+(4.2.7p335) 2012/12/18 Released by Harlan Stenn <stenn@ntp.org>
* Update documentation templates and definitions.
* Create agtexi-file.tpl .
(4.2.7p334) 2012/12/10 Released by Harlan Stenn <stenn@ntp.org>
-@node ntp.conf Invocation
-@section Invoking ntp.conf
+@node ntp.conf Notes
+@section Notes about ntp.conf
@pindex ntp.conf
@cindex Network Time Protocol (NTP) daemon configuration file format
@ignore
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:39:47 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 17, 2012 at 11:37:53 AM by AutoGen 5.16.2
# From the definitions ntp.conf.def
-# and the template file agtexi-cmd.tpl
+# and the template file agtexi-file.tpl
@end ignore
daemon in order to specify the synchronization sources,
modes and other related information.
Usually, it is installed in the
-.Pa
-/etc
+@file{/etc}
directory,
but could be installed elsewhere
(see the daemon's
@code{-c} command line option).
The file format is similar to other
-.Ux
+@sc{UNIX}
configuration files.
Comments begin with a
-.Ql
-#
+@quoteleft{}#@quoteright{}
character and extend to the end of the line;
blank lines are ignored.
Configuration commands consist of an initial keyword
The rest of this page describes the configuration and control options.
The
-.Qq
-Notes
-on
-Configuring
-NTP
-and
-Setting
-up
-a
-NTP
-Subnet
+"NotesonConfiguringNTPandSettingupaNTPSubnet"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
contains an extended discussion of these options.
In addition to the discussion of general
-.Sx
-Configuration
+@ref{Configuration}Configuration
Options
,
there are sections describing the following supported functionality
and the options used to control it:
@itemize @bullet
@item
-.Sx
-Authentication
+@ref{Authentication}Authentication
Support
@item
-.Sx
-Monitoring
+@ref{Monitoring}Monitoring
Support
@item
-.Sx
-Access
+@ref{Access}Access
Control
Support
@item
-.Sx
-Automatic
+@ref{Automatic}Automatic
NTP
Configuration
Options
@item
-.Sx
-Reference
+@ref{Reference}Reference
Clock
Support
@item
-.Sx
-Miscellaneous
+@ref{Miscellaneous}Miscellaneous
Options
@end itemize
Following these is a section describing
-.Sx
-Miscellaneous
+@ref{Miscellaneous}Miscellaneous
Options
.
While there is a rich set of options available,
the only required option is one or more
-.Ic
-pool
-,
-.Ic
-server
-,
-.Ic
-peer
-,
-.Ic
-broadcast
-or
-.Ic
-manycastclient
-commands.
-.Sh
+@code{pool}, @code{server}, @code{peer}, @code{broadcast} or
+@code{manycastclient} commands.
+@node Configuration
+@section Configuration
+
Configuration
Support
Following is a description of the configuration commands in
persistent association with a remote server or peer or reference
clock, and auxiliary commands that specify environmental variables
that control various related operations.
-.Ss
+@node Configuration
+@section Configuration
+
Configuration
Commands
The various modes are determined by the command keyword and the
In a few cases, including the reslist billboard generated
by ntpdc, IPv6 addresses are automatically generated.
IPv6 addresses can be identified by the presence of colons
-.Dq
-\&:
+@quotedblleft{}\&:@quotedblright{}
in the address field.
IPv6 addresses can be used almost everywhere where
IPv4 addresses can be used,
equivalent classes for that address family.
@table @samp
@item Xo
-.Op
-Cm
-burst
-.Op
-Cm
-iburst
-.Op
-Cm
-version
-Ar
-version
-.Op
-Cm
-prefer
-.Op
-Cm
-minpoll
-Ar
-minpoll
-.Op
-Cm
-maxpoll
-Ar
-maxpoll
-.Xc
+[@code{burst} ]
+[@code{iburst} ]
+[@code{version} @code{Ar} @code{version} ]
+[@code{prefer} ]
+[@code{minpoll} @code{Ar} @code{minpoll} ]
+[@code{maxpoll} @code{Ar} @code{maxpoll} ]
@item Xo
-.Op
-Cm
-key
-Ar
-key
-\&|
-Cm
-autokey
-.Op
-Cm
-burst
-.Op
-Cm
-iburst
-.Op
-Cm
-version
-Ar
-version
-.Op
-Cm
-prefer
-.Op
-Cm
-minpoll
-Ar
-minpoll
-.Op
-Cm
-maxpoll
-Ar
-maxpoll
-.Xc
+[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ]
+[@code{burst} ]
+[@code{iburst} ]
+[@code{version} @code{Ar} @code{version} ]
+[@code{prefer} ]
+[@code{minpoll} @code{Ar} @code{minpoll} ]
+[@code{maxpoll} @code{Ar} @code{maxpoll} ]
@item Xo
-.Op
-Cm
-key
-Ar
-key
-\&|
-Cm
-autokey
-.Op
-Cm
-version
-Ar
-version
-.Op
-Cm
-prefer
-.Op
-Cm
-minpoll
-Ar
-minpoll
-.Op
-Cm
-maxpoll
-Ar
-maxpoll
-.Xc
+[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ]
+[@code{version} @code{Ar} @code{version} ]
+[@code{prefer} ]
+[@code{minpoll} @code{Ar} @code{minpoll} ]
+[@code{maxpoll} @code{Ar} @code{maxpoll} ]
@item Xo
-.Op
-Cm
-key
-Ar
-key
-\&|
-Cm
-autokey
-.Op
-Cm
-version
-Ar
-version
-.Op
-Cm
-prefer
-.Op
-Cm
-minpoll
-Ar
-minpoll
-.Op
-Cm
-ttl
-Ar
-ttl
-.Xc
+[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ]
+[@code{version} @code{Ar} @code{version} ]
+[@code{prefer} ]
+[@code{minpoll} @code{Ar} @code{minpoll} ]
+[@code{ttl} @code{Ar} @code{ttl} ]
@item Xo
-.Op
-Cm
-key
-Ar
-key
-\&|
-Cm
-autokey
-.Op
-Cm
-version
-Ar
-version
-.Op
-Cm
-prefer
-.Op
-Cm
-minpoll
-Ar
-minpoll
-.Op
-Cm
-maxpoll
-Ar
-maxpoll
-.Op
-Cm
-ttl
-Ar
-ttl
-.Xc
+[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ]
+[@code{version} @code{Ar} @code{version} ]
+[@code{prefer} ]
+[@code{minpoll} @code{Ar} @code{minpoll} ]
+[@code{maxpoll} @code{Ar} @code{maxpoll} ]
+[@code{ttl} @code{Ar} @code{ttl} ]
@end multitable
These five commands specify the time server name or address to
be used and the mode in which to operate.
The
-.Ar
-address
-can be
+@kbd{address} can be
either a DNS name or an IP address in dotted-quad notation.
Additional information on association behavior can be found in the
-.Qq
-Association
-Management
+"AssociationManagement"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
@table @samp
remote server, but the remote server can never be synchronized to
the local clock.
This command should
-.Em
-not
+@emph{not}
be used for type
b or m addresses.
@item Ic
subnet specified, but multicast messages go to all interfaces.
In broadcast mode the local server sends periodic broadcast
messages to a client population at the
-.Ar
-address
-specified, which is usually the broadcast address on (one of) the
+@kbd{address} specified, which is usually the broadcast address on (one of) the
local network(s) or a multicast address assigned to NTP.
The IANA
has assigned the multicast group address IPv4 224.0.1.1 and
Ordinarily, this
specification applies only to the local server operating as a
sender; for operation as a broadcast client, see the
-.Ic
-broadcastclient
-or
-.Ic
-multicastclient
-commands
+@code{broadcastclient} or
+@code{multicastclient} commands
below.
@item Ic
For type m addresses (only), this command mobilizes a
specified.
In this case a specific address must be supplied which
matches the address used on the
-.Ic
-manycastserver
-command for
+@code{manycastserver} command for
the designated manycast servers.
The NTP multicast address
224.0.1.1 assigned by the IANA should NOT be used, unless specific
these messages and causing a possibly massive implosion of replies
at the sender.
The
-.Ic
-manycastserver
-command specifies that the local server
+@code{manycastserver} command specifies that the local server
is to operate in client mode with the remote servers that are
discovered as the result of broadcast/multicast messages.
The
client broadcasts a request message to the group address associated
with the specified
-.Ar
-address
-and specifically enabled
+@kbd{address} and specifically enabled
servers respond to these messages.
The client selects the servers
providing the best time and continues as with the
-.Ic
-server
-command.
+@code{server} command.
The remaining servers are discarded as if never
heard.
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the autokey scheme
described in
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
.
@item Cm
additional time for a modem or ISDN call to complete.
This is designed to improve timekeeping quality
with the
-.Ic
-server
-command and s addresses.
+@code{server} command and s addresses.
@item Cm
When the server is unreachable, send a burst of eight packets
instead of the usual one.
additional time for a modem or ISDN call to complete.
This is designed to speed the initial synchronization
acquisition with the
-.Ic
-server
-command and s addresses and when
+@code{server} command and s addresses and when
@code{ntpd(1ntpdmdoc)}
is started with the
@code{-q} option.
@item Cm
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
-.Ar
-key
-identifier with values from 1 to 65534, inclusive.
+@kbd{key} identifier with values from 1 to 65534, inclusive.
The
default is to include no encryption field.
@item Cm
for NTP messages, as a power of 2 in seconds
The maximum poll
interval defaults to 10 (1,024 s), but can be increased by the
-.Cm
-maxpoll
-option to an upper limit of 17 (36.4 h).
+@code{maxpoll} option to an upper limit of 17 (36.4 h).
The
minimum poll interval defaults to 6 (64 s), but can be decreased by
the
-.Cm
-minpoll
-option to a lower limit of 4 (16 s).
+@code{minpoll} option to a lower limit of 4 (16 s).
@item Cm
Marks the server as unused, except for display purposes.
The server is discarded by the selection algroithm.
this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq
-Mitigation
-Rules
-and
-the
-prefer
-Keyword
+"MitigationRulesandthepreferKeyword"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
for further information.
@item Cm
This option is used only with broadcast server and manycast
client modes.
It specifies the time-to-live
-.Ar
-ttl
-to
+@kbd{ttl} to
use on broadcast server and multicast server and the maximum
-.Ar
-ttl
-for the expanding ring search with manycast
+@kbd{ttl} for the expanding ring search with manycast
client packets.
Selection of the proper value, which defaults to
127, is something of a black art and should be coordinated with the
default.
@end multitable
-.Ss
+@node Auxiliary
+@section Auxiliary
+
Auxiliary
Commands
@table @samp
to avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric-key or public-key
authentication as described in
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
.
@item Ic
accidental or malicious disruption in this mode, both the server
and client should operate using symmetric-key or public-key
authentication as described in
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
.
@item Ic
in order to avoid accidental or malicious disruption in this mode,
both the server and client should operate using symmetric-key or
public-key authentication as described in
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
.
@end multitable
-.Sh
+@node Authentication
+@section Authentication
+
Authentication
Support
Authentication support allows the NTP client to verify that the
Authentication is configured separately for each association
using the
-.Cm
-key
-or
-.Cm
-autokey
-subcommand on the
-.Ic
-peer
-,
-.Ic
-server
-,
-.Ic
-broadcast
-and
-.Ic
-manycastclient
-configuration commands as described in
-.Sx
-Configuration
+@code{key} or
+@code{autokey} subcommand on the
+@code{peer}, @code{server}, @code{broadcast} and
+@code{manycastclient} configuration commands as described in
+@ref{Configuration}Configuration
Options
page.
The authentication
credentials and initialize the protocol
The
-.Cm
-auth
-flag controls whether new associations or
+@code{auth} flag controls whether new associations or
remote configuration commands require cryptographic authentication.
This flag can be set or reset by the
-.Ic
-enable
-and
-.Ic
-disable
-commands and also by remote
+@code{enable} and
+@code{disable} commands and also by remote
configuration commands sent by a
@code{ntpdc(1ntpdcmdoc)}
program running in
authenticated.
It should be understood
that operating with the
-.Ic
-auth
-flag disabled invites a significant vulnerability
+@code{auth} flag disabled invites a significant vulnerability
where a rogue hacker can
masquerade as a falseticker and seriously
disrupt system timekeeping.
An attractive alternative where multicast support is available
is manycast mode, in which clients periodically troll
for servers as described in the
-.Sx
-Automatic
+@ref{Automatic}Automatic
NTP
Configuration
Options
.Li
http://www.ntp.org/
.
-.Ss
+@node Symmetric-Key
+@section Symmetric-Key
+
Symmetric-Key
Cryptography
The original RFC-1305 specification allows any one of possibly
Keys and
related information are specified in a key
file, usually called
-.Pa
-ntp.keys
+@file{ntp.keys},
,
which must be distributed and stored using
secure means beyond the scope of the NTP protocol itself.
When
@code{ntpd(1ntpdmdoc)}
is first started, it reads the key file specified in the
-.Ic
-keys
-configuration command and installs the keys
+@code{keys} configuration command and installs the keys
in the key cache.
However,
individual keys must be activated with the
-.Ic
-trusted
-command before use.
+@code{trusted} command before use.
This
allows, for instance, the installation of possibly
several batches of keys and
This also provides a revocation capability that can be used
if a key becomes compromised.
The
-.Ic
-requestkey
-command selects the key used as the password for the
+@code{requestkey} command selects the key used as the password for the
@code{ntpdc(1ntpdcmdoc)}
utility, while the
-.Ic
-controlkey
-command selects the key used as the password for the
+@code{controlkey} command selects the key used as the password for the
@code{ntpq(1ntpqmdoc)}
utility.
-.Ss
+@node Public
+@section Public
+
Public
Key
Cryptography
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
-.Sx
-Autonomous
+@ref{Autonomous}Autonomous
Authentication
page.
There are several schemes
available in the OpenSSL software library, each identified
by a specific string such as
-.Cm
-md5WithRSAEncryption
-,
-which stands for the MD5 message digest with RSA
+@code{md5WithRSAEncryption}, which stands for the MD5 message digest with RSA
encryption scheme.
The current NTP distribution supports
all the schemes in the OpenSSL library, including
engineered so that, even under anticipated failure conditions,
the NTP subnet will form such that every group host can find
a trail to at least one trusted host.
-.Ss
+@node Naming
+@section Naming
+
Naming
and
Addressing
with network address translation schemes is not possible.
This reflects the intended robust security model where government
and corporate NTP servers are operated outside firewall perimeters.
-.Ss
+@node Operation
+@section Operation
+
Operation
A specific combination of authentication scheme (none,
symmetric key, public key) and identity scheme is called
of mobilization, either at configuration time or some time
later when a message of appropriate cryptotype arrives.
When mobilized by a
-.Ic
-server
-or
-.Ic
-peer
-configuration command and no
-.Ic
-key
-or
-.Ic
-autokey
-subcommands are present, the association is not
+@code{server} or
+@code{peer} configuration command and no
+@code{key} or
+@code{autokey} subcommands are present, the association is not
authenticated; if the
-.Ic
-key
-subcommand is present, the association is authenticated
+@code{key} subcommand is present, the association is authenticated
using the symmetric key ID specified; if the
-.Ic
-autokey
-subcommand is present, the association is authenticated
+@code{autokey} subcommand is present, the association is authenticated
using Autokey.
When multiple identity schemes are supported in the Autokey
But, wise security policy might preclude some cryptotype
combinations; for instance, running an identity scheme
with one server and no authentication with another might not be wise.
-.Ss
+@node Key
+@section Key
+
Key
Management
The cryptographic values used by the Autokey protocol are
a subject key identifier or a issuer key identifier field;
however, an extended key usage field for a trusted host must
contain the value
-.Cm
-trustRoot
-;
-.
-Other extension fields are ignored.
-.Ss
+@code{trustRoot};. Other extension fields are ignored.
+@node Authentication
+@section Authentication
+
Authentication
Commands
@table @samp
utility, which uses the standard
protocol defined in RFC-1305.
The
-.Ar
-key
-argument is
+@kbd{key} argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
@item Xo
-.Op
-Cm
-cert
-Ar
-file
-.Op
-Cm
-leap
-Ar
-file
-.Op
-Cm
-randfile
-Ar
-file
-.Op
-Cm
-host
-Ar
-file
-.Op
-Cm
-sign
-Ar
-file
-.Op
-Cm
-gq
-Ar
-file
-.Op
-Cm
-gqpar
-Ar
-file
-.Op
-Cm
-iffpar
-Ar
-file
-.Op
-Cm
-mvpar
-Ar
-file
-.Op
-Cm
-pw
-Ar
-password
-.Xc
+[@code{cert} @code{Ar} @code{file} ]
+[@code{leap} @code{Ar} @code{file} ]
+[@code{randfile} @code{Ar} @code{file} ]
+[@code{host} @code{Ar} @code{file} ]
+[@code{sign} @code{Ar} @code{file} ]
+[@code{gq} @code{Ar} @code{file} ]
+[@code{gqpar} @code{Ar} @code{file} ]
+[@code{iffpar} @code{Ar} @code{file} ]
+[@code{mvpar} @code{Ar} @code{file} ]
+[@code{pw} @code{Ar} @code{password} ]
This command requires the OpenSSL library.
It activates public key
cryptography, selects the message digest and signature
Unless the complete path and name of the file are specified, the
location of a file is relative to the keys directory specified
in the
-.Ic
-keysdir
-command or default
-.Pa
-/usr/local/etc
+@code{keysdir} command or default
+@file{/usr/local/etc}.
.
Following are the subcommands:
@table @samp
@item Cm
Specifies the location of the required host public certificate file.
This overrides the link
-.Pa
-ntpkey_cert_
+@file{ntpkey_cert_}NsArhostname
Ns
Ar
hostname
Specifies the location of the optional GQ parameters file.
This
overrides the link
-.Pa
-ntpkey_gq_
+@file{ntpkey_gq_}NsArhostname
Ns
Ar
hostname
Specifies the location of the required host key file.
This overrides
the link
-.Pa
-ntpkey_key_
+@file{ntpkey_key_}NsArhostname
Ns
Ar
hostname
@item Cm
Specifies the location of the optional IFF parameters file.This
overrides the link
-.Pa
-ntpkey_iff_
+@file{ntpkey_iff_}NsArhostname
Ns
Ar
hostname
@item Cm
Specifies the location of the optional leapsecond file.
This overrides the link
-.Pa
-ntpkey_leap
+@file{ntpkey_leap}
in the keys directory.
@item Cm
Specifies the location of the optional MV parameters file.
This
overrides the link
-.Pa
-ntpkey_mv_
+@file{ntpkey_mv_}NsArhostname
Ns
Ar
hostname
Specifies the location of the optional sign key file.
This overrides
the link
-.Pa
-ntpkey_sign_
+@file{ntpkey_sign_}NsArhostname
Ns
Ar
hostname
This command specifies the default directory path for
cryptographic keys, parameters and certificates.
The default is
-.Pa
-/usr/local/etc/
+@file{/usr/local/etc/}.
.
.It
Ic
proprietary protocol specific to this implementation of
@code{ntpd(1ntpdmdoc)}.
The
-.Ar
-key
-argument is a key identifier
+@kbd{key} argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
.It
purpose, although different keys can be used with different
servers.
