @@ The default is 32 megabytes. Setting this to zero will prevent any attemp to loc
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
+\fBmlockall\f[]\fR()\f[]
+function.
+Defaults to 50 4k pages (200 4k pages in OpenBSD).
.TP 7
.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
-\fBmlockall\fR()\f[]
-function.
-Defaults to 50 4k pages (200 4k pages in OpenBSD).
.RE
.TP 7
.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
@@ -2986,9 +3004,9 @@ libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.PP
.SH "SEE ALSO"
-\fCntpd\fR(1ntpdmdoc)\f[],
-\fCntpdc\fR(1ntpdcmdoc)\f[],
-\fCntpq\fR(1ntpqmdoc)\f[]
+\fCntpd\f[]\fR(1ntpdmdoc)\f[],
+\fCntpdc\f[]\fR(1ntpdcmdoc)\f[],
+\fCntpq\f[]\fR(1ntpqmdoc)\f[]
.sp \n(Ppu
.ne 2
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 12:39:06 +0000