+* Cleanup from Dave Mills.
* [Bug 1343] sntp illegal C does not compile on Solaris 7.
* [Bug 1381] Version .deps generated include file dependencies to allow
known dependency-breaking changes to force .deps to be cleaned,
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->11-Nov-2009 5:48<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->13-Nov-2009 0:37<!-- #EndDate -->
UTC</p>
<br clear="left">
ID and key type to authenticate NTP packets. If an NTP packet includes a
message authentication code (MAC), consisting of a key ID and message digest,
it is accepted only if the key ID matches a trusted key and the message digest
- is verified with this key.</p>
+ is verified with this key. Note that for historic reasons the message digest
+ algorithm is not consistent with RFC-1828. The digest is computed directly
+ from the concatenation of the key string followed by the packet contents
+ with the exception of the MAC itself.</p>
<p>Keys and related information are specified in a keys file, usually called <tt>ntp.keys</tt>,
which must be distributed and stored using secure means beyond the scope
participants in an Autokey subnet must use the same algorithm. Note that
the Autokey message digest algorithm is separate and distinct form the symmetric
key message digest algorithms. Note: If compliance with FIPS 140-2 is required,
- the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>. [Note that, while
- <tt>MD4</tt> is included in the OpenSSL documentation, it is not available in the
- current library.]</dd>
+ the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
<dt><tt>host <i>name</i></tt></dt>
<dd>Specifies the string used when constructing the names for the host, sign
<p>Alice holds the key.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->11-Nov-2009 20:03<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->13-Nov-2009 0:44<!-- #EndDate -->
</p>
<br clear="left">
<p>When used to generate message digest keys, the program produces a file containing
ten pseudo-random printable ASCII strings suitable for the MD5 message digest
- algorithm. If the OpenSSL library is installed, it produces an additional
- ten hex-encoded random bit strings suitable for the SHA1 and other message
- digest algorithms. All keys are 160
- bits in length, but are truncated as necessary for the various message digest
- algorithms.</p>
+ algorithm included in the distribution. If the OpenSSL library is installed,
+ it produces an additional ten hex-encoded random bit strings suitable for
+ the SHA1 and other message digest algorithms. Printable ASCII keys can have
+ length from one to 20 characters, inclusive. Bit string keys have length
+ 20 octets (40 hex characters). All keys are 160 bits in length.</p>
<p> The file can be edited later with
purpose-chosen passwords for the <tt>ntpq</tt> and <tt>ntpdc</tt> programs.
Each line of the file contains three fields, first an integer between 1 and
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->14-Oct-2009 20:53<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->13-Nov-2009 19:08<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<dt><tt>panic <i>panic</i></tt></dt>
<dd>Spedifies the panic threshold in seconds with default 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.</dd>
<dt><tt>step <i>step</i></tt></dt>
- <dd>Spedifies the step threshold in seconds with default 0.128 s. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default.</dd>
+ <dd>Spedifies the step threshold in seconds. The default without this command
+ is 0.128 s. If set to zero, step adjustments will never
+ occur. Note: The kernel time discipline is disabled if
+ the step threshold is set to zero or greater than 0.5
+ s.</dd>
<dt><tt>stepout <i>stepout</i></tt></dt>
- <dd>Specifies the stepout threshold in seconds with default 900 s. It If set to zero, popcorn spikes will not be suppressed.</dd>
+ <dd>Specifies the stepout threshold in seconds. The default without this
+ command is 900 s. If set to zero, popcorn spikes will
+ not be suppressed.</dd>
</dl></dd>
<dt id="tos"><tt>tos [ beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> ]</tt></dt>
<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
* here and prevent use of inconsistent data later.
*/
keytype = keytype_from_text(token, NULL);
- if (keytype == 0 || keytype > 255) {
+ if (keytype == 0) {
msyslog(LOG_ERR,
"authreadkeys: invalid type for key %d", keyno);
continue;
case LOOP_MAX: /* step threshold (step) */
clock_max = freq;
if (clock_max == 0 || clock_max > 0.5)
- kern_enable = 0;
+ kern_enable = 0;
break;
case LOOP_MINSTEP: /* stepout threshold (stepout) */
*/
extern s_char sys_precision;
-#ifdef KERNEL_PLL
-/*
- * Imported from ntp_loopfilter
- */
-extern int pll_control; /* kernel pll control */
-extern int kern_enable; /* kernel pll enabled */
-extern int ext_enable; /* external clock enable */
-#endif /* KERNEL_PLL */
-
/*
* Function prototypes
*/
projects / thirdparty / ntp.git / commitdiff