The
-.Ar
-key
-arguments are 32-bit unsigned
+@kbd{key} arguments are 32-bit unsigned
integers with values from 1 to 65,534.
@end multitable
-.Ss
+@node Error
+@section Error
+
Error
Codes
The following error codes are reported via the NTP control
and monitoring protocol trap mechanism.
@table @samp
@item 101
-.Pq
-bad
-field
-format
-or
-length
+(badfieldformatorlength)
The packet has invalid version, length or format.
@item 102
-.Pq
-bad
-timestamp
+(badtimestamp)
The packet timestamp is the same or older than the most recent received.
This could be due to a replay or a server clock time step.
@item 103
-.Pq
-bad
-filestamp
+(badfilestamp)
The packet filestamp is the same or older than the most recent received.
This could be due to a replay or a key file generation error.
@item 104
-.Pq
-bad
-or
-missing
-public
-key
+(badormissingpublickey)
The public key is missing, has incorrect format or is an unsupported type.
@item 105
-.Pq
-unsupported
-digest
-type
+(unsupporteddigesttype)
The server requires an unsupported digest/signature scheme.
@item 106
-.Pq
-mismatched
-digest
-types
+(mismatcheddigesttypes)
Not used.
@item 107
-.Pq
-bad
-signature
-length
+(badsignaturelength)
The signature length does not match the current public key.
@item 108
-.Pq
-signature
-not
-verified
+(signaturenotverified)
The message fails the signature check.
It could be bogus or signed by a
different private key.
@item 109
-.Pq
-certificate
-not
-verified
+(certificatenotverified)
The certificate is invalid or signed with the wrong key.
@item 110
-.Pq
-certificate
-not
-verified
+(certificatenotverified)
The certificate is not yet valid or has expired or the signature could not
be verified.
@item 111
-.Pq
-bad
-or
-missing
-cookie
+(badormissingcookie)
The cookie is missing, corrupted or bogus.
@item 112
-.Pq
-bad
-or
-missing
-leapseconds
-table
+(badormissingleapsecondstable)
The leapseconds table is missing, corrupted or bogus.
@item 113
-.Pq
-bad
-or
-missing
-certificate
+(badormissingcertificate)
The certificate is missing, corrupted or bogus.
@item 114
-.Pq
-bad
-or
-missing
-identity
+(badormissingidentity)
The identity key is missing, corrupt or bogus.
@end multitable
-.Sh
+@node Monitoring
+@section Monitoring
+
Monitoring
Support
@code{ntpd(1ntpdmdoc)}
for continuous, long term recording of server and client
timekeeping performance.
See the
-.Ic
-statistics
-command below
+@code{statistics} command below
for a listing and example of each type of statistics currently
supported.
Statistic files are managed using file generation sets
and scripts in the
-.Pa
-./scripts
+@file{./scripts}
directory of this distribution.
Using
these facilities and
-.Ux
+@sc{UNIX}
@code{cron(8)}
jobs, the data can be
automatically summarized and archived for retrospective analysis.
-.Ss
+@node Monitoring
+@section Monitoring
+
Monitoring
Commands
@table @samp
@item Ic
Enables writing of statistics records.
Currently, four kinds of
-.Ar
-name
-statistics are supported.
+@kbd{name} statistics are supported.
@table @samp
@item Cm
Enables recording of clock driver statistics information.
Each update
received from a clock driver appends a line of the following form to
the file generation set named
-.Cm
-clockstats
-:
-.Bd
+@code{clockstats}: .Bd
-literal
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
.Ed
enables recording of cryptographic public key protocol information.
Each message received by the protocol module appends a line of the
following form to the file generation set named
-.Cm
-cryptostats
-:
-.Bd
+@code{cryptostats}: .Bd
-literal
49213 525.624 127.127.4.1 message
.Ed
address in dotted-quad notation, The final message field includes the
message type and certain ancillary information.
See the
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
section for further information.
@item Cm
Each
update of the local clock outputs a line of the following form to
the file generation set named
-.Cm
-loopstats
-:
-.Bd
+@code{loopstats}: .Bd
-literal
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
.Ed
Each valid update appends a
line of the following form to the current element of a file
generation set named
-.Cm
-peerstats
-:
-.Bd
+@code{peerstats}: .Bd
-literal
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
.Ed
Each NTP message
received from a peer or clock driver appends a line of the
following form to the file generation set named
-.Cm
-rawstats
-:
-.Bd
+@code{rawstats}: .Bd
-literal
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
.Ed
Each
hour a line of the following form is appended to the file generation
set named
-.Cm
-sysstats
-:
-.Bd
+@code{sysstats}: .Bd
-literal
50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
.Ed
should be created (see below).
This keyword allows
the (otherwise constant)
-.Cm
-filegen
-filename prefix to be modified for file generation sets, which
+@code{filegen} filename prefix to be modified for file generation sets, which
is useful for handling statistics logs.
.It
Cm
Ar
name
Xo
-.Op
-Cm
-file
-Ar
-filename
-.Op
-Cm
-type
-Ar
-typename
-.Op
-Cm
-link
-|
-nolink
-.Op
-Cm
-enable
-|
-disable
-.Xc
+[@code{file} @code{Ar} @code{filename} ]
+[@code{type} @code{Ar} @code{typename} ]
+[@code{link} | @code{nolink} ]
+[@code{enable} | @code{disable} ]
Configures setting of generation file set name.
Generation
file sets provide a means for handling files that are
@table @samp
@item Cm
This is the type of the statistics records, as shown in the
-.Cm
-statistics
-command.
+@code{statistics} command.
@item Cm
This is the file name for the statistics records.
Filenames of set
members are built from three concatenated elements
-.Ar
-Cm
-prefix
-,
-.Ar
-Cm
-filename
-and
-.Ar
-Cm
-suffix
-:
-@table @samp
+@kbd{Cm} @kbd{prefix}, @kbd{Cm} @kbd{filename} and
+@kbd{Cm} @kbd{suffix}: @table @samp
@item Cm
This is a constant filename path.
It is not subject to
modifications via the
-.Ar
-filegen
-option.
+@kbd{filegen} option.
It is defined by the
server, usually specified as a compile-time constant.
It may,
however, be configurable for individual file generation sets
via other commands.
For example, the prefix used with
-.Ar
-loopstats
-and
-.Ar
-peerstats
-generation can be configured using the
-.Ar
-statsdir
-option explained above.
+@kbd{loopstats} and
+@kbd{peerstats} generation can be configured using the
+@kbd{statsdir} option explained above.
@item Cm
This string is directly concatenated to the prefix mentioned
above (no intervening
-.Ql
-/
-)
-.
+@quoteleft{}/).@quoteright{}
This can be modified using
the file argument to the
-.Ar
-filegen
-statement.
+@kbd{filegen} statement.
No
-.Pa
-..
+@file{..}
elements are
allowed in this component to prevent filenames referring to
parts outside the filesystem hierarchy denoted by
-.Ar
-prefix
-.
-@item Cm
+@kbd{prefix}. @item Cm
This part is reflects individual elements of a file set.
It is
generated according to the type of a file set.
@code{ntpd(1ntpdmdoc)}
server incarnations.
The set member filename is built by appending a
-.Ql
-\&.
+@quoteleft{}\&.@quoteright{}
to concatenated
-.Ar
-prefix
-and
-.Ar
-filename
-strings, and
+@kbd{prefix} and
+@kbd{filename} strings, and
appending the decimal representation of the process ID of the
@code{ntpd(1ntpdmdoc)}
server process.
defined as the period between 00:00 and 24:00 UTC.
The file set
member suffix consists of a
-.Ql
-\&.
+@quoteleft{}\&.@quoteright{}
and a day specification in
the form
-.Cm
-YYYYMMdd
-.
-.Cm
-YYYY
-is a 4-digit year number (e.g., 1992).
-.Cm
-MM
-is a two digit month number.
-.Cm
-dd
-is a two digit day number.
+@code{YYYYMMdd}. @code{YYYY} is a 4-digit year number (e.g., 1992).
+@code{MM} is a two digit month number.
+@code{dd} is a two digit day number.
Thus, all information written at 10 December 1992 would end up
in a file named
-.Ar
-prefix
-.Ar
-filename
-Ns
-.19921210
-.
-@item Cm
+@kbd{prefix} @kbd{filename} @kbd{Ns}.19921210. @item Cm
Any file set member contains data related to a certain week of
a year.
The term week is defined by computing day-of-year
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
filename base: A dot, a 4-digit year number, the letter
-.Cm
-W
-,
-and a 2-digit week number.
+@code{W}, and a 2-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
.No
the file set every 24 hours of server operation.
The filename
suffix consists of a dot, the letter
-.Cm
-a
-,
-and an 8-digit number.
+@code{a}, and an 8-digit number.
This number is taken to be the number of seconds the server is
running at the start of the corresponding 24-hour period.
Information is only written to a file generation by specifying
-.Cm
-enable
-;
-output is prevented by specifying
-.Cm
-disable
-.
-
+@code{enable}; output is prevented by specifying
+@code{disable}.
@end multitable
.It
Cm
generation set by a fixed name.
This feature is enabled by
specifying
-.Cm
-link
-and disabled using
-.Cm
-nolink
-.
-If link is specified, a
+@code{link} and disabled using
+@code{nolink}. If link is specified, a
hard link from the current file set element to a file without
suffix is created.
When there is already a file with this name and
the number of links of this file is one, it is renamed appending a
dot, the letter
-.Cm
-C
-,
-and the pid of the ntpd server process.
+@code{C}, and the pid of the ntpd server process.
When the
number of links is greater than one, the file is unlinked.
This
@end multitable
@end multitable
-.Sh
+@node Access
+@section Access
+
Access
Control
Support
last match found defining the restriction flags associated
with the entry.
Additional information and examples can be found in the
-.Qq
-Notes
-on
-Configuring
-NTP
-and
-Setting
-up
-a
-NTP
-Subnet
+"NotesonConfiguringNTPandSettingupaNTPSubnet"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
When a client or network is denied access
for an indefinate period, the only way at present to remove
the restrictions is by restarting the server.
-.Ss
+@node The
+@section The
+
The
Kiss-of-Death
Packet
to zero and the reference identifier field set to a four-byte
ASCII code.
If the
-.Cm
-noserve
-or
-.Cm
-notrust
-flag of the matching restrict list entry is set,
+@code{noserve} or
+@code{notrust} flag of the matching restrict list entry is set,
the code is "DENY"; if the
-.Cm
-limited
-flag is set and the rate limit
+@code{limited} flag is set and the rate limit
is exceeded, the code is "RATE".
Finally, if a cryptographic violation occurs, the code is "CRYP".
This
happens automatically at the client when the association times out.
It will happen at the server only if the server operator cooperates.
-.Ss
+@node Access
+@section Access
+
Access
Control
Commands
@table @samp
@item Xo
-.Op
-Cm
-average
-Ar
-avg
-.Op
-Cm
-minimum
-Ar
-min
-.Op
-Cm
-monitor
-Ar
-prob
-.Xc
+[@code{average} @code{Ar} @code{avg} ]
+[@code{minimum} @code{Ar} @code{min} ]
+[@code{monitor} @code{Ar} @code{prob} ]
Set the parameters of the
-.Cm
-limited
-facility which protects the server from
+@code{limited} facility which protects the server from
client abuse.
The
-.Cm
-average
-subcommand specifies the minimum average packet
+@code{average} subcommand specifies the minimum average packet
spacing, while the
-.Cm
-minimum
-subcommand specifies the minimum packet spacing.
+@code{minimum} subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
and a kiss-o'-death packet returned if enabled.
The default
The monitor subcommand specifies the probability of discard
for packets that overflow the rate-control window.
@item Xo
-.Op
-Cm
-mask
-Ar
-mask
-.Op
-Ar
-flag
-...
-.Xc
+[@code{mask} @code{Ar} @code{mask} ]
+[@kbd{flag}... ]
The
-.Ar
-address
-argument expressed in
+@kbd{address} argument expressed in
dotted-quad form is the address of a host or network.
Alternatively, the
-.Ar
-address
-argument can be a valid host DNS name.
+@kbd{address} argument can be a valid host DNS name.
The
-.Ar
-mask
-argument expressed in dotted-quad form defaults to
-.Cm
-255.255.255.255
-,
-meaning that the
-.Ar
-address
-is treated as the address of an individual host.
+@kbd{mask} argument expressed in dotted-quad form defaults to
+255.255.255.255, meaning that the
+@kbd{address} is treated as the address of an individual host.
A default entry (address
-.Cm
-0.0.0.0
-,
-mask
-.Cm
-0.0.0.0
-)
-is always included and is always the first entry in the list.
+0.0.0.0, mask
+0.0.0.0) is always included and is always the first entry in the list.
Note that text string
-.Cm
-default
-,
-with no mask option, may
+@code{default}, with no mask option, may
be used to indicate the default entry.
In the current implementation,
-.Cm
-flag
-always
+@code{flag} always
restricts access, i.e., an entry with no flags indicates that free
access to the server is to be given.
The flags are not orthogonal,
@code{ntpd(1ntpdmdoc)}.
Thus, monitoring is always active as
long as there is a restriction entry with the
-.Cm
-limited
-flag.
+@code{limited} flag.
@item Cm
Declare traps set by matching hosts to be low priority.
The
matched only if the source port in the packet is the standard NTP
UDP port (123).
Both
-.Cm
-ntpport
-and
-.Cm
-non-ntpport
-may
+@code{ntpport} and
+@code{non-ntpport} may
be specified.
The
-.Cm
-ntpport
-is considered more specific and
+@code{ntpport} is considered more specific and
is sorted later in the list.
@item Cm
Deny packets that do not match the current NTP version.
NTP server is unrestricted).
@end multitable
-.Sh
+@node Automatic
+@section Automatic
+
Automatic
NTP
Configuration
Options
-.Ss
+@node Manycasting
+@section Manycasting
+
Manycasting
Manycasting is a automatic discovery and configuration paradigm
new to NTPv4.
A persistent manycast client association is configured
using the manycastclient command, which is similar to the
server command but with a multicast (IPv4 class
-.Cm
-D
-or IPv6 prefix
-.Cm
-FF
-)
-group address.
+@code{D} or IPv6 prefix
+@code{FF}) group address.
The IANA has designated IPv4 address 224.1.1.1
and IPv6 address FF05::101 (site local) for NTP.
When more servers are needed, it broadcasts manycast
for a future ephemeral unicast client/server association.
Manycast servers configured with the
-.Ic
-manycastserver
-command listen on the specified group address for manycast
+@code{manycastserver} command listen on the specified group address for manycast
client messages.
Note the distinction between manycast client,
which actively broadcasts messages, and manycast server,
and the effects of implosion due to near-simultaneous
arrival of manycast server messages.
The strategy is determined by the
-.Ic
-manycastclient
-,
-.Ic
-tos
-and
-.Ic
-ttl
-configuration commands.
+@code{manycastclient}, @code{tos} and
+@code{ttl} configuration commands.
The manycast poll interval is
normally eight times the system poll interval,
which starts out at the
-.Cm
-minpoll
-value specified in the
-.Ic
-manycastclient
-,
-command and, under normal circumstances, increments to the
-.Cm
-maxpolll
-value specified in this command.
+@code{minpoll} value specified in the
+@code{manycastclient}, command and, under normal circumstances, increments to the
+@code{maxpolll} value specified in this command.
Initially, the TTL is
set at the minimum hops specified by the ttl command.
At each retransmission the TTL is increased until reaching
The quality and reliability of the suite of associations
discovered by the manycast client is determined by the NTP
mitigation algorithms and the
-.Cm
-minclock
-and
-.Cm
-minsane
-values specified in the
-.Ic
-tos
-configuration command.
+@code{minclock} and
+@code{minsane} values specified in the
+@code{tos} configuration command.
At least
-.Cm
-minsane
-candidate servers must be available and the mitigation
+@code{minsane} candidate servers must be available and the mitigation
algorithms produce at least
-.Cm
-minclock
-survivors in order to synchronize the clock.
+@code{minclock} survivors in order to synchronize the clock.
Byzantine agreement principles require at least four
candidates in order to correctly discard a single falseticker.
For legacy purposes,
-.Cm
-minsane
-defaults to 1 and
-.Cm
-minclock
-defaults to 3.
+@code{minsane} defaults to 1 and
+@code{minclock} defaults to 3.
For manycast service
-.Cm
-minsane
-should be explicitly set to 4, assuming at least that
+@code{minsane} should be explicitly set to 4, assuming at least that
number of servers are available.
If at least
-.Cm
-minclock
-servers are found, the manycast poll interval is immediately
+@code{minclock} servers are found, the manycast poll interval is immediately
set to eight times
-.Cm
-maxpoll
-.
-If less than
-.Cm
-minclock
-servers are found when the TTL has reached the maximum hops,
+@code{maxpoll}. If less than
+@code{minclock} servers are found when the TTL has reached the maximum hops,
the manycast poll interval is doubled.
For each transmission
after that, the poll interval is doubled again until
reaching the maximum of eight times
-.Cm
-maxpoll
-.
-Further transmissions use the same poll interval and
+@code{maxpoll}. Further transmissions use the same poll interval and
TTL values.
Note that while all this is going on,
each client/server association found is operating normally
in the case of IPv6, the link/site scope prefix.
By default, the increment for TTL hops is 32 starting
from 31; however, the
-.Ic
-ttl
-configuration command can be
+@code{ttl} configuration command can be
used to modify the values to match the scope rules.
It is often useful to narrow the range of acceptable
in TTL range, which is probably not the most common
objective in large networks.
The
-.Ic
-tos
-command can be used to modify this behavior.
+@code{tos} command can be used to modify this behavior.
Servers with stratum below
-.Cm
-floor
-or above
-.Cm
-ceiling
-specified in the
-.Ic
-tos
-command are strongly discouraged during the selection
+@code{floor} or above
+@code{ceiling} specified in the
+@code{tos} command are strongly discouraged during the selection
process; however, these servers may be temporally
accepted if the number of servers within TTL range is
less than
-.Cm
-minclock
-.
-
+@code{minclock}.
The above actions occur for each manycast client message,
which repeats at the designated poll interval.
However, once the ephemeral client association is mobilized,
since that would result in a duplicate association.
If during a poll interval the number of client associations
falls below
-.Cm
-minclock
-,
-all manycast client prototype associations are reset
+@code{minclock}, all manycast client prototype associations are reset
to the initial poll interval and TTL hops and operation
resumes from the beginning.
It is important to avoid
The result could well be an implosion, either minor or major,
depending on the number of servers in range.
The recommended value for
-.Cm
-maxpoll
-is 12 (4,096 s).
+@code{maxpoll} is 12 (4,096 s).
It is possible and frequently useful to configure a host
as both manycast client and manycast server.
dependent clients.
With two exceptions, all servers
and clients have identical configuration files including both
-.Ic
-multicastclient
-and
-.Ic
-multicastserver
-commands using, for instance, multicast group address
+@code{multicastclient} and
+@code{multicastserver} commands using, for instance, multicast group address
239.1.1.1.
The only exception is that each primary server
configuration file must include commands for the primary
The remaining configuration files for all secondary
servers and clients have the same contents, except for the
-.Ic
-tos
-command, which is specific for each stratum level.
+@code{tos} command, which is specific for each stratum level.
For stratum 1 and stratum 2 servers, that command is
not necessary.
For stratum 3 and above servers the
-.Cm
-floor
-value is set to the intended stratum number.
+@code{floor} value is set to the intended stratum number.
Thus, all stratum 3 configuration files are identical,
all stratum 4 files are identical and so forth.
Servers do not have to be configured in advance and
all clients throughout the network can have the same
configuration file.
-.Ss
+@node Manycast
+@section Manycast
+
Manycast
Interactions
with
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
-.Ss
+@node Manycast
+@section Manycast
+
Manycast
Options
@table @samp
@item Xo
.Oo
-.Cm
-ceiling
-Ar
-ceiling
-|
-.Cm
-cohort
-{
-0.Cm
-floor
-Ar
-floor
-|
-.Cm
-minclock
-Ar
-minclock
-|
-.Cm
-minsane
-Ar
-minsane
-.Oc
-.Xc
+@code{ceiling} @code{Ar} @code{ceiling} | @code{cohort}{ @code{0} | @code{1}} | @code{floor} @code{Ar} @code{floor} | @code{minclock} @code{Ar} @code{minclock} | @code{minsane} @code{Ar} @code{minsane} .Oc
This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
@table @samp
@item Cm
Peers with strata above
-.Cm
-ceiling
-will be discarded if there are at least
-.Cm
-minclock
-peers remaining.
+@code{ceiling} will be discarded if there are at least
+@code{minclock} peers remaining.
This value defaults to 15, but can be changed
to any number from 1 to 15.
@item Cm
The default is to enable these replies.
@item Cm
Peers with strata below
-.Cm
-floor
-will be discarded if there are at least
-.Cm
-minclock
-peers remaining.
+@code{floor} will be discarded if there are at least
+@code{minclock} peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
@item Cm
The clustering algorithm repeatedly casts out outlyer
associations until no more than
-.Cm
-minclock
-associations remain.
+@code{minclock} associations remain.
This value defaults to 3,
but can be changed to any number from 1 to the number of
configured sources.
for legacy purposes.
However, according to principles of
Byzantine agreement,
-.Cm
-minsane
-should be at least 4 in order to detect and discard
+@code{minsane} should be at least 4 in order to detect and discard
a single falseticker.
@end multitable
multiples of 32 starting at 31.
@end multitable
-.Sh
+@node Reference
+@section Reference
+
Reference
Clock
Support
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
-.Qq
-Reference
-Clock
-Drivers
+"ReferenceClockDrivers"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
Additional information can be found in the pages linked
there, including the
-.Qq
-Debugging
-Hints
-for
-Reference
-Clock
-Drivers
+"DebuggingHintsforReferenceClockDrivers"
and
-.Qq
-How
-To
-Write
-a
-Reference
-Clock
-Driver
+"HowToWriteaReferenceClockDriver"
pages
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
In addition, support for a PPS
signal is available as described in the
-.Qq
-Pulse-per-second
-(PPS)
-Signal
-Interfacing
+"Pulse-per-second(PPS)SignalInterfacing"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
Many
significantly improve the accuracy using the driver.
These are
described in the
-.Qq
-Line
-Disciplines
-and
-Streams
-Drivers
+"LineDisciplinesandStreamsDrivers"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
.Sm
on
where
-.Ar
-t
-is an integer
+@kbd{t} is an integer
denoting the clock type and
-.Ar
-u
-indicates the unit
+@kbd{u} indicates the unit
number in the range 0-3.
While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
The
-.Ic
-server
-command is used to configure a reference
+@code{server} command is used to configure a reference
clock, where the
-.Ar
-address
-argument in that command
+@kbd{address} argument in that command
is the clock address.
The
-.Cm
-key
-,
-.Cm
-version
-and
-.Cm
-ttl
-options are not used for reference clock support.
+@code{key}, @code{version} and
+@code{ttl} options are not used for reference clock support.
The
-.Cm
-mode
-option is added for reference clock support, as
+@code{mode} option is added for reference clock support, as
described below.
The
-.Cm
-prefer
-option can be useful to
+@code{prefer} option can be useful to
persuade the server to cherish a reference clock with somewhat more
enthusiasm than other reference clocks or peers.
Further
information on this option can be found in the
-.Qq
-Mitigation
-Rules
-and
-the
-prefer
-Keyword
+"MitigationRulesandthepreferKeyword"
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
page.
The
-.Cm
-minpoll
-and
-.Cm
-maxpoll
-options have
+@code{minpoll} and
+@code{maxpoll} options have
meaning only for selected clock drivers.
See the individual clock
driver document pages for additional information.
The
-.Ic
-fudge
-command is used to provide additional
+@code{fudge} command is used to provide additional
information for individual clock drivers and normally follows
immediately after the
-.Ic
-server
-command.
+@code{server} command.
The
-.Ar
-address
-argument specifies the clock address.
+@kbd{address} argument specifies the clock address.
The
-.Cm
-refid
-and
-.Cm
-stratum
-options can be used to
+@code{refid} and
+@code{stratum} options can be used to
override the defaults for the device.
There are two optional
device-dependent time offsets and four flags that can be included
in the
-.Ic
-fudge
-command as well.
+@code{fudge} command as well.
The stratum number of a reference clock is by default zero.
Since the
In order to provide engineered backups, it is often useful to
specify the reference clock stratum as greater than zero.
The
-.Cm
-stratum
-option is used for this purpose.
+@code{stratum} option is used for this purpose.
Also, in cases
involving both a reference clock and a pulse-per-second (PPS)
discipline signal, it is useful to specify the reference clock
identifier as other than the default, depending on the driver.
The
-.Cm
-refid
-option is used for this purpose.
+@code{refid} option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
-.Ss
+@node Reference
+@section Reference
+
Reference
Clock
Commands
u
.Sm
on
-.Op
-Cm
-prefer
-.Op
-Cm
-mode
-Ar
-int
-.Op
-Cm
-minpoll
-Ar
-int
-.Op
-Cm
-maxpoll
-Ar
-int
-.Xc
+[@code{prefer} ]
+[@code{mode} @code{Ar} @code{int} ]
+[@code{minpoll} @code{Ar} @code{int} ]
+[@code{maxpoll} @code{Ar} @code{int} ]
This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
equal, this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq
-Mitigation
-Rules
-and
-the
-prefer
-Keyword
+"MitigationRulesandthepreferKeyword"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
for further information.
@item Cm
for reference clock messages, as a power of 2 in seconds
For
most directly connected reference clocks, both
-.Cm
-minpoll
-and
-.Cm
-maxpoll
-default to 6 (64 s).
+@code{minpoll} and
+@code{maxpoll} default to 6 (64 s).
For modem reference clocks,
-.Cm
-minpoll
-defaults to 10 (17.1 m) and
-.Cm
-maxpoll
-defaults to 14 (4.5 h).
+@code{minpoll} defaults to 10 (17.1 m) and
+@code{maxpoll} defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
@end multitable
u
.Sm
on
-.Op
-Cm
-time1
-Ar
-sec
-.Op
-Cm
-time2
-Ar
-sec
-.Op
-Cm
-stratum
-Ar
-int
-.Op
-Cm
-refid
-Ar
-string
-.Op
-Cm
-mode
-Ar
-int
-.Op
-Cm
-flag1
-Cm
-0.Op
-Cm
-flag2
-Cm
-0.Op
-Cm
-flag3
-Cm
-0.Op
-Cm
-flag4
-Cm
-0.Xc
+[@code{time1} @code{Ar} @code{sec} ]
+[@code{time2} @code{Ar} @code{sec} ]
+[@code{stratum} @code{Ar} @code{int} ]
+[@code{refid} @code{Ar} @code{string} ]
+[@code{mode} @code{Ar} @code{int} ]
+[@code{flag1} @code{Cm} @code{0}\&| @code{Cm} @code{1} ]
+[@code{flag2} @code{Cm} @code{0}\&| @code{Cm} @code{1} ]
+[@code{flag3} @code{Cm} @code{0}\&| @code{Cm} @code{1} ]
+[@code{flag4} @code{Cm} @code{0}\&| @code{Cm} @code{1} ]
This command can be used to configure reference clocks in
special ways.
It must immediately follow the
-.Ic
-server
-command which configures the driver.
+@code{server} command which configures the driver.
Note that the same capability
is possible at run time using the
@code{ntpdc(1ntpdcmdoc)}
radio clock or PPS signal is supported, a special calibration
feature is available.
It takes the form of an argument to the
-.Ic
-enable
-command described in
-.Sx
-Miscellaneous
+@code{enable} command described in
+@ref{Miscellaneous}Miscellaneous
Options
page and operates as described in the
-.Qq
-Reference
-Clock
-Drivers
+"ReferenceClockDrivers"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
@item Cm
interpreted in a driver-dependent way.
See the descriptions of
specific drivers in the
-.Qq
-Reference
-Clock
-Drivers
+"ReferenceClockDrivers"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
@item Cm
is a function of the particular clock driver.
However, by
convention
-.Cm
-flag4
-is used to enable recording monitoring
+@code{flag4} is used to enable recording monitoring
data to the
-.Cm
-clockstats
-file configured with the
-.Ic
-filegen
-command.
+@code{clockstats} file configured with the
+@code{filegen} command.
Further information on the
-.Ic
-filegen
-command can be found in
-.Sx
-Monitoring
+@code{filegen} command can be found in
+@ref{Monitoring}Monitoring
Options
.
@end multitable
@end multitable
-.Sh
+@node Miscellaneous
+@section Miscellaneous
+
Miscellaneous
Options
@table @samp
otherwise, should be avoided.
@item Xo
.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
+@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc
@item Xo
.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
+@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc
Provides a way to enable or disable various server options.
Flags not mentioned are unaffected.
Note that all of these flags
peer has been correctly authenticated using either public key or
private key cryptography.
The default for this flag is
-.Ic
-enable
-.
-@item Cm
+@code{enable}. @item Cm
Enables the server to listen for a message from a broadcast or
multicast server, as in the
-.Ic
-multicastclient
-command with default
+@code{multicastclient} command with default
address.
The default for this flag is
-.Ic
-disable
-.
-@item Cm
+@code{disable}. @item Cm
Enables the calibrate feature for reference clocks.
The default for
this flag is
-.Ic
-disable
-.
-@item Cm
+@code{disable}. @item Cm
Enables the kernel time discipline, if available.
The default for this
flag is
-.Ic
-enable
-if support is available, otherwise
-.Ic
-disable
-.
-@item Cm
+@code{enable} if support is available, otherwise
+@code{disable}. @item Cm
Enables the monitoring facility.
See the
@code{ntpdc(1ntpdcmdoc)}
program
and the
-.Ic
-monlist
-command or further information.
+@code{monlist} command or further information.
The
default for this flag is
-.Ic
-enable
-.
-@item Cm
+@code{enable}. @item Cm
Enables time and frequency discipline.
In effect, this switch opens and
closes the feedback loop, which is useful for testing.
The default for
this flag is
-.Ic
-enable
-.
-@item Cm
+@code{enable}. @item Cm
Enables the pulse-per-second (PPS) signal when frequency and time is
disciplined by the precision time kernel modifications.
See the
-.Qq
-A
-Kernel
-Model
-for
-Precision
-Timekeeping
+"AKernelModelforPrecisionTimekeeping"
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
page for further information.
The default for this flag is
-.Ic
-disable
-.
-@item Cm
+@code{disable}. @item Cm
Enables the statistics facility.
See the
-.Sx
-Monitoring
+@ref{Monitoring}Monitoring
Options
section for further information.
The default for this flag is
-.Ic
-disable
-.
-
+@code{disable}.
@end multitable
.It
Ic
the system
@code{syslog(3)}
facility or the alternate
-.Ic
-logfile
-log file.
+@code{logfile} log file.
By default, all output is turned on.
All
-.Ar
-configkeyword
-keywords can be prefixed with
-.Ql
-=
-,
-.Ql
-+
+@kbd{configkeyword} keywords can be prefixed with
+@quoteleft{}=,@quoteright{}
+@quoteleft{}+@quoteright{}
and
-.Ql
--
-,
+@quoteleft{}-,@quoteright{}
where
-.Ql
-=
+@quoteleft{}=@quoteright{}
sets the
@code{syslog(3)}
priority mask,
-.Ql
-+
+@quoteleft{}+@quoteright{}
adds and
-.Ql
--
+@quoteleft{}-@quoteright{}
removes
messages.
@code{syslog(3)}
messages can be controlled in four
classes
.Po
-.Cm
-clock
-,
-.Cm
-peer
-,
-.Cm
-sys
-and
-.Cm
-sync
-.Pc
+@code{clock}, @code{peer}, @code{sys} and
+@code{sync} .Pc
.
Within these classes four types of messages can be
controlled: informational messages
.Po
-.Cm
-info
-.Pc
+@code{info} .Pc
,
event messages
.Po
-.Cm
-events
-.Pc
+@code{events} .Pc
,
statistics messages
.Po
-.Cm
-statistics
-.Pc
+@code{statistics} .Pc
and
status messages
.Po
-.Cm
-status
-.Pc
+@code{status} .Pc
.
Configuration keywords are formed by concatenating the message class with
the event class.
The
-.Cm
-all
-prefix can be used instead of a message class.
+@code{all} prefix can be used instead of a message class.
A
message class may also be followed by the
-.Cm
-all
-keyword to enable/disable all
+@code{all} keyword to enable/disable all
messages of the respective message class.Thus, a minimal log configuration
could look like this:
.Bd
.Sm
on
is followed by the
-.Cm
-default
-keyword, the
+@code{default} keyword, the
variable will be listed as part of the default system variables
.Po
@code{ntpq(1ntpqmdoc)}
-.Ic
-rv
-command
+@code{rv} command
.Pc
)
.
other that they can be listed.
The known protocol variables will
always override any variables defined via the
-.Ic
-setvar
-mechanism.
+@code{setvar} mechanism.
There are three special variables that contain the names
of all variable of the same group.
The
Ic
tinker
.Oo
-.Cm
-allan
-Ar
-allan
-|
-.Cm
-dispersion
-Ar
-dispersion
-|
-.Cm
-freq
-Ar
-freq
-|
-.Cm
-huffpuff
-Ar
-huffpuff
-|
-.Cm
-panic
-Ar
-panic
-|
-.Cm
-step
-Ar
-srep
-|
-.Cm
-stepout
-Ar
-stepout
-.Oc
-.Xc
+@code{allan} @code{Ar} @code{allan} | @code{dispersion} @code{Ar} @code{dispersion} | @code{freq} @code{Ar} @code{freq} | @code{huffpuff} @code{Ar} @code{huffpuff} | @code{panic} @code{Ar} @code{panic} | @code{step} @code{Ar} @code{srep} | @code{stepout} @code{Ar} @code{stepout} .Oc
This command can be used to alter several system variables in
very exceptional circumstances.
It should occur in the
trap
Ar
host_address
-.Op
-Cm
-port
-Ar
-port_number
-.Op
-Cm
-interface
-Ar
-interface_address
-.Xc
+[@code{port} @code{Ar} @code{port_number} ]
+[@code{interface} @code{Ar} @code{interface_address} ]
This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
This software is released under the NTP license, <http://ntp.org/license>.
@menu
-* ntp.conf usage:: ntp.conf help/usage (@option{--help})
-* ntp.conf config:: presetting/configuring ntp.conf
-* ntp.conf exit status:: exit status
-* ntp.conf Files:: Files
-* ntp.conf See Also:: See Also
-* ntp.conf Bugs:: Bugs
-* ntp.conf Notes:: Notes
-@end menu
-
-@node ntp.conf usage
-@subsection ntp.conf help/usage (@option{--help})
-@cindex ntp.conf help
-
-This is the automatically generated usage text for ntp.conf.
-
-The text printed is the same whether selected with the @code{help} option
-(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print
-the usage text by passing it through a pager program.
-@code{more-help} is disabled on platforms without a working
-@code{fork(2)} function. The @code{PAGER} environment variable is
-used to select the program, defaulting to @file{more}. Both will exit
-with a status code of 0.
-
-@exampleindent 0
-@example
-ntp.conf is unavailable - no --help
-@end example
-@exampleindent 4
-
-
-
-@node ntp.conf config
-@subsection presetting/configuring ntp.conf
-
-Any option that is not marked as @i{not presettable} may be preset by
-loading values from environment variables named @code{NTP.CONF} and @code{NTP.CONF_<OPTION_NAME>}. @code{<OPTION_NAME>} must be one of
-the options listed above in upper case and segmented with underscores.
-The @code{NTP.CONF} variable will be tokenized and parsed like
-the command line. The remaining variables are tested for existence and their
-values are treated like option arguments.
-
-
-The command line options relating to configuration and/or usage help are:
-
-@subsubheading version
-
-Print the program version to standard out, optionally with licensing
-information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
-
-@table @samp
-@item version
-Only print the version. This is the default.
-@item copyright
-Name the copyright usage licensing terms.
-@item verbose
-Print the full copyright usage licensing terms.
-@end table
-
-@node ntp.conf exit status
-@subsection ntp.conf exit status
-
-One of the following exit values will be returned:
-@table @samp
-@item 0 (EXIT_SUCCESS)
-Successful program execution.
-@item 1 (EXIT_FAILURE)
-The operation failed or the command syntax was not valid.
-@end table
-@node ntp.conf Files
-@subsection ntp.conf Files
-@table @samp
-@item Pa
-the default name of the configuration file
-@item Pa
-private MD5 keys
-@item Pa
-RSA private key
-@item Pa
-RSA public key
-@item Pa
-Diffie-Hellman agreement parameters
-
-@end multitable
-@node ntp.conf See Also
-@subsection ntp.conf See Also
-.Sh
-SEE
-ALSO
-@code{ntpd(1ntpdmdoc)},
-@code{ntpdc(1ntpdcmdoc)},
-@code{ntpq(1ntpqmdoc)}
-
-In addition to the manual pages provided,
-comprehensive documentation is available on the world wide web
-at
-.Li
-http://www.ntp.org/
-.
-A snapshot of this documentation is available in HTML format in
-.Pa
-/usr/share/doc/ntp
-.
-.Rs
-.%A
-David
-L.
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-4)
-.%O
-RFC5905
-.Re
-@node ntp.conf Bugs
-@subsection ntp.conf Bugs
-The syntax checking is not picky; some combinations of
-ridiculous and even hilarious options and modes may not be
-detected.
-
-The
-.Pa
-ntpkey_
-Ns
-Ar
-host
-files are really digital
-certificates.
-These should be obtained via secure directory
-services when they become universally available.
-@node ntp.conf Notes
-@subsection ntp.conf Notes
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-@node ntp.keys Invocation
-@section Invoking ntp.keys
+@node ntp.keys Notes
+@section Notes about ntp.keys
@pindex ntp.keys
@cindex NTP symmetric key file format
@ignore
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:39:49 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:31:40 AM by AutoGen 5.16.2
# From the definitions ntp.keys.def
-# and the template file agtexi-cmd.tpl
+# and the template file agtexi-file.tpl
@end ignore
This document describes the format of an NTP symmetric key file.
For a description of the use of this type of file, see the
-.Qq
-Authentication
-Support
+"AuthenticationSupport"
section of the
@code{ntp.conf(5)}
page.
@code{ntpd(8)}
reads its keys from a file specified using the
@code{-k} command line option or the
-.Ic
-keys
-statement in the configuration file.
+@code{keys} statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
key
where
-.Ar
-keyno
-is a positive integer (between 1 and 65534),
-.Ar
-type
-is the message digest algorithm,
+@kbd{keyno} is a positive integer (between 1 and 65534),
+@kbd{type} is the message digest algorithm,
and
-.Ar
-key
-is the key itself.
+@kbd{key} is the key itself.
The
-.Ar
-key
-may be given in a format
+@kbd{key} may be given in a format
controlled by the
-.Ar
-type
-field.
+@kbd{type} field.
The
-.Ar
-type
-.Li
+@kbd{type} .Li
MD5
is always supported.
If
was built with the OpenSSL library
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
-.Ar
-type
-must be either
+@kbd{type} must be either
.Li
SHA
or
This software is released under the NTP license, <http://ntp.org/license>.
@menu
-* ntp.keys usage:: ntp.keys help/usage (@option{--help})
-* ntp.keys config:: presetting/configuring ntp.keys
-* ntp.keys exit status:: exit status
-* ntp.keys Files:: Files
-* ntp.keys See Also:: See Also
-* ntp.keys Notes:: Notes
-@end menu
-
-@node ntp.keys usage
-@subsection ntp.keys help/usage (@option{--help})
-@cindex ntp.keys help
-
-This is the automatically generated usage text for ntp.keys.
-
-The text printed is the same whether selected with the @code{help} option
-(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print
-the usage text by passing it through a pager program.
-@code{more-help} is disabled on platforms without a working
-@code{fork(2)} function. The @code{PAGER} environment variable is
-used to select the program, defaulting to @file{more}. Both will exit
-with a status code of 0.
-
-@exampleindent 0
-@example
-ntp.keys is unavailable - no --help
-@end example
-@exampleindent 4
-
-
-
-@node ntp.keys config
-@subsection presetting/configuring ntp.keys
-
-Any option that is not marked as @i{not presettable} may be preset by
-loading values from environment variables named @code{NTP.KEYS} and @code{NTP.KEYS_<OPTION_NAME>}. @code{<OPTION_NAME>} must be one of
-the options listed above in upper case and segmented with underscores.
-The @code{NTP.KEYS} variable will be tokenized and parsed like
-the command line. The remaining variables are tested for existence and their
-values are treated like option arguments.
-
-
-The command line options relating to configuration and/or usage help are:
-
-@subsubheading version
-
-Print the program version to standard out, optionally with licensing
-information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
-
-@table @samp
-@item version
-Only print the version. This is the default.
-@item copyright
-Name the copyright usage licensing terms.
-@item verbose
-Print the full copyright usage licensing terms.
-@end table
-
-@node ntp.keys exit status
-@subsection ntp.keys exit status
-
-One of the following exit values will be returned:
-@table @samp
-@item 0 (EXIT_SUCCESS)
-Successful program execution.
-@item 1 (EXIT_FAILURE)
-The operation failed or the command syntax was not valid.
-@end table
-@node ntp.keys Files
-@subsection ntp.keys Files
-@table @samp
-@item Pa
-the default name of the configuration file
-
-@end multitable
-@node ntp.keys See Also
-@subsection ntp.keys See Also
-@code{ntp.conf(5)},
-@code{ntpd(1ntpdmdoc)},
-@code{ntpdate(1ntpdatemdoc)},
-@code{ntpdc(1ntpdcmdoc)},
-@code{sntp(1sntpmdoc)}
-@node ntp.keys Notes
-@subsection ntp.keys Notes
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:39:50 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:57:30 AM by AutoGen 5.16.2
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpd - NTP daemon program - Ver. 4.2.7p334
+ntpd - NTP daemon program - Ver. 4.2.7p335
USAGE: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
This is the ``configuration file name'' option.
This option takes an argument string.
The name and path of the configuration file,
-/etc/ntp.conf
+@file{/etc/ntp.conf}
by default.
@node ntpd driftfile
@subsection driftfile option (-f)
This is the ``frequency drift file name'' option.
This option takes an argument string.
The name and path of the frequency file,
-/etc/ntp.drift
+@file{/etc/ntp.drift}
by default.
This is the same operation as the
-driftfile driftfile
+@code{driftfile} @kbd{driftfile}
configuration specification in the
-/etc/ntp.conf
+@file{/etc/ntp.conf}
file.
@node ntpd panicgate
@subsection panicgate option (-g)
@end itemize
Normally,
-ntpd
+@code{ntpd}
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
-ntpd
+@code{ntpd}
will exit with a message to the system log. This option can be used with the
--q
+@code{-q}
and
--x
+@code{-x}
options.
See the
-tinker
+@code{tinker}
configuration file directive for other options.
@node ntpd jaildir
@subsection jaildir option (-i)
@end itemize
Chroot the server to the directory
-jaildir
+@kbd{jaildir}
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
--u
+@code{-u}
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+@code{--enable-clockctl}) and Linux (configure with
+@code{--enable-linuxcaps}).
@node ntpd interface
@subsection interface option (-I)
@cindex ntpd-interface
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile.
+@code{interface} command, which is more versatile.
@node ntpd keyfile
@subsection keyfile option (-k)
@cindex ntpd-keyfile
This is the ``path to symmetric keys'' option.
This option takes an argument string.
Specify the name and path of the symmetric key file.
-/etc/ntp.keys
+@file{/etc/ntp.keys}
is the default.
This is the same operation as the
-keys keyfile
+@code{keys} @kbd{keyfile}
configuration file directive.
@node ntpd logfile
@subsection logfile option (-l)
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
-logfile logfile
+@code{logfile} @kbd{logfile}
configuration file directive.
@node ntpd novirtualips
@subsection novirtualips option (-L)
This is the ``do not listen to virtual interfaces'' option.
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
-consider using the configuration file interface command, which
+consider using the configuration file @code{interface} command, which
is more versatile.
@node ntpd modifymmtimer
@subsection modifymmtimer option (-M)
This is the ``run at high priority'' option.
To the extent permitted by the operating system, run
-ntpd
+@code{ntpd}
at the highest priority.
@node ntpd pidfile
@subsection pidfile option (-p)
This is the ``path to the pid file'' option.
This option takes an argument string.
Specify the name and path of the file used to record
-ntpd's
+@code{ntpd}'s
process ID.
This is the same operation as the
-pidfile pidfile
+@code{pidfile} @kbd{pidfile}
configuration file directive.
@node ntpd priority
@subsection priority option (-P)
This is the ``process priority'' option.
This option takes an argument number.
To the extent permitted by the operating system, run
-ntpd
+@code{ntpd}
at the specified
-sched_setscheduler(SCHED_FIFO)
+@code{sched_setscheduler(SCHED_FIFO)}
priority.
@node ntpd quit
@subsection quit option (-q)
saveconfigquit, wait-sync.
@end itemize
-ntpd
+@code{ntpd}
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
-ntpdate
+@code{ntpdate}
program, which will soon be replaced with a shell script.
The
--g
+@code{-g}
and
--x
+@code{-x}
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
@node ntpd propagationdelay
quit, wait-sync.
@end itemize
-Cause ntpd to parse its startup configuration file and save an
+Cause @code{ntpd} to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
@node ntpd statsdir
This option takes an argument string.
Specify the directory path for files created by the statistics facility.
This is the same operation as the
-statsdir statsdir
+@code{statsdir} @kbd{statsdir}
configuration file directive.
@node ntpd trustedkey
@subsection trustedkey option (-t)
may appear an unlimited number of times.
@end itemize
-Add a key number to the trusted key list.
+Add the specified key number to the trusted key list.
@node ntpd user
@subsection user option (-u)
@cindex ntpd-user
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+@code{--enable-clockctl}) and Linux (configure with
+@code{--enable-linuxcaps}).
@node ntpd updateinterval
@subsection updateinterval option (-U)
@cindex ntpd-updateinterval
nofork, quit, saveconfigquit.
@end itemize
-If greater than zero, alters ntpd behavior when forking to
+If greater than zero, alters @code{ntpd}'s behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
-otherwise it is ETIMEDOUT.
-This provides the option for a script starting ntpd to easily
+otherwise it is @code{ETIMEDOUT}.
+This provides the option for a script starting @code{ntpd} to easily
wait for the first set of the clock before proceeding.
@node ntpd slew
@subsection slew option (-x)
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
--g
+@code{-g}
and
--q
+@code{-q}
options.
See the
-tinker
+@code{tinker}
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
@node ntpd usepcc
must be compiled in by defining @code{SYS_WINNT} during the compilation.
@end itemize
-Attempt to substitute the CPU counter for QueryPerformanceCounter.
-The CPU counter and QueryPerformanceCounter are compared, and if
+Attempt to substitute the CPU counter for @code{QueryPerformanceCounter}.
+The CPU counter and @code{QueryPerformanceCounter} are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
@node ntpd pccfreq
must be compiled in by defining @code{SYS_WINNT} during the compilation.
@end itemize
-Force substitution the CPU counter for QueryPerformanceCounter.
+Force substitution the CPU counter for @code{QueryPerformanceCounter}.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
@node ntpd mdns
@end table
@node ntpd Usage
@subsection ntpd Usage
-.Ss
-"How
-NTP
-Operates"
+@node How NTP Operates
+@section How NTP Operates
+
+How NTP Operates
The
@code{ntpd}
utility operates by exchanging messages with
set.
This initial delay to set the clock
can be safely and dramatically reduced using the
-.Cm
-iburst
-keyword with the
-.Ic
-server
-configuration
+@code{iburst} keyword with the
+@code{server} configuration
command, as described in
@code{ntp.conf(5)}.
acceptable range,
@code{ntpd}
enters the same state as when the
-.Pa
-ntp.drift
+@file{ntp.drift}
file is not present.
The intent of this behavior
is to quickly correct the frequency and restore operation to the
normal tracking mode.
In the most extreme cases
(the host
-.Cm
-time.ien.it
-comes to mind), there may be occasional
+time.ien.it comes to mind), there may be occasional
step/slew corrections and subsequent frequency corrections.
It
helps in these cases to use the
-.Cm
-burst
-keyword when
+@code{burst} keyword when
configuring the server, but
ONLY
when you have permission to do so from the owner of the target host.
There is a way to start
@code{ntpd(8)}
that often addresses all of the problems mentioned above.
-.Ss
-"Starting
-NTP
-(Best
-Current
-Practice)"
+@node Starting NTP (Best Current Practice)
+@section Starting NTP (Best Current Practice)
+
+Starting NTP (Best Current Practice)
First, use the
-.Cm
-iburst
-option on your
-.Cm
-server
-entries.
+@code{iburst} option on your
+@code{server} entries.
If you can also keep a good
-.Pa
-ntp.drift
+@file{ntp.drift}
file then
@code{ntpd(8)}
will effectively "warm-start" and your system's clock will
Finally,
if you have processes like
-.Cm
-dovecot
-or database servers
+@code{dovecot} or database servers
that require
monotonically-increasing time,
run
exits successfully
it is as safe as it will ever be to start any process that require
stable time.
-.Ss
-"Frequency
-Discipline"
+@node Frequency Discipline
+@section Frequency Discipline
+
+Frequency Discipline
The
@code{ntpd}
behavior at startup depends on whether the
frequency file, usually
-.Pa
-ntp.drift
+@file{ntp.drift},
,
exists.
This file
immediately.
After that the current frequency offset is written to
the file at hourly intervals.
-.Ss
-"Operating
-Modes"
+@node Operating Modes
+@section Operating Modes
+
+Operating Modes
The
@code{ntpd}
utility can operate in any of several modes, including
symmetric active/passive, client/server broadcast/multicast and
manycast, as described in the
-.Qq
-Association
-Management
+"AssociationManagement"
page
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}).
)
.
It normally operates continuously while
The procedure for initially
setting the clock is the same as in continuous mode; most
applications will probably want to specify the
-.Cm
-iburst
-keyword with the
-.Ic
-server
-configuration command.
+@code{iburst} keyword with the
+@code{server} configuration command.
With this
keyword a volley of messages are exchanged to groom the data and
the clock is set in about 10 s.
At each startup, the
frequency is read from the file and initializes the kernel
frequency.
-.Ss
-"Poll
-Interval
-Control"
+@node Poll Interval Control
+@section Poll Interval Control
+
+Poll Interval Control
This version of NTP includes an intricate state machine to
reduce the network load while maintaining a quality of
synchronization consistent with the observed jitter and wander.
default minimum of 64 s to the default maximum of 1,024 s.
The
default minimum can be changed with the
-.Ic
-tinker
-.Cm
-minpoll
-command to a value not less than 16 s.
+@code{tinker} @code{minpoll} command to a value not less than 16 s.
This value is used for all
configured associations, unless overridden by the
-.Cm
-minpoll
-option on the configuration command.
+@code{minpoll} option on the configuration command.
Note that most device drivers
will not operate properly if the poll interval is less than 64 s
and that the broadcast server and manycast client associations will
s, for example, the capture range is only 31 PPM.
If the intrinsic
error is greater than this, the drift file
-.Pa
-ntp.drift
+@file{ntp.drift}
will
have to be specially tailored to reduce the residual error below
this limit.
Once this is done, the drift file is automatically
updated once per hour and is available to initialize the frequency
on subsequent daemon restarts.
-.Ss
-"The
-huff-n'-puff
-Filter"
+@node The huff-n'-puff Filter
+@section The huff-n'-puff Filter
+
+The huff-n'-puff Filter
In scenarios where a considerable amount of data are to be
downloaded or uploaded over telephone modems, timekeeping quality
can be seriously degraded.
offset.
The filter is activated by the
-.Ic
-tinker
-command and
-.Cm
-huffpuff
-keyword, as described in
+@code{tinker} command and
+@code{huffpuff} keyword, as described in
@code{ntp.conf(5)}.
@node ntpd Files
@subsection ntpd Files
http://www.ntp.org/
.
A snapshot of this documentation is available in HTML format in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp}.
.
.Rs
.%A
-.TH ntp.conf 5man "10 Dec 2012" "4.2.7p334" "File Formats"
+.TH ntp.conf 5man "17 Dec 2012" "4.2.7p335" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:34 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:40 AM by AutoGen 5.16.2
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_CONF 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:53 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:32 AM by AutoGen 5.16.2
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p334 of <code>ntp.conf</code>.
+ <p>This document applies to version 4.2.7p335 of <code>ntp.conf</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</div>
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002econf-Description">ntp.conf Description</a>: Description
-<li><a accesskey="2" href="#sntp-Invocation">sntp Invocation</a>: Invoking sntp
+<li><a accesskey="1" href="#ntp_002econf-Description">ntp.conf Description</a>
+<li><a accesskey="2" href="#ntp_002econf-Notes">ntp.conf Notes</a>
</ul>
<div class="node">
<p><hr>
-<a name="ntp_002econf-Description"></a>
+<a name="ntp_002econf-Description"></a>Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
+Up: <a rel="up" accesskey="u" href="#Top">Top</a>
<br>
</div>
-.TH ntp.conf 5 "10 Dec 2012" "4.2.7p334" "File Formats"
+.TH ntp.conf 5 "17 Dec 2012" "4.2.7p335" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:34 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:40 AM by AutoGen 5.16.2
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_CONF 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:53 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:32 AM by AutoGen 5.16.2
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
-.TH ntp.keys 5man "10 Dec 2012" "4.2.7p334" "File Formats"
+.TH ntp.keys 5man "17 Dec 2012" "4.2.7p335" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:38 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:44 AM by AutoGen 5.16.2
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:54 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:34 AM by AutoGen 5.16.2
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p334 of <code>ntp.keys</code>.
+ <p>This document applies to version 4.2.7p335 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</div>
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a>: Description
-<li><a accesskey="2" href="#ntp_002ekeys-Invocation">ntp.keys Invocation</a>: Invoking sntp
+<li><a accesskey="1" href="#ntp_002ekeys-Description">ntp.keys Description</a>
+<li><a accesskey="2" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
</ul>
<div class="node">
<p><hr>
-<a name="ntp_002ekeys-Description"></a>
+<a name="ntp_002ekeys-Description"></a>Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
+Up: <a rel="up" accesskey="u" href="#Top">Top</a>
<br>
</div>
-.TH ntp.keys 5 "10 Dec 2012" "4.2.7p334" "File Formats"
+.TH ntp.keys 5 "17 Dec 2012" "4.2.7p335" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:38 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:44 AM by AutoGen 5.16.2
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:54 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:34 AM by AutoGen 5.16.2
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 06:37:06 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 17, 2012 at 11:36:48 AM by AutoGen 5.16.2
* From the definitions ntpd-opts.def
* and the template file options
*
* ntpd option static const strings
*/
static char const ntpd_opt_strs[2987] =
-/* 0 */ "ntpd 4.2.7p334\n"
+/* 0 */ "ntpd 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2753 */ "Output version information and exit\0"
/* 2789 */ "version\0"
/* 2797 */ "NTPD\0"
-/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p334\n"
+/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 2935 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2969 */ "\n\n\0"
-/* 2972 */ "ntpd 4.2.7p334";
+/* 2972 */ "ntpd 4.2.7p335";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 06:37:05 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 17, 2012 at 11:36:47 AM by AutoGen 5.16.2
* From the definitions ntpd-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 37
-#define NTPD_VERSION "4.2.7p334"
-#define NTPD_FULL_VERSION "ntpd 4.2.7p334"
+#define NTPD_VERSION "4.2.7p335"
+#define NTPD_FULL_VERSION "ntpd 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpd 1ntpdman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpd 1ntpdman "17 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:41 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:47 AM by AutoGen 5.16.2
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
configuration file name.
.sp
The name and path of the configuration file,
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
by default.
.TP
.BR \-d ", " -\-debug\-level
frequency drift file name.
.sp
The name and path of the frequency file,
-/etc/ntp.drift
+\fI/etc/ntp.drift\fP
by default.
This is the same operation as the
-driftfile driftfile
+\fBdriftfile\fP \fIdriftfile\fP
configuration specification in the
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
file.
.TP
.BR \-g ", " -\-panicgate
This option may appear an unlimited number of times.
.sp
Normally,
-ntpd
+\fBntpd\fP
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
-ntpd
+\fBntpd\fP
will exit with a message to the system log. This option can be used with the
--q
+\fB-q\fP
and
--x
+\fB-x\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
.TP
.BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
Jail directory.
.sp
Chroot the server to the directory
-jaildir
+\fIjaildir\fP
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
--u
+\fB-u\fP
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+\fB--enable-clockctl\fP) and Linux (configure with
+\fB--enable-linuxcaps\fP).
.TP
.BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
Listen on an interface name or address.
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.TP
.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
-/etc/ntp.keys
+\fI/etc/ntp.keys\fP
is the default.
This is the same operation as the
-keys keyfile
+\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.TP
.BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
-logfile logfile
+\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
.BR \-L ", " -\-novirtualips
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
-consider using the configuration file interface command, which
+consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
.BR \-M ", " -\-modifymmtimer
Run at high priority.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the highest priority.
.TP
.BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
path to the PID file.
.sp
Specify the name and path of the file used to record
-ntpd's
+\fBntpd\fP's
process ID.
This is the same operation as the
-pidfile pidfile
+\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.TP
.BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
This option takes an integer number as its argument.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the specified
-sched_setscheduler(SCHED_FIFO)
+\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
.BR \-q ", " -\-quit
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
.sp
-ntpd
+\fBntpd\fP
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
-ntpdate
+\fBntpdate\fP
program, which will soon be replaced with a shell script.
The
--g
+\fB-g\fP
and
--x
+\fB-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.TP
This option must not appear in combination with any of the following options:
quit, wait-sync.
.sp
-Cause ntpd to parse its startup configuration file and save an
+Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
.TP
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
-statsdir statsdir
+\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.TP
.BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
Trusted key number.
This option may appear an unlimited number of times.
.sp
-Add a key number to the trusted key list.
+Add the specified key number to the trusted key list.
.TP
.BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
Run as userid (or userid:groupid).
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+\fB--enable-clockctl\fP) and Linux (configure with
+\fB--enable-linuxcaps\fP).
.TP
.BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
interval in seconds between scans for new or dropped interfaces.
nofork, quit, saveconfigquit.
This option takes an integer number as its argument.
.sp
-If greater than zero, alters ntpd behavior when forking to
+If greater than zero, alters \fBntpd\fP's behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
-otherwise it is ETIMEDOUT.
-This provides the option for a script starting ntpd to easily
+otherwise it is \fBETIMEDOUT\fP.
+This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
.BR \-x ", " -\-slew
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
--g
+\fB-g\fP
and
--q
+\fB-q\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.TP
.BR \-\-usepcc
Use CPU cycle counter (Windows only).
.sp
-Attempt to substitute the CPU counter for QueryPerformanceCounter.
-The CPU counter and QueryPerformanceCounter are compared, and if
+Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
+The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.TP
.BR \-\-pccfreq "=\fIstring\fP"
Force CPU cycle counter use (Windows only).
.sp
-Force substitution the CPU counter for QueryPerformanceCounter.
+Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPD 1ntpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:56 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:36 AM by AutoGen 5.16.2
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
configuration file name.
.sp
The name and path of the configuration file,
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
by default.
.It \-d ", " -\-debug\-level
Increase debug verbosity level.
frequency drift file name.
.sp
The name and path of the frequency file,
-/etc/ntp.drift
+\fI/etc/ntp.drift\fP
by default.
This is the same operation as the
-driftfile driftfile
+\fBdriftfile\fP \fIdriftfile\fP
configuration specification in the
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
file.
.It \-g ", " -\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
Normally,
-ntpd
+\fBntpd\fP
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
-ntpd
+\fBntpd\fP
will exit with a message to the system log. This option can be used with the
--q
+\fB\-q\fP
and
--x
+\fB\-x\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
.It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
Jail directory.
.sp
Chroot the server to the directory
-jaildir
+\fIjaildir\fP
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
--u
+\fB\-u\fP
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--\-enable\-clockctl
-) and Linux (configure with
--\-enable\-linuxcaps
-).
+\fB\-\-enable\-clockctl\fP) and Linux (configure with
+\fB\-\-enable\-linuxcaps\fP).
.It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
Listen on an interface name or address.
This option may appear an unlimited number of times.
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
-/etc/ntp.keys
+\fI/etc/ntp.keys\fP
is the default.
This is the same operation as the
-keys keyfile
+\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
path to the log file.
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
-logfile logfile
+\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.It \-L ", " -\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
-consider using the configuration file interface command, which
+consider using the configuration file \fBinterface\fP command, which
is more versatile.
.It \-M ", " -\-modifymmtimer
Modify Multimedia Timer (Windows only).
Run at high priority.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the highest priority.
.It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
path to the PID file.
.sp
Specify the name and path of the file used to record
-ntpd's
+\fBntpd\fP's
process ID.
This is the same operation as the
-pidfile pidfile
+\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
Process priority.
This option takes an integer number as its argument.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the specified
-sched_setscheduler(SCHED_FIFO)
+\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.It \-q ", " -\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
.sp
-ntpd
+\fBntpd\fP
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
-ntpdate
+\fBntpdate\fP
program, which will soon be replaced with a shell script.
The
--g
+\fB\-g\fP
and
--x
+\fB\-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
This option must not appear in combination with any of the following options:
quit, wait-sync.
.sp
-Cause ntpd to parse its startup configuration file and save an
+Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
.It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
-statsdir statsdir
+\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
Trusted key number.
This option may appear an unlimited number of times.
.sp
-Add a key number to the trusted key list.
+Add the specified key number to the trusted key list.
.It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
Run as userid (or userid:groupid).
.sp
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--\-enable\-clockctl
-) and Linux (configure with
--\-enable\-linuxcaps
-).
+\fB\-\-enable\-clockctl\fP) and Linux (configure with
+\fB\-\-enable\-linuxcaps\fP).
.It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
nofork, quit, saveconfigquit.
This option takes an integer number as its argument.
.sp
-If greater than zero, alters ntpd behavior when forking to
+If greater than zero, alters \fBntpd\fP's behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
-otherwise it is ETIMEDOUT.
-This provides the option for a script starting ntpd to easily
+otherwise it is \fBETIMEDOUT\fP.
+This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.It \-x ", " -\-slew
Slew up to 600 seconds.
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
--g
+\fB\-g\fP
and
--q
+\fB\-q\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.It \-\-usepcc
Use CPU cycle counter (Windows only).
.sp
-Attempt to substitute the CPU counter for QueryPerformanceCounter.
-The CPU counter and QueryPerformanceCounter are compared, and if
+Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
+The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.It \-\-pccfreq "=\fIstring\fP"
Force CPU cycle counter use (Windows only).
.sp
-Force substitution the CPU counter for QueryPerformanceCounter.
+Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.It \-m ", " -\-mdns
<title>ntpd: Network Time Protocol (NTP) Daemon User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpd: Network Time Protocol (NTP) Daemon User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">ntpd: Network Time Protocol (NTP) Daemon User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-Description">ntpd Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Description">ntpd Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<h2 class="unnumbered">ntpd: Network Time Protocol (NTP) Daemon User Manual</h2>
</ul>
<div class="node">
-<a name="ntpd-Description"></a>
<p><hr>
-
-
+<a name="ntpd-Description"></a>
+<br>
</div>
<!-- node-name, next, previous, up -->
the daemon times out and exits without setting the clock.
<div class="node">
-<a name="ntpd-Invocation"></a>
<p><hr>
-
-
+<a name="ntpd-Invocation"></a>
+<br>
</div>
<h3 class="section">Invoking ntpd</h3>
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntpd-usage">ntpd usage</a>: ntpd help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#ntpd-usage">ntpd usage</a>: ntpd help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#ntpd-ipv4">ntpd ipv4</a>: ipv4 option (-4)
<li><a accesskey="3" href="#ntpd-ipv6">ntpd ipv6</a>: ipv6 option (-6)
<li><a accesskey="4" href="#ntpd-authreq">ntpd authreq</a>: authreq option (-a)
</ul>
<div class="node">
-<a name="ntpd-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-ipv4">ntpd ipv4</a>,
+
<a name="ntpd-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpd-ipv4">ntpd ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">ntpd help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">ntpd help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-ntpd-help-3"></a>
This is the automatically generated usage text for ntpd.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p334
please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
</pre>
<div class="node">
-<a name="ntpd-ipv4"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-ipv6">ntpd ipv6</a>,
+
<a name="ntpd-ipv4"></a>Next: <a rel="next" accesskey="n" href="#ntpd-ipv6">ntpd ipv6</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-usage">ntpd usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ipv4 option (-4)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv4 namespace.
<div class="node">
-<a name="ntpd-ipv6"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-authreq">ntpd authreq</a>,
+
<a name="ntpd-ipv6"></a>Next: <a rel="next" accesskey="n" href="#ntpd-authreq">ntpd authreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-ipv4">ntpd ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ipv6 option (-6)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv6 namespace.
<div class="node">
-<a name="ntpd-authreq"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-authnoreq">ntpd authnoreq</a>,
+
<a name="ntpd-authreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-authnoreq">ntpd authnoreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-ipv6">ntpd ipv6</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">authreq option (-a)</h4>
multicast client and symmetric passive associations.
This is the default.
<div class="node">
-<a name="ntpd-authnoreq"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-configfile">ntpd configfile</a>,
+
<a name="ntpd-authnoreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-configfile">ntpd configfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-authreq">ntpd authreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">authnoreq option (-A)</h4>
multicast client and symmetric passive associations.
This is almost never a good idea.
<div class="node">
-<a name="ntpd-configfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-driftfile">ntpd driftfile</a>,
+
<a name="ntpd-configfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-driftfile">ntpd driftfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-authnoreq">ntpd authnoreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">configfile option (-c)</h4>
/etc/ntp.conf
by default.
<div class="node">
-<a name="ntpd-driftfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-panicgate">ntpd panicgate</a>,
+
<a name="ntpd-driftfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-panicgate">ntpd panicgate</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-configfile">ntpd configfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">driftfile option (-f)</h4>
/etc/ntp.conf
file.
<div class="node">
-<a name="ntpd-panicgate"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-jaildir">ntpd jaildir</a>,
+
<a name="ntpd-panicgate"></a>Next: <a rel="next" accesskey="n" href="#ntpd-jaildir">ntpd jaildir</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-driftfile">ntpd driftfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">panicgate option (-g)</h4>
tinker
configuration file directive for other options.
<div class="node">
-<a name="ntpd-jaildir"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-interface">ntpd interface</a>,
+
<a name="ntpd-jaildir"></a>Next: <a rel="next" accesskey="n" href="#ntpd-interface">ntpd interface</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-panicgate">ntpd panicgate</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">jaildir option (-i)</h4>
–enable-linuxcaps
).
<div class="node">
-<a name="ntpd-interface"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-keyfile">ntpd keyfile</a>,
+
<a name="ntpd-interface"></a>Next: <a rel="next" accesskey="n" href="#ntpd-keyfile">ntpd keyfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-jaildir">ntpd jaildir</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">interface option (-I)</h4>
<p><a name="index-ntpd_002dinterface-12"></a>
This is the “listen on an interface name or address” option.
-This option takes an argument string <samp><span class="file">iface</span></samp>.
+This option takes an argument string <span class="file">iface</span>.
<p class="noindent">This option has some usage constraints. It:
<ul>
This option is deprecated. Please consider using the configuration file
interface command, which is more versatile.
<div class="node">
-<a name="ntpd-keyfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-logfile">ntpd logfile</a>,
+
<a name="ntpd-keyfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-logfile">ntpd logfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-interface">ntpd interface</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">keyfile option (-k)</h4>
keys keyfile
configuration file directive.
<div class="node">
-<a name="ntpd-logfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-novirtualips">ntpd novirtualips</a>,
+
<a name="ntpd-logfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-novirtualips">ntpd novirtualips</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-keyfile">ntpd keyfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">logfile option (-l)</h4>
logfile logfile
configuration file directive.
<div class="node">
-<a name="ntpd-novirtualips"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
+
<a name="ntpd-novirtualips"></a>Next: <a rel="next" accesskey="n" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-logfile">ntpd logfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">novirtualips option (-L)</h4>
consider using the configuration file interface command, which
is more versatile.
<div class="node">
-<a name="ntpd-modifymmtimer"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-nice">ntpd nice</a>,
+
<a name="ntpd-modifymmtimer"></a>Next: <a rel="next" accesskey="n" href="#ntpd-nice">ntpd nice</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-novirtualips">ntpd novirtualips</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">modifymmtimer option (-M)</h4>
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
<div class="node">
-<a name="ntpd-nice"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-pidfile">ntpd pidfile</a>,
+
<a name="ntpd-nice"></a>Next: <a rel="next" accesskey="n" href="#ntpd-pidfile">ntpd pidfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">nice option (-N)</h4>
ntpd
at the highest priority.
<div class="node">
-<a name="ntpd-pidfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-priority">ntpd priority</a>,
+
<a name="ntpd-pidfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-priority">ntpd priority</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-nice">ntpd nice</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">pidfile option (-p)</h4>
pidfile pidfile
configuration file directive.
<div class="node">
-<a name="ntpd-priority"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-quit">ntpd quit</a>,
+
<a name="ntpd-priority"></a>Next: <a rel="next" accesskey="n" href="#ntpd-quit">ntpd quit</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-pidfile">ntpd pidfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">priority option (-P)</h4>
sched_setscheduler(SCHED_FIFO)
priority.
<div class="node">
-<a name="ntpd-quit"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
+
<a name="ntpd-quit"></a>Next: <a rel="next" accesskey="n" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-priority">ntpd priority</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">quit option (-q)</h4>
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
<div class="node">
-<a name="ntpd-propagationdelay"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
+
<a name="ntpd-propagationdelay"></a>Next: <a rel="next" accesskey="n" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-quit">ntpd quit</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">propagationdelay option (-r)</h4>
This option takes an argument string.
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
<div class="node">
-<a name="ntpd-saveconfigquit"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-statsdir">ntpd statsdir</a>,
+
<a name="ntpd-saveconfigquit"></a>Next: <a rel="next" accesskey="n" href="#ntpd-statsdir">ntpd statsdir</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">saveconfigquit option</h4>
equivalent to the given filename and exit. This option was
designed for automated testing.
<div class="node">
-<a name="ntpd-statsdir"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-trustedkey">ntpd trustedkey</a>,
+
<a name="ntpd-statsdir"></a>Next: <a rel="next" accesskey="n" href="#ntpd-trustedkey">ntpd trustedkey</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">statsdir option (-s)</h4>
statsdir statsdir
configuration file directive.
<div class="node">
-<a name="ntpd-trustedkey"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-user">ntpd user</a>,
+
<a name="ntpd-trustedkey"></a>Next: <a rel="next" accesskey="n" href="#ntpd-user">ntpd user</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-statsdir">ntpd statsdir</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">trustedkey option (-t)</h4>
<p><a name="index-ntpd_002dtrustedkey-24"></a>
This is the “trusted key number” option.
-This option takes an argument string <samp><span class="file">tkey</span></samp>.
+This option takes an argument string <span class="file">tkey</span>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Add a key number to the trusted key list.
<div class="node">
-<a name="ntpd-user"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-updateinterval">ntpd updateinterval</a>,
+
<a name="ntpd-user"></a>Next: <a rel="next" accesskey="n" href="#ntpd-updateinterval">ntpd updateinterval</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-trustedkey">ntpd trustedkey</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">user option (-u)</h4>
–enable-linuxcaps
).
<div class="node">
-<a name="ntpd-updateinterval"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
+
<a name="ntpd-updateinterval"></a>Next: <a rel="next" accesskey="n" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-user">ntpd user</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">updateinterval option (-U)</h4>
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
<div class="node">
-<a name="ntpd-wait-sync"></a>
-<a name="ntpd-wait_002dsync"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-slew">ntpd slew</a>,
+
<a name="ntpd-wait_002dsync"></a>Next: <a rel="next" accesskey="n" href="#ntpd-slew">ntpd slew</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-updateinterval">ntpd updateinterval</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">wait-sync option (-w)</h4>
This provides the option for a script starting ntpd to easily
wait for the first set of the clock before proceeding.
<div class="node">
-<a name="ntpd-slew"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-usepcc">ntpd usepcc</a>,
+
<a name="ntpd-slew"></a>Next: <a rel="next" accesskey="n" href="#ntpd-usepcc">ntpd usepcc</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">slew option (-x)</h4>
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
<div class="node">
-<a name="ntpd-usepcc"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-pccfreq">ntpd pccfreq</a>,
+
<a name="ntpd-usepcc"></a>Next: <a rel="next" accesskey="n" href="#ntpd-pccfreq">ntpd pccfreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-slew">ntpd slew</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">usepcc option</h4>
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
<div class="node">
-<a name="ntpd-pccfreq"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-mdns">ntpd mdns</a>,
+
<a name="ntpd-pccfreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-mdns">ntpd mdns</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-usepcc">ntpd usepcc</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">pccfreq option</h4>
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
<div class="node">
-<a name="ntpd-mdns"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-config">ntpd config</a>,
+
<a name="ntpd-mdns"></a>Next: <a rel="next" accesskey="n" href="#ntpd-config">ntpd config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-pccfreq">ntpd pccfreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">mdns option (-m)</h4>
the server to be discovered via mDNS client lookup.
<div class="node">
-<a name="ntpd-config"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-exit-status">ntpd exit status</a>,
+
<a name="ntpd-config"></a>Next: <a rel="next" accesskey="n" href="#ntpd-exit-status">ntpd exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-mdns">ntpd mdns</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">presetting/configuring ntpd</h4>
first letter of the argument is examined:
<dl>
-<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
-<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
-<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
+<dt><span class="samp">version</span><dd>Only print the version. This is the default.
+<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
+<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
-<a name="ntpd-exit-status"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-Usage">ntpd Usage</a>,
+
<a name="ntpd-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Usage">ntpd Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-config">ntpd config</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
<div class="node">
-<a name="ntpd-Usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-Files">ntpd Files</a>,
+
<a name="ntpd-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Files">ntpd Files</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-exit-status">ntpd exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd Usage</h4>
keyword, as described in
<code>ntp.conf(5)</code>.
<div class="node">
-<a name="ntpd-Files"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-See-Also">ntpd See Also</a>,
+
<a name="ntpd-Files"></a>Next: <a rel="next" accesskey="n" href="#ntpd-See-Also">ntpd See Also</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-Usage">ntpd Usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd Files</h4>
<dl>
-<dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the configuration file
-<br><dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the drift file
-<br><dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the key file
+<dt><span class="samp">Pa</span><dd>the default name of the configuration file
+<br><dt><span class="samp">Pa</span><dd>the default name of the drift file
+<br><dt><span class="samp">Pa</span><dd>the default name of the key file
<div class="node">
-<a name="ntpd-See-Also"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-Bugs">ntpd Bugs</a>,
+
<a name="ntpd-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Bugs">ntpd Bugs</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-Files">ntpd Files</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd See Also</h4>
RFC5908
.Re
<div class="node">
-<a name="ntpd-Bugs"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpd-Notes">ntpd Notes</a>,
+
<a name="ntpd-Bugs"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Notes">ntpd Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-See-Also">ntpd See Also</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd Bugs</h4>
a busy primary server, rather than a high stratum workstation in
mind.
<div class="node">
-<a name="ntpd-Notes"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#ntpd-Bugs">ntpd Bugs</a>,
+
<a name="ntpd-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntpd-Bugs">ntpd Bugs</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntpd Notes</h4>
Portions of this document came from FreeBSD.
<div class="node">
-<a name="Usage"></a>
<p><hr>
-
-
+<a name="Usage"></a>
+<br>
</div>
<!-- node-name, next, previous, up -->
-.TH ntpd @NTPD_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpd @NTPD_MS@ "17 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:41 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:37:47 AM by AutoGen 5.16.2
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
configuration file name.
.sp
The name and path of the configuration file,
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
by default.
.TP
.BR \-d ", " -\-debug\-level
frequency drift file name.
.sp
The name and path of the frequency file,
-/etc/ntp.drift
+\fI/etc/ntp.drift\fP
by default.
This is the same operation as the
-driftfile driftfile
+\fBdriftfile\fP \fIdriftfile\fP
configuration specification in the
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
file.
.TP
.BR \-g ", " -\-panicgate
This option may appear an unlimited number of times.
.sp
Normally,
-ntpd
+\fBntpd\fP
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
-ntpd
+\fBntpd\fP
will exit with a message to the system log. This option can be used with the
--q
+\fB-q\fP
and
--x
+\fB-x\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
.TP
.BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
Jail directory.
.sp
Chroot the server to the directory
-jaildir
+\fIjaildir\fP
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
--u
+\fB-u\fP
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+\fB--enable-clockctl\fP) and Linux (configure with
+\fB--enable-linuxcaps\fP).
.TP
.BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
Listen on an interface name or address.
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.TP
.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
-/etc/ntp.keys
+\fI/etc/ntp.keys\fP
is the default.
This is the same operation as the
-keys keyfile
+\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.TP
.BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
-logfile logfile
+\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
.BR \-L ", " -\-novirtualips
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
-consider using the configuration file interface command, which
+consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
.BR \-M ", " -\-modifymmtimer
Run at high priority.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the highest priority.
.TP
.BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
path to the PID file.
.sp
Specify the name and path of the file used to record
-ntpd's
+\fBntpd\fP's
process ID.
This is the same operation as the
-pidfile pidfile
+\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.TP
.BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
This option takes an integer number as its argument.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the specified
-sched_setscheduler(SCHED_FIFO)
+\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
.BR \-q ", " -\-quit
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
.sp
-ntpd
+\fBntpd\fP
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
-ntpdate
+\fBntpdate\fP
program, which will soon be replaced with a shell script.
The
--g
+\fB-g\fP
and
--x
+\fB-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.TP
This option must not appear in combination with any of the following options:
quit, wait-sync.
.sp
-Cause ntpd to parse its startup configuration file and save an
+Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
.TP
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
-statsdir statsdir
+\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.TP
.BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
Trusted key number.
This option may appear an unlimited number of times.
.sp
-Add a key number to the trusted key list.
+Add the specified key number to the trusted key list.
.TP
.BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
Run as userid (or userid:groupid).
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
---enable-clockctl
-) and Linux (configure with
---enable-linuxcaps
-).
+\fB--enable-clockctl\fP) and Linux (configure with
+\fB--enable-linuxcaps\fP).
.TP
.BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
interval in seconds between scans for new or dropped interfaces.
nofork, quit, saveconfigquit.
This option takes an integer number as its argument.
.sp
-If greater than zero, alters ntpd behavior when forking to
+If greater than zero, alters \fBntpd\fP's behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
-otherwise it is ETIMEDOUT.
-This provides the option for a script starting ntpd to easily
+otherwise it is \fBETIMEDOUT\fP.
+This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
.BR \-x ", " -\-slew
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
--g
+\fB-g\fP
and
--q
+\fB-q\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.TP
.BR \-\-usepcc
Use CPU cycle counter (Windows only).
.sp
-Attempt to substitute the CPU counter for QueryPerformanceCounter.
-The CPU counter and QueryPerformanceCounter are compared, and if
+Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
+The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.TP
.BR \-\-pccfreq "=\fIstring\fP"
Force CPU cycle counter use (Windows only).
.sp
-Force substitution the CPU counter for QueryPerformanceCounter.
+Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPD @NTPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:39:56 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:36 AM by AutoGen 5.16.2
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
configuration file name.
.sp
The name and path of the configuration file,
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
by default.
.It \-d ", " -\-debug\-level
Increase debug verbosity level.
frequency drift file name.
.sp
The name and path of the frequency file,
-/etc/ntp.drift
+\fI/etc/ntp.drift\fP
by default.
This is the same operation as the
-driftfile driftfile
+\fBdriftfile\fP \fIdriftfile\fP
configuration specification in the
-/etc/ntp.conf
+\fI/etc/ntp.conf\fP
file.
.It \-g ", " -\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
Normally,
-ntpd
+\fBntpd\fP
exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that,
-ntpd
+\fBntpd\fP
will exit with a message to the system log. This option can be used with the
--q
+\fB\-q\fP
and
--x
+\fB\-x\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
.It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
Jail directory.
.sp
Chroot the server to the directory
-jaildir
+\fIjaildir\fP
.
This option also implies that the server attempts to drop root privileges at startup.
You may need to also specify a
--u
+\fB\-u\fP
option.
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--\-enable\-clockctl
-) and Linux (configure with
--\-enable\-linuxcaps
-).
+\fB\-\-enable\-clockctl\fP) and Linux (configure with
+\fB\-\-enable\-linuxcaps\fP).
.It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
Listen on an interface name or address.
This option may appear an unlimited number of times.
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-interface command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
-/etc/ntp.keys
+\fI/etc/ntp.keys\fP
is the default.
This is the same operation as the
-keys keyfile
+\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
path to the log file.
Specify the name and path of the log file.
The default is the system log file.
This is the same operation as the
-logfile logfile
+\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.It \-L ", " -\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
-consider using the configuration file interface command, which
+consider using the configuration file \fBinterface\fP command, which
is more versatile.
.It \-M ", " -\-modifymmtimer
Modify Multimedia Timer (Windows only).
Run at high priority.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the highest priority.
.It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
path to the PID file.
.sp
Specify the name and path of the file used to record
-ntpd's
+\fBntpd\fP's
process ID.
This is the same operation as the
-pidfile pidfile
+\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
Process priority.
This option takes an integer number as its argument.
.sp
To the extent permitted by the operating system, run
-ntpd
+\fBntpd\fP
at the specified
-sched_setscheduler(SCHED_FIFO)
+\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.It \-q ", " -\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
.sp
-ntpd
+\fBntpd\fP
will not daemonize and will exit after the clock is first
synchronized. This behavior mimics that of the
-ntpdate
+\fBntpdate\fP
program, which will soon be replaced with a shell script.
The
--g
+\fB\-g\fP
and
--x
+\fB\-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
This option must not appear in combination with any of the following options:
quit, wait-sync.
.sp
-Cause ntpd to parse its startup configuration file and save an
+Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
.It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
-statsdir statsdir
+\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
Trusted key number.
This option may appear an unlimited number of times.
.sp
-Add a key number to the trusted key list.
+Add the specified key number to the trusted key list.
.It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
Run as userid (or userid:groupid).
.sp
This option is only available if the OS supports adjusting the clock
without full root privileges.
This option is supported under NetBSD (configure with
--\-enable\-clockctl
-) and Linux (configure with
--\-enable\-linuxcaps
-).
+\fB\-\-enable\-clockctl\fP) and Linux (configure with
+\fB\-\-enable\-linuxcaps\fP).
.It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
nofork, quit, saveconfigquit.
This option takes an integer number as its argument.
.sp
-If greater than zero, alters ntpd behavior when forking to
+If greater than zero, alters \fBntpd\fP's behavior when forking to
daemonize. Instead of exiting with status 0 immediately after
the fork, the parent waits up to the specified number of
seconds for the child to first synchronize the clock. The exit
status is zero (success) if the clock was synchronized,
-otherwise it is ETIMEDOUT.
-This provides the option for a script starting ntpd to easily
+otherwise it is \fBETIMEDOUT\fP.
+This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.It \-x ", " -\-slew
Slew up to 600 seconds.
Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s.
Thus, an adjustment as much as 600 s will take almost 14 days to complete.
This option can be used with the
--g
+\fB\-g\fP
and
--q
+\fB\-q\fP
options.
See the
-tinker
+\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.It \-\-usepcc
Use CPU cycle counter (Windows only).
.sp
-Attempt to substitute the CPU counter for QueryPerformanceCounter.
-The CPU counter and QueryPerformanceCounter are compared, and if
+Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
+The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.It \-\-pccfreq "=\fIstring\fP"
Force CPU cycle counter use (Windows only).
.sp
-Force substitution the CPU counter for QueryPerformanceCounter.
+Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.It \-m ", " -\-mdns
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:40:27 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:57:58 AM by AutoGen 5.16.2
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334
+ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335
USAGE: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
will
attempt to read interactive format commands from the standard
input.
-.Ss
-"Interactive
-Commands"
+@node Interactive Commands
+@section Interactive Commands
+
+Interactive Commands
Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
The output of a
command is normally sent to the standard output, but optionally the
output of individual commands may be sent to a file by appending a
-.Ql
-\&>
-,
+@quoteleft{}\&>,@quoteright{}
followed by a file name, to the command line.
A number of interactive format commands are executed entirely
@item Ic
@item Ic
A
-.Sq
-Ic
-\&?
+@quoteleft{}Ic\&?@quoteright{}
will print a list of all the command
keywords known to this incarnation of
@code{ntpdc}.
A
-.Sq
-Ic
-\&?
+@quoteleft{}Ic\&?@quoteright{}
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
be either a host name or a numeric address.
@item Ic
If
-.Cm
-yes
-is specified, host names are printed in
+@code{yes} is specified, host names are printed in
information displays.
If
-.Cm
-no
-is specified, numeric
+@code{no} is specified, numeric
addresses are printed instead.
The default is
-.Cm
-yes
-,
-unless
+@code{yes}, unless
modified using the command line
@code{-n} switch.
@item Ic
a timeout will be twice the timeout value set.
@end multitable
-.Ss
-"Control
-Message
-Commands"
+@node Control Message Commands
+@section Control Message Commands
+
+Control Message Commands
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
These are read-only commands
The character in the left margin indicates the mode this peer
entry is operating in.
A
-.Ql
-\&+
+@quoteleft{}\&+@quoteright{}
denotes symmetric active, a
-.Ql
-\&-
+@quoteleft{}\&-@quoteright{}
indicates symmetric passive, a
-.Ql
-\&=
+@quoteleft{}\&=@quoteright{}
means the
remote server is being polled in client mode, a
-.Ql
-\&^
+@quoteleft{}\&^@quoteright{}
indicates that the server is broadcasting to this address, a
-.Ql
-\&~
+@quoteleft{}\&~@quoteright{}
denotes that the remote peer is sending broadcasts and a
-.Ql
-\&~
+@quoteleft{}\&~@quoteright{}
denotes that the remote peer is sending broadcasts and a
-.Ql
-\&*
+@quoteleft{}\&*@quoteright{}
marks the peer the server is currently synchronizing
to.
"parameter"
.
On
-.Ic
-hostnames
-.Cm
-no
-only IP-addresses
+@code{hostnames} @code{no} only IP-addresses
will be displayed.
@item Ic
A slightly different peer summary list.
Identical to the output
of the
-.Ic
-peers
-command, except for the character in the
+@code{peers} command, except for the character in the
leftmost column.
Characters only appear beside peers which were
included in the final stage of the clock selection algorithm.
A
-.Ql
-\&.
+@quoteleft{}\&.@quoteright{}
indicates that this peer was cast off in the falseticker
detection, while a
-.Ql
-\&+
+@quoteleft{}\&+@quoteright{}
indicates that the peer made it
through.
A
-.Ql
-\&*
+@quoteleft{}\&*@quoteright{}
denotes the peer the server is currently
synchronizing with.
@item Ic
filter is the part of NTP which deals with adjusting the local
system clock.
The
-.Sq
-offset
+@quoteleft{}offset@quoteright{}
is the last offset given to the
loop filter by the packet processing code.
The
-.Sq
-frequency
+@quoteleft{}frequency@quoteright{}
is the frequency error of the local clock in parts-per-million
(ppm).
The
-.Sq
-time_const
+@quoteleft{}time_const@quoteright{}
controls the stiffness of the
phase-lock loop and thus the speed at which it can adapt to
oscillator drift.
The
-.Sq
-watchdog
-timer
+@quoteleft{}watchdogtimer@quoteright{}
value is the number
of seconds which have elapsed since the last sample offset was
given to the loop filter.
The
-.Cm
-oneline
-and
-.Cm
-multiline
-options specify the format in which this
+@code{oneline} and
+@code{multiline} options specify the format in which this
information is to be printed, with
-.Cm
-multiline
-as the
+@code{multiline} as the
default.
@item Ic
Print a variety of system state variables, i.e., state related
in the NTP Version 3 specification, RFC-1305.
The
-.Sq
-system
-flags
+@quoteleft{}systemflags@quoteright{}
show various system flags, some of
which can be set and cleared by the
-.Ic
-enable
-and
-.Ic
-disable
-configuration commands, respectively.
+@code{enable} and
+@code{disable} configuration commands, respectively.
These are
the
-.Cm
-auth
-,
-.Cm
-bclient
-,
-.Cm
-monitor
-,
-.Cm
-pll
-,
-.Cm
-pps
-and
-.Cm
-stats
-flags.
+@code{auth}, @code{bclient}, @code{monitor}, @code{pll}, @code{pps} and
+@code{stats} flags.
See the
@code{ntpd(8)}
documentation for the meaning of these flags.
There
are two additional flags which are read only, the
-.Cm
-kernel_pll
-and
-.Cm
-kernel_pps
-.
-These flags indicate
+@code{kernel_pll} and
+@code{kernel_pps}. These flags indicate
the synchronization status when the precision time kernel
modifications are in use.
The
-.Sq
-kernel_pll
+@quoteleft{}kernel_pll@quoteright{}
indicates that
the local clock is being disciplined by the kernel, while the
-.Sq
-kernel_pps
+@quoteleft{}kernel_pps@quoteright{}
indicates the kernel discipline is provided by the PPS
signal.
The
-.Sq
-stability
+@quoteleft{}stability@quoteright{}
is the residual frequency error remaining
after the system frequency correction is applied and is intended for
maintenance and debugging.
incorrect.
The
-.Sq
-broadcastdelay
+@quoteleft{}broadcastdelay@quoteright{}
shows the default broadcast delay,
as set by the
-.Ic
-broadcastdelay
-configuration command.
+@code{broadcastdelay} configuration command.
The
-.Sq
-authdelay
+@quoteleft{}authdelay@quoteright{}
shows the default authentication delay,
as set by the
-.Ic
-authdelay
-configuration command.
+@code{authdelay} configuration command.
@item Ic
Print statistics counters maintained in the protocol
module.
undecodable without a copy of the driver source in hand.
@end multitable
-.Ss
-"Runtime
-Configuration
-Requests"
+@node Runtime Configuration Requests
+@section Runtime Configuration Requests
+
+Runtime Configuration Requests
All requests which cause state changes in the server are
authenticated by the server using a configured NTP key (the
facility can also be disabled by the server by not configuring a
known to
@code{ntpdc}.
This can be done using the
-.Ic
-keyid
-and
-.Ic
-passwd
-commands, the latter of which will prompt at the terminal for a
+@code{keyid} and
+@code{passwd} commands, the latter of which will prompt at the terminal for a
password to use as the encryption key.
You will also be prompted
automatically for both the key number and password the first time a
The following commands all make authenticated requests.
@table @samp
@item Xo
-.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
+[@kbd{keyid} ]
+[@kbd{version} ]
+[@code{prefer} ]
Add a configured peer association at the given address and
operating in symmetric active mode.
Note that an existing
executed, or may simply be converted to conform to the new
configuration, as appropriate.
If the optional
-.Ar
-keyid
-is a
+@kbd{keyid} is a
nonzero integer, all outgoing packets to the remote server will
have an authentication field attached encrypted with this key.
If
the value is 0 (or not given) no authentication will be done.
The
-.Ar
-version
-can be 1, 2 or 3 and defaults to 3.
+@kbd{version} can be 1, 2 or 3 and defaults to 3.
The
-.Cm
-prefer
-keyword indicates a preferred peer (and thus will
+@code{prefer} keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
preferred peer also determines the validity of the PPS signal - if
the preferred peer is suitable for synchronisation so is the PPS
signal.
@item Xo
-.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
+[@kbd{keyid} ]
+[@kbd{version} ]
+[@code{prefer} ]
Identical to the addpeer command, except that the operating
mode is client.
@item Xo
-.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
+[@kbd{keyid} ]
+[@kbd{version} ]
+[@code{prefer} ]
Identical to the addpeer command, except that the operating
mode is broadcast.
In this case a valid key identifier and key are
required.
The
-.Ar
-peer_address
-parameter can be the broadcast
+@kbd{peer_address} parameter can be the broadcast
address of the local network or a multicast group address assigned
to NTP.
If a multicast address, a multicast-capable kernel is
association may persist in an unconfigured mode if the remote peer
is willing to continue on in this fashion.
@item Xo
-.Op
-Cm
-time1
-.Op
-Cm
-time2
-.Op
-Ar
-stratum
-.Op
-Ar
-refid
-.Xc
+[@code{time1} ]
+[@code{time2} ]
+[@kbd{stratum} ]
+[@kbd{refid} ]
This command provides a way to set certain data for a reference
clock.
See the source listing for further information.
@item Xo
.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
+@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc
@item Xo
.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
+@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc
These commands operate in the same way as the
-.Ic
-enable
-and
-.Ic
-disable
-configuration file commands of
+@code{enable} and
+@code{disable} configuration file commands of
@code{ntpd(8)}.
@table @samp
@item Cm
Enables the pulse-per-second (PPS) signal when frequency
and time is disciplined by the precision time kernel modifications.
See the
-.Qq
-A
-Kernel
-Model
-for
-Precision
-Timekeeping
+"AKernelModelforPrecisionTimekeeping"
(available as part of the HTML documentation
provided in
-.Pa
-/usr/share/doc/ntp
+@file{/usr/share/doc/ntp})
)
page for further information.
The default for this flag is disable.
@item Cm
Enables the statistics facility.
See the
-.Sx
-Monitoring
+@ref{Monitoring}Monitoring
Options
section of
@code{ntp.conf(5)}
address
Ar
mask
-.Ar
-flag
-Oo
-Ar
-...
-Oc
-.Xc
-This command operates in the same way as the
-.Ic
-restrict
-configuration file commands of
+@kbd{flag} @kbd{Oo} @kbd{Ar}... @kbd{Oc} This command operates in the same way as the
+@code{restrict} configuration file commands of
@code{ntpd(8)}.
.It
Xo
address
Ar
mask
-.Ar
-flag
-Oo
-Ar
-...
-Oc
-.Xc
-Unrestrict the matching entry from the restrict list.
+@kbd{flag} @kbd{Oo} @kbd{Ar}... @kbd{Oc} Unrestrict the matching entry from the restrict list.
.It
Xo
Ic
address
Ar
mask
-.Op
-Cm
-ntpport
-.Xc
+[@code{ntpport} ]
Delete the matching entry from the restrict list.
.It
Ic
...
Oc
These commands operate in the same way as the
-.Ic
-trustedkey
-and
-.Ic
-untrustedkey
-configuration file
+@code{trustedkey} and
+@code{untrustedkey} configuration file
commands of
@code{ntpd(8)}.
.It
addtrap
Ar
address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
+[@kbd{port} ]
+[@kbd{interface} ]
Set a trap for asynchronous messages.
See the source listing
for further information.
clrtrap
Ar
address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
+[@kbd{port} ]
+[@kbd{interface} ]
Clear a trap for asynchronous messages.
See the source listing
for further information.
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 06:40:11 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:57:48 AM by AutoGen 5.16.2
* From the definitions ntpdc-opts.def
* and the template file options
*
* ntpdc option static const strings
*/
static char const ntpdc_opt_strs[1862] =
-/* 0 */ "ntpdc 4.2.7p334\n"
+/* 0 */ "ntpdc 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1640 */ "no-load-opts\0"
/* 1653 */ "no\0"
/* 1656 */ "NTPDC\0"
-/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334\n"
+/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1794 */ "$HOME\0"
/* 1800 */ ".\0"
/* 1802 */ ".ntprc\0"
/* 1809 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1843 */ "\n\n\0"
-/* 1846 */ "ntpdc 4.2.7p334";
+/* 1846 */ "ntpdc 4.2.7p335";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 06:40:11 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:57:48 AM by AutoGen 5.16.2
* From the definitions ntpdc-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 15
-#define NTPDC_VERSION "4.2.7p334"
-#define NTPDC_FULL_VERSION "ntpdc 4.2.7p334"
+#define NTPDC_VERSION "4.2.7p335"
+#define NTPDC_FULL_VERSION "ntpdc 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpdc 1ntpdcman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpdc 1ntpdcman "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:23 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:54 AM by AutoGen 5.16.2
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPDC 1ntpdcmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:29 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:00 AM by AutoGen 5.16.2
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p334 of <code>ntpdc</code>.
+ <p>This document applies to version 4.2.7p335 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
- <div class="shortcontents">
-<h2>Short Contents</h2>
-<ul>
-<a href="#Top">ntpdc: NTPD Control User Manual</a>
-</ul>
-</div>
-
<ul class="menu">
<li><a accesskey="1" href="#ntpdc-Description">ntpdc Description</a>: Description
<li><a accesskey="2" href="#ntpdc-Invocation">ntpdc Invocation</a>: Invoking ntpdc
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334
+<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335
USAGE: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
will
attempt to read interactive format commands from the standard
input.
-.Ss
-"Interactive
-Commands"
+<div class="node">
+<p><hr>
+<a name="Interactive-Commands"></a>
+<br>
+</div>
+
+<h3 class="section">Interactive Commands</h3>
+
+<p>Interactive Commands
Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
The output of a
command is normally sent to the standard output, but optionally the
output of individual commands may be sent to a file by appending a
-.Ql
-\&>
-,
+\&>,
followed by a file name, to the command line.
<p>A number of interactive format commands are executed entirely
following.
<dl>
<dt><span class="samp">Ic</span><br><dt><span class="samp">Ic</span><dd>A
-.Sq
-Ic
-\&?
+Ic\&?
will print a list of all the command
keywords known to this incarnation of
<code>ntpdc</code>.
A
-.Sq
-Ic
-\&?
+Ic\&?
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
Hostname may
be either a host name or a numeric address.
<br><dt><span class="samp">Ic</span><dd>If
-.Cm
-yes
-is specified, host names are printed in
+<code>yes</code> is specified, host names are printed in
information displays.
If
-.Cm
-no
-is specified, numeric
+<code>no</code> is specified, numeric
addresses are printed instead.
The default is
-.Cm
-yes
-,
-unless
+<code>yes</code>, unless
modified using the command line
<code>-n</code> switch.
<br><dt><span class="samp">Ic</span><dd>This command allows the specification of a key number to be
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
- <p>.Ss
-"Control
-Message
-Commands"
+<div class="node">
+<p><hr>
+<a name="Control-Message-Commands"></a>
+<br>
+</div>
+
+<h3 class="section">Control Message Commands</h3>
+
+ <p>Control Message Commands
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
These are read-only commands
<p>The character in the left margin indicates the mode this peer
entry is operating in.
A
-.Ql
\&+
denotes symmetric active, a
-.Ql
\&-
indicates symmetric passive, a
-.Ql
\&=
means the
remote server is being polled in client mode, a
-.Ql
\&^
indicates that the server is broadcasting to this address, a
-.Ql
\&~
denotes that the remote peer is sending broadcasts and a
-.Ql
\&~
denotes that the remote peer is sending broadcasts and a
-.Ql
\&*
marks the peer the server is currently synchronizing
to.
- <p>The contents of the host field may be one of four forms.
-It may
-be a host name, an IP address, a reference clock implementation
-name with its parameter or
-.Fn
-REFCLK
-"implementation_number"
-"parameter"
-.
-On
-.Ic
-hostnames
-.Cm
-no
-only IP-addresses
-will be displayed.
-<br><dt><span class="samp">Ic</span><dd>A slightly different peer summary list.
-Identical to the output
-of the
-.Ic
-peers
-command, except for the character in the
-leftmost column.
-Characters only appear beside peers which were
-included in the final stage of the clock selection algorithm.
-A
-.Ql
-\&.
-indicates that this peer was cast off in the falseticker
-detection, while a
-.Ql
-\&+
-indicates that the peer made it
-through.
-A
-.Ql
-\&*
-denotes the peer the server is currently
-synchronizing with.
-<br><dt><span class="samp">Ic</span><dd>Shows a detailed display of the current peer variables for one
-or more peers.
-Most of these values are described in the NTP
-Version 2 specification.
-<br><dt><span class="samp">Ic</span><dd>Show per-peer statistic counters associated with the specified
-peer(s).
-<br><dt><span class="samp">Ic</span><dd>Obtain and print information concerning a peer clock.
-The
-values obtained provide information on the setting of fudge factors
-and other clock performance information.
-<br><dt><span class="samp">Ic</span><dd>Obtain and print kernel phase-lock loop operating parameters.
-This information is available only if the kernel has been specially
-modified for a precision timekeeping function.
-<br><dt><span class="samp">Ic</span><dd>Print the values of selected loop filter variables.
-The loop
-filter is the part of NTP which deals with adjusting the local
-system clock.
-The
-.Sq
-offset
-is the last offset given to the
-loop filter by the packet processing code.
-The
-.Sq
-frequency
-is the frequency error of the local clock in parts-per-million
-(ppm).
-The
-.Sq
-time_const
-controls the stiffness of the
-phase-lock loop and thus the speed at which it can adapt to
-oscillator drift.
-The
-.Sq
-watchdog
-timer
-value is the number
-of seconds which have elapsed since the last sample offset was
-given to the loop filter.
-The
-.Cm
-oneline
-and
-.Cm
-multiline
-options specify the format in which this
-information is to be printed, with
-.Cm
-multiline
-as the
-default.
-<br><dt><span class="samp">Ic</span><dd>Print a variety of system state variables, i.e., state related
-to the local server.
-All except the last four lines are described
-in the NTP Version 3 specification, RFC-1305.
-
- <p>The
-.Sq
-system
-flags
-show various system flags, some of
-which can be set and cleared by the
-.Ic
-enable
-and
-.Ic
-disable
-configuration commands, respectively.
-These are
-the
-.Cm
-auth
-,
-.Cm
-bclient
-,
-.Cm
-monitor
-,
-.Cm
-pll
-,
-.Cm
-pps
-and
-.Cm
-stats
-flags.
-See the
-<code>ntpd(8)</code>
-documentation for the meaning of these flags.
-There
-are two additional flags which are read only, the
-.Cm
-kernel_pll
-and
-.Cm
-kernel_pps
-.
-These flags indicate
-the synchronization status when the precision time kernel
-modifications are in use.
-The
-.Sq
-kernel_pll
-indicates that
-the local clock is being disciplined by the kernel, while the
-.Sq
-kernel_pps
-indicates the kernel discipline is provided by the PPS
-signal.
-
- <p>The
-.Sq
-stability
-is the residual frequency error remaining
-after the system frequency correction is applied and is intended for
-maintenance and debugging.
-In most architectures, this value will
-initially decrease from as high as 500 ppm to a nominal value in
-the range .01 to 0.1 ppm.
-If it remains high for some time after
-starting the daemon, something may be wrong with the local clock,
-or the value of the kernel variable
-.Va
-kern.clockrate.tick
-may be
-incorrect.
-
- <p>The
-.Sq
-broadcastdelay
-shows the default broadcast delay,
-as set by the
-.Ic
-broadcastdelay
-configuration command.
-
- <p>The
-.Sq
-authdelay
-shows the default authentication delay,
-as set by the
-.Ic
-authdelay
-configuration command.
-<br><dt><span class="samp">Ic</span><dd>Print statistics counters maintained in the protocol
-module.
-<br><dt><span class="samp">Ic</span><dd>Print statistics counters related to memory allocation
-code.
-<br><dt><span class="samp">Ic</span><dd>Print statistics counters maintained in the input-output
-module.
-<br><dt><span class="samp">Ic</span><dd>Print statistics counters maintained in the timer/event queue
-support code.
-<br><dt><span class="samp">Ic</span><dd>Obtain and print the server's restriction list.
-This list is
-(usually) printed in sorted order and may help to understand how
-the restrictions are applied.
-<br><dt><span class="samp">Ic</span><dd>Obtain and print traffic counts collected and maintained by the
-monitor facility.
-The version number should not normally need to be
-specified.
-<br><dt><span class="samp">Ic</span><dd>Obtain debugging information for a reference clock driver.
-This
-information is provided only by some clock drivers and is mostly
-undecodable without a copy of the driver source in hand.
-
- <p>.Ss
-"Runtime
-Configuration
-Requests"
-All requests which cause state changes in the server are
-authenticated by the server using a configured NTP key (the
-facility can also be disabled by the server by not configuring a
-key).
-The key number and the corresponding key must also be made
-known to
-<code>ntpdc</code>.
-This can be done using the
-.Ic
-keyid
-and
-.Ic
-passwd
-commands, the latter of which will prompt at the terminal for a
-password to use as the encryption key.
-You will also be prompted
-automatically for both the key number and password the first time a
-command which would result in an authenticated request to the
-server is given.
-Authentication not only provides verification that
-the requester has permission to make such changes, but also gives
-an extra degree of protection again transmission errors.
-
- <p>Authenticated requests always include a timestamp in the packet
-data, which is included in the computation of the authentication
-code.
-This timestamp is compared by the server to its receive time
-stamp.
-If they differ by more than a small amount the request is
-rejected.
-This is done for two reasons.
-First, it makes simple
-replay attacks on the server, by someone who might be able to
-overhear traffic on your LAN, much more difficult.
-Second, it makes
-it more difficult to request configuration changes to your server
-from topologically remote hosts.
-While the reconfiguration facility
-will work well with a server on the local host, and may work
-adequately between time-synchronized hosts on the same LAN, it will
-work very poorly for more distant hosts.
-As such, if reasonable
-passwords are chosen, care is taken in the distribution and
-protection of keys and appropriate source address restrictions are
-applied, the run time reconfiguration facility should provide an
-adequate level of security.
-
- <p>The following commands all make authenticated requests.
- <dl>
-<dt><span class="samp">Xo</span><dd>.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Add a configured peer association at the given address and
-operating in symmetric active mode.
-Note that an existing
-association with the same peer may be deleted when this command is
-executed, or may simply be converted to conform to the new
-configuration, as appropriate.
-If the optional
-.Ar
-keyid
-is a
-nonzero integer, all outgoing packets to the remote server will
-have an authentication field attached encrypted with this key.
-If
-the value is 0 (or not given) no authentication will be done.
-The
-.Ar
-version
-can be 1, 2 or 3 and defaults to 3.
-The
-.Cm
-prefer
-keyword indicates a preferred peer (and thus will
-be used primarily for clock synchronisation if possible).
-The
-preferred peer also determines the validity of the PPS signal - if
-the preferred peer is suitable for synchronisation so is the PPS
-signal.
-<br><dt><span class="samp">Xo</span><dd>.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is client.
-<br><dt><span class="samp">Xo</span><dd>.Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is broadcast.
-In this case a valid key identifier and key are
-required.
-The
-.Ar
-peer_address
-parameter can be the broadcast
-address of the local network or a multicast group address assigned
-to NTP.
-If a multicast address, a multicast-capable kernel is
-required.
-<br><dt><span class="samp">Ic</span><dd>This command causes the configured bit to be removed from the
-specified peer(s).
-In many cases this will cause the peer
-association to be deleted.
-When appropriate, however, the
-association may persist in an unconfigured mode if the remote peer
-is willing to continue on in this fashion.
-<br><dt><span class="samp">Xo</span><dd>.Op
-Cm
-time1
-.Op
-Cm
-time2
-.Op
-Ar
-stratum
-.Op
-Ar
-refid
-.Xc
-This command provides a way to set certain data for a reference
-clock.
-See the source listing for further information.
-<br><dt><span class="samp">Xo</span><dd>.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
-<br><dt><span class="samp">Xo</span><dd>.Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
-These commands operate in the same way as the
-.Ic
-enable
-and
-.Ic
-disable
-configuration file commands of
-<code>ntpd(8)</code>.
- <dl>
-<dt><span class="samp">Cm</span><dd>Enables the server to synchronize with unconfigured peers only
-if the peer has been correctly authenticated using either public key
-or private key cryptography.
-The default for this flag is enable.
-<br><dt><span class="samp">Cm</span><dd>Enables the server to listen for a message from a broadcast or
-multicast server, as in the multicastclient command with
-default address.
-The default for this flag is disable.
-<br><dt><span class="samp">Cm</span><dd>Enables the calibrate feature for reference clocks.
-The default for this flag is disable.
-<br><dt><span class="samp">Cm</span><dd>Enables the kernel time discipline, if available.
-The default for this flag is enable if support is available, otherwise disable.
-<br><dt><span class="samp">Cm</span><dd>Enables the monitoring facility.
-See the
-<code>ntpdc(8)</code>.
-program and the monlist command or further information.
-The default for this flag is enable.
-<br><dt><span class="samp">Cm</span><dd>Enables time and frequency discipline.
-In effect, this switch opens and closes the feedback loop,
-which is useful for testing.
-The default for this flag is enable.
-<br><dt><span class="samp">Cm</span><dd>Enables the pulse-per-second (PPS) signal when frequency
-and time is disciplined by the precision time kernel modifications.
-See the
-.Qq
-A
-Kernel
-Model
-for
-Precision
-Timekeeping
-(available as part of the HTML documentation
-provided in
-.Pa
-/usr/share/doc/ntp
-)
-page for further information.
-The default for this flag is disable.
-<br><dt><span class="samp">Cm</span><dd>Enables the statistics facility.
-See the
-.Sx
-Monitoring
-Options
-section of
-<code>ntp.conf(5)</code>
-for further information.
-The default for this flag is disable.
-
- <p>.It
-Xo
-Ic
-restrict
-Ar
-address
-Ar
-mask
-.Ar
-flag
-Oo
-Ar
-...
-Oc
-.Xc
-This command operates in the same way as the
-.Ic
-restrict
-configuration file commands of
-<code>ntpd(8)</code>.
-.It
-Xo
-Ic
-unrestrict
-Ar
-address
-Ar
-mask
-.Ar
-flag
-Oo
-Ar
-...
-Oc
-.Xc
-Unrestrict the matching entry from the restrict list.
-.It
-Xo
-Ic
-delrestrict
-Ar
-address
-Ar
-mask
-.Op
-Cm
-ntpport
-.Xc
-Delete the matching entry from the restrict list.
-.It
-Ic
-readkeys
-Causes the current set of authentication keys to be purged and
-a new set to be obtained by rereading the keys file (which must
-have been specified in the
-<code>ntpd(8)</code>
-configuration file).
-This
-allows encryption keys to be changed without restarting the
-server.
-.It
-Ic
-trustedkey
-Ar
-keyid
-Oo
-Ar
-...
-Oc
-.It
-Ic
-untrustedkey
-Ar
-keyid
-Oo
-Ar
-...
-Oc
-These commands operate in the same way as the
-.Ic
-trustedkey
-and
-.Ic
-untrustedkey
-configuration file
-commands of
-<code>ntpd(8)</code>.
-.It
-Ic
-authinfo
-Returns information concerning the authentication module,
-including known keys and counts of encryptions and decryptions
-which have been done.
-.It
-Ic
-traps
-Display the traps set in the server.
-See the source listing for
-further information.
-.It
-Xo
-Ic
-addtrap
-Ar
-address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
-Set a trap for asynchronous messages.
-See the source listing
-for further information.
-.It
-Xo
-Ic
-clrtrap
-Ar
-address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
-Clear a trap for asynchronous messages.
-See the source listing
-for further information.
-.It
-Ic
-reset
-Clear the statistics counters in various modules of the server.
-See the source listing for further information.
-
-<div class="node">
-<p><hr>
-<a name="ntpdc-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-Authors">ntpdc Authors</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-Usage">ntpdc Usage</a>,
-Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
-</div>
-
-<h4 class="subsection">ntpdc See Also</h4>
-
- <p><code>ntp.conf(5)</code>,
-<code>ntpd(8)</code>
-.Rs
-.%A
-David
-L.
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-3)
-.%O
-RFC1305
-.Re
-<div class="node">
-<p><hr>
-<a name="ntpdc-Authors"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-Bugs">ntpdc Bugs</a>,
-Previous: <a rel="previous" accesskey="p" href="#ntpdc-See-Also">ntpdc See Also</a>,
-Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
-</div>
-
-<h4 class="subsection">ntpdc Authors</h4>
-
- <p>The formatting directives in this document came from FreeBSD.
-<div class="node">
-<p><hr>
-<a name="ntpdc-Bugs"></a>Previous: <a rel="previous" accesskey="p" href="#ntpdc-Authors">ntpdc Authors</a>,
-Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
-</div>
-
-<h4 class="subsection">ntpdc Bugs</h4>
-
- <p>The
-<code>ntpdc</code>
-utility is a crude hack.
-Much of the information it shows is
-deadly boring and could only be loved by its implementer.
-The
-program was designed so that new (and temporary) features were easy
-to hack in, at great expense to the program's ease of use.
-Despite
-this, the program is occasionally useful.
-
- <p>Please report bugs to http://bugs.ntp.org .
-
-<div class="node">
-<p><hr>
-<a name="Usage"></a>
-<br>
-</div>
-
- <!-- node-name, next, previous, up -->
-<h3 class="section">Usage</h3>
-
- <p>The simplest use of this program is as an unprivileged command to
-check the current time, offset, and error in the local clock.
-For example:
-
- <pre class="example"> ntpdc ntpserver.somewhere
- </pre>
- <p>With suitable privilege, it can be run as a command or in a
-<code>cron</code> job to reset the local clock from a reliable server, like
-the <code>ntpdate</code> and <code>rdate</code> commands.
-For example:
-
- <pre class="example"> ntpdc -a ntpserver.somewhere
- </pre>
- </body></html>
-
-.TH ntpdc @NTPDC_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpdc @NTPDC_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:23 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:57:54 AM by AutoGen 5.16.2
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPDC @NTPDC_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:29 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:00 AM by AutoGen 5.16.2
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:40:58 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:58:14 AM by AutoGen 5.16.2
# From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@code{ntpq}
will attempt to read
interactive format commands from the standard input.
-.Ss
-"Internal
-Commands"
+@node Internal Commands
+@section Internal Commands
+
+Internal Commands
Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
@item Ic
@item Ic
A
-.Ql
-\&?
+@quoteleft{}\&?@quoteright{}
by itself will print a list of all the command
keywords known to this incarnation of
@code{ntpq}.
A
-.Ql
-\&?
+@quoteleft{}\&?@quoteright{}
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
than this manual
page.
@item Ic
-.Ic
-...
-.Xc
-@item Ic
+... @item Ic
@item Ic
The data carried by NTP mode 6 messages consists of a list of
items of the form
-.Ql
-variable_name=value
-,
+@quoteleft{}variable_name=value,@quoteright{}
where the
-.Ql
-=value
+@quoteleft{}=value@quoteright{}
is ignored, and can be omitted,
in requests to the server to read variables.
The
@code{ntpq}
utility maintains an internal list in which data to be included in control
messages can be assembled, and sent using the
-.Ic
-readlist
-and
-.Ic
-writelist
-commands described below.
+@code{readlist} and
+@code{writelist} commands described below.
The
-.Ic
-addvars
-command allows variables and their optional values to be added to
+@code{addvars} command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
be comma-separated and not contain white space.
The
-.Ic
-rmvars
-command can be used to remove individual variables from the list,
+@code{rmvars} command can be used to remove individual variables from the list,
while the
-.Ic
-clearlist
-command removes all variables from the
+@code{clearlist} command removes all variables from the
list.
@item Ic
Normally
does not authenticate requests unless
they are write requests.
The command
-.Ql
-authenticate
-yes
+@quoteleft{}authenticateyes@quoteright{}
causes
@code{ntpq}
to send authentication with all requests it
Authenticated requests causes some servers to handle
requests slightly differently, and can occasionally melt the CPU in
fuzzballs if you turn authentication on before doing a
-.Ic
-peer
-display.
+@code{peer} display.
The command
-.Ql
-authenticate
+@quoteleft{}authenticate@quoteright{}
causes
@code{ntpq}
to display whether or not
@code{ntpq}
thinks should have a decodable value but didn't are
marked with a trailing
-.Ql
-\&?
-.
+@quoteleft{}\&?.@quoteright{}
@item Xo
-.Ic
-debug
-.Oo
-.Cm
-more
-|
-.Cm
-less
-|
-.Cm
-off
-.Oc
-.Xc
+@code{debug} .Oo
+@code{more} | @code{less} | @code{off} .Oc
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
@item Ic
so this command may be obsolete.
@item Ic
Set the host to which future queries will be sent.
-.Ar
-hostname
-may be either a host name or a numeric address.
+@kbd{hostname} may be either a host name or a numeric address.
@item Ic
If
-.Cm
-yes
-is specified, host names are printed in
+@code{yes} is specified, host names are printed in
information displays.
If
-.Cm
-no
-is specified, numeric
+@code{no} is specified, numeric
addresses are printed instead.
The default is
-.Cm
-yes
-,
-unless
+@code{yes}, unless
modified using the command line
@code{-n} switch.
@item Ic
to a key number the server has been configured to use for this
purpose.
@item Ic
-.Cm
-1
-|
-.Cm
-2
-|
-.Cm
-3
-|
-.Cm
-4
-.Oc
-.Xc
+@code{1} | @code{2} | @code{3} | @code{4} .Oc
Sets the NTP version number which
@code{ntpq}
claims in
@exampleindent 0
@example
-ntpq - standard NTP query program - Ver. 4.2.7p334
+ntpq - standard NTP query program - Ver. 4.2.7p335
USAGE: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 06:40:32 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:03 AM by AutoGen 5.16.2
* From the definitions ntpq-opts.def
* and the template file options
*
* ntpq option static const strings
*/
static char const ntpq_opt_strs[1833] =
-/* 0 */ "ntpq 4.2.7p334\n"
+/* 0 */ "ntpq 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1627 */ "no-load-opts\0"
/* 1640 */ "no\0"
/* 1643 */ "NTPQ\0"
-/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p334\n"
+/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1769 */ "$HOME\0"
/* 1775 */ ".\0"
/* 1777 */ ".ntprc\0"
/* 1784 */ "http://bugs.ntp.org, bugs@ntp.org\0"
-/* 1818 */ "ntpq 4.2.7p334";
+/* 1818 */ "ntpq 4.2.7p335";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 06:40:31 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:02 AM by AutoGen 5.16.2
* From the definitions ntpq-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 14
-#define NTPQ_VERSION "4.2.7p334"
-#define NTPQ_FULL_VERSION "ntpq 4.2.7p334"
+#define NTPQ_VERSION "4.2.7p335"
+#define NTPQ_FULL_VERSION "ntpq 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpq 1ntpqman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpq 1ntpqman "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:54 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:10 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPQ 1ntpqmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:00 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:16 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
-.TH ntpq @NTPQ_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpq @NTPQ_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:40:54 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:10 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPQ @NTPQ_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:00 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:16 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:41:16 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:58:29 AM by AutoGen 5.16.2
# From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p334
+ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p335
USAGE: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-n no nofork Do not fork
This document corresponds to version @VERSION@ of NTP.
@node ntpsnmpd Authors
@subsection ntpsnmpd Authors
-.An
-"Heiko
-Gerstung"
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 06:41:03 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:19 AM by AutoGen 5.16.2
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
* ntpsnmpd option static const strings
*/
static char const ntpsnmpd_opt_strs[1561] =
-/* 0 */ "ntpsnmpd 4.2.7p334\n"
+/* 0 */ "ntpsnmpd 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1360 */ "no-load-opts\0"
/* 1373 */ "no\0"
/* 1376 */ "NTPSNMPD\0"
-/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p334\n"
+/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1490 */ "$HOME\0"
/* 1496 */ ".\0"
/* 1498 */ ".ntprc\0"
/* 1505 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1539 */ "\n\n\0"
-/* 1542 */ "ntpsnmpd 4.2.7p334";
+/* 1542 */ "ntpsnmpd 4.2.7p335";
/*
* nofork option description:
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 06:41:02 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:18 AM by AutoGen 5.16.2
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 8
-#define NTPSNMPD_VERSION "4.2.7p334"
-#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p334"
+#define NTPSNMPD_VERSION "4.2.7p335"
+#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpsnmpd 1ntpsnmpdman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpsnmpd 1ntpsnmpdman "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:12 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:25 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:18 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:31 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
-.TH ntpsnmpd @NTPSNMPD_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpsnmpd @NTPSNMPD_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:12 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:25 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:18 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:31 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
# - Numeric values increment
# - empty 'increments' to 1
# - NEW 'increments' to empty
-point=334
+point=335
### betapoint is normally modified by script.
# ntp-stable Beta number (betapoint)
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 11:05:29 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 17, 2012 at 11:36:20 AM by AutoGen 5.16.2
# From the definitions ntp-wait-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@code{ntp-wait}
will send at most
-.Ar
-num-tries
-queries to
+@kbd{num-tries} queries to
@code{ntpd(8)},
sleeping for
-.Ar
-secs-between-tries
-after each status return that says
+@kbd{secs-between-tries} after each status return that says
@code{ntpd(8)}
has not yet produced a synchronized and stable system clock.
@end table
@node ntp-wait Authors
@subsection ntp-wait Authors
-.An
-"Harlan
-Stenn"
@node ntp-wait Notes
@subsection ntp-wait Notes
This document corresponds to version @VERSION@ of NTP.
-.TH ntp-wait 1ntp-waitman "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-wait 1ntp-waitman "17 Dec 2012" "ntp (4.2.7p335)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 11:05:23 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:36:16 AM by AutoGen 5.16.2
.\" From the definitions ntp-wait-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 17 2012
.Dt NTP_WAIT 1ntp-waitmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 11:05:34 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:36:22 AM by AutoGen 5.16.2
.\" From the definitions ntp-wait-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
<h2 class="unnumbered">Simple Network Time Protocol User Manual</h2>
-<p>This document describes the use of the NTP Project's <code>ntp-wait</code> program,
-that can be used to query a Network Time Protocol (NTP) server and
-display the time offset of the system clock relative to the server
-clock. Run as root, it can correct the system clock to this offset as
-well. It can be run as an interactive command or from a cron job.
+<p>This document describes the use of the NTP Project's <code>ntp-wait</code> program.
- <p>This document applies to version 4.2.7p334 of <code>ntp-wait</code>.
+ <p>If there are time-sensitive applications,
+the proper sequence of events is to
+run <code>ntpd -g</code> as early as possible,
+then invoke all of the non-time-sensitive process,
+run <code>ntp-wait</code> to block
+until the system's time has stabilized and synchronized,
+and only then start any applicaitons (like database servers) that require
+accurate and stable time.
- <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
-IETF specification.
+ <p>This document applies to version 4.2.7p335 of <code>ntp-wait</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
<ul class="menu">
<li><a accesskey="1" href="#ntp_002dwait-Description">ntp-wait Description</a>: Description
<li><a accesskey="2" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>: Invoking ntp-wait
-<li><a accesskey="3" href="#Usage">Usage</a>: Usage
</ul>
<div class="node">
<!-- node-name, next, previous, up -->
<h3 class="section">Description</h3>
-<p>By default, <code>ntp-wait</code> writes the local data and time (i.e., not UTC) to the
-standard output in the format:
-
-<pre class="example"> 1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 secs
-</pre>
- <p>where
-YYYY-MM-DD HH:MM:SS.SUBSEC is the local date and time,
-(+0800) is the local timezone adjustment (so we would add 8 hours and 0 minutes to convert the reported local time to UTC),
-and
-the +4.567 +/- 0.089 secs indicates the time offset and
-error bound of the system clock relative to the server clock.
+<p>The <code>ntp-wait</code> program blocks until <code>ntpd</code> is in synchronized state.
+This can be useful at boot time, to delay the boot sequence until after
+<code>ntpd -g</code> has set the time.
<div class="node">
<p><hr>
<p><code>ntp-wait</code>
will send at most
-.Ar
-num-tries
-queries to
+<kbd>num-tries</kbd> queries to
<code>ntpd(8)</code>,
sleeping for
-.Ar
-secs-between-tries
-after each status return that says
+<kbd>secs-between-tries</kbd> after each status return that says
<code>ntpd(8)</code>
has not yet produced a synchronized and stable system clock.
<h4 class="subsection">ntp-wait Authors</h4>
-<p>.An
-"Harlan
-Stenn"
<div class="node">
<p><hr>
<a name="ntp_002dwait-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
<p>This document corresponds to version of NTP.
-<div class="node">
-<p><hr>
-<a name="Usage"></a>
-<br>
-</div>
-
-<!-- node-name, next, previous, up -->
-<h3 class="section">Usage</h3>
-
-<p>The simplest use of this program is as an unprivileged command to
-check the current time, offset, and error in the local clock.
-For example:
-
-<pre class="example"> ntp-wait ntpserver.somewhere
-</pre>
- <p>With suitable privilege, it can be run as a command or in a
-<code>crom</code> job to reset the local clock from a reliable server, like
-the <code>ntpdate</code> and <code>rdate</code> commands.
-For example:
-
-<pre class="example"> ntp-wait -a ntpserver.somewhere
-</pre>
- </body></html>
+</body></html>
-.TH ntp-wait @NTP_WAIT_MS@ "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-wait @NTP_WAIT_MS@ "17 Dec 2012" "ntp (4.2.7p335)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 11:05:23 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:36:16 AM by AutoGen 5.16.2
.\" From the definitions ntp-wait-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 17 2012
.Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 11:05:34 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 17, 2012 at 11:36:22 AM by AutoGen 5.16.2
.\" From the definitions ntp-wait-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
#
# EDIT THIS FILE WITH CAUTION (invoke-sntp.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:42:05 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:59:12 AM by AutoGen 5.16.2
# From the definitions sntp-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
can be used as an SNTP client to query a NTP or SNTP server and either display
the time or set the local system's time (given suitable privilege). It can be
run as an interactive command or from a
-.Ic
-cron
-job.
+@code{cron} job.
NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
are defined and described by RFC 5905.
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
-.Ic
-"'1996-10-15
-20:17:25.123
-(+0800)
-+4.567
-+/-
-0.089
-[host]
-IP
-sN'"
-
+@code{'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'}
where the
-.Ic
-"'(+0800)'"
-means that to get to UTC from the reported local time one must
+@code{'(+0800)'} means that to get to UTC from the reported local time one must
add 8 hours and 0 minutes,
the
-.Ic
-"'+4.567'"
-indicates the local clock is 4.567 seconds behind the correct time
+@code{'+4.567'} indicates the local clock is 4.567 seconds behind the correct time
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic
-"'+/-
-0.089'"
-is the reported
-.Em
-synchronization
-distance
+@code{'+/- 0.089'} is the reported
+@emph{synchronizationdistance}
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic
-"'+/-
-?'"
-.
-If the
-.Em
-host
+@code{'+/- ?'}. If the
+@emph{host}
is different from the
-.Em
-IP
-,
+@emph{IP,}
both will be displayed.
Otherwise, only the
-.Em
-IP
+@emph{IP}
is displayed.
Finally, the
-.Em
-stratum
+@emph{stratum}
of the host is reported.
This section was generated by @strong{AutoGen},
@exampleindent 0
@example
-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334
+sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335
USAGE: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
or from a
@code{cron(8)}
job,
-.Ic
-"sntp
--a"
-will reset the local clock from a synchronized specified server,
+@code{sntp -a} will reset the local clock from a synchronized specified server,
like the (deprecated)
@code{ntpdate(1ntpdatemdoc)},
or
@end multitable
@node sntp Authors
@subsection sntp Authors
-.An
-"Johannes
-Maximilian
-Kuehn"
-.An
-"Harlan
-Stenn"
-.An
-"Dave
-Hart"
@node sntp Notes
@subsection sntp Notes
This document corresponds to version @VERSION@ of
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 10:48:54 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 17, 2012 at 11:33:38 AM by AutoGen 5.16.2
* From the definitions sntp-opts.def
* and the template file options
*
* sntp option static const strings
*/
static char const sntp_opt_strs[2500] =
-/* 0 */ "sntp 4.2.7p334\n"
+/* 0 */ "sntp 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2244 */ "LOAD_OPTS\0"
/* 2254 */ "no-load-opts\0"
/* 2267 */ "SNTP\0"
-/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334\n"
+/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ hostname-or-IP ...]\n\0"
/* 2433 */ "$HOME\0"
/* 2441 */ ".ntprc\0"
/* 2448 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2482 */ "\n\n\0"
-/* 2485 */ "sntp 4.2.7p334";
+/* 2485 */ "sntp 4.2.7p335";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 10:48:53 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 17, 2012 at 11:33:38 AM by AutoGen 5.16.2
* From the definitions sntp-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 23
-#define SNTP_VERSION "4.2.7p334"
-#define SNTP_FULL_VERSION "sntp 4.2.7p334"
+#define SNTP_VERSION "4.2.7p335"
+#define SNTP_FULL_VERSION "sntp 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH sntp 1sntpman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH sntp 1sntpman "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:42:00 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:59:07 AM by AutoGen 5.16.2
.\" From the definitions sntp-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt SNTP 1sntpmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:42:06 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:59:14 AM by AutoGen 5.16.2
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p334 of <code>sntp</code>.
+ <p>This document applies to version 4.2.7p335 of <code>sntp</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
can be used as an SNTP client to query a NTP or SNTP server and either display
the time or set the local system's time (given suitable privilege). It can be
run as an interactive command or from a
-.Ic
-cron
-job.
+<code>cron</code> job.
<p>NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
are defined and described by RFC 5905.
<p>The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
- <p>.Ic
-"'1996-10-15
-20:17:25.123
-(+0800)
-+4.567
-+/-
-0.089
-[host]
-IP
-sN'"
-
- <p>where the
-.Ic
-"'(+0800)'"
-means that to get to UTC from the reported local time one must
+ <p><code>'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'</code>
+where the
+<code>'(+0800)'</code> means that to get to UTC from the reported local time one must
add 8 hours and 0 minutes,
the
-.Ic
-"'+4.567'"
-indicates the local clock is 4.567 seconds behind the correct time
+<code>'+4.567'</code> indicates the local clock is 4.567 seconds behind the correct time
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic
-"'+/-
-0.089'"
-is the reported
-.Em
-synchronization
-distance
+<code>'+/- 0.089'</code> is the reported
+<em>synchronizationdistance</em>
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic
-"'+/-
-?'"
-.
-If the
-.Em
-host
+<code>'+/- ?'</code>. If the
+<em>host</em>
is different from the
-.Em
-IP
-,
+<em>IP,</em>
both will be displayed.
Otherwise, only the
-.Em
-IP
+<em>IP</em>
is displayed.
Finally, the
-.Em
-stratum
+<em>stratum</em>
of the host is reported.
<p>This section was generated by <strong>AutoGen</strong>,
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334
+<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335
USAGE: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
or from a
<code>cron(8)</code>
job,
-.Ic
-"sntp
--a"
-will reset the local clock from a synchronized specified server,
+<code>sntp -a</code> will reset the local clock from a synchronized specified server,
like the (deprecated)
<code>ntpdate(1ntpdatemdoc)</code>,
or
<h4 class="subsection">sntp Authors</h4>
- <p>.An
-"Johannes
-Maximilian
-Kuehn"
-.An
-"Harlan
-Stenn"
-.An
-"Dave
-Hart"
<div class="node">
<p><hr>
<a name="sntp-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#sntp-Authors">sntp Authors</a>,
-.TH sntp @SNTP_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH sntp @SNTP_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:42:00 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:59:07 AM by AutoGen 5.16.2
.\" From the definitions sntp-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt SNTP @SNTP_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:42:06 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:59:14 AM by AutoGen 5.16.2
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi)
#
-# It has been AutoGen-ed December 10, 2012 at 06:41:40 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 18, 2012 at 03:58:49 AM by AutoGen 5.16.2
# From the definitions ntp-keygen-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
function, normally the DNS name of the host is used.
The
-.Ar
-pw
-option of the
-.Ar
-crypto
-configuration command specifies the read
+@kbd{pw} option of the
+@kbd{crypto} configuration command specifies the read
password for previously encrypted local files.
This must match the local password used by this program.
If not specified, the host name is used.
Thus, if files are generated by this program without password,
they can be read back by
-.Ar
-ntpd
-without password but only on the same host.
+@kbd{ntpd} without password but only on the same host.
Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-.Ar
-ntp.keys
-,
-is usually installed in
-.Pa
-/etc
+ntp.keys, is usually installed in
+@file{/etc}.
.
Other files and links are usually installed in
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
,
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
-.Ar
-keysdir
-configuration command in such cases.
+@kbd{keysdir} configuration command in such cases.
Normally, this is in
-.Pa
-/etc
+@file{/etc}.
.
This program directs commentary and error messages to the standard
error stream
-.Ar
-stderr
-and remote files to the standard output stream
-.Ar
-stdout
-where they can be piped to other applications or redirected to files.
+@kbd{stderr} and remote files to the standard output stream
+@kbd{stdout} where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-.Ar
-ntpkey
-and include the file type, generating host and filestamp,
+@kbd{ntpkey} and include the file type, generating host and filestamp,
as described in the
-.Dq
-Cryptographic
-Data
-Files
+@quotedblleft{}CryptographicDataFiles@quotedblright{}
section below.
-.Ss
+@node Running
+@section Running
+
Running
the
Program
To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc}
When run for the first time, or if all files with names beginning with
-.Ar
-ntpkey
-have been removed, use the
+@kbd{ntpkey} have been removed, use the
@code{ntp-keygen}
command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
certificate should be re-generated.
Additional information on trusted groups and identity schemes is on the
-.Dq
-Autokey
-Public-Key
-Authentication
+@quotedblleft{}AutokeyPublic-KeyAuthentication@quotedblright{}
page.
The
@code{ntpd(8)}
configuration command
-.Ic
-crypto
-pw
-Ar
-password
-specifies the read password for previously encrypted files.
+@code{crypto} @code{pw} @code{Ar} @code{password} specifies the read password for previously encrypted files.
The daemon expires on the spot if the password is missing
or incorrect.
For convenience, if a file has been previously encrypted,
File names begin with the prefix
-.Cm
-ntpkey_
-and end with the postfix
-.Ar
-_hostname.filestamp
-,
-where
-.Ar
-hostname
-is the owner name, usually the string returned
+@code{ntpkey_} and end with the postfix
+_hostname.filestamp, where
+@kbd{hostname} is the owner name, usually the string returned
by the Unix gethostname() routine, and
-.Ar
-filestamp
-is the NTP seconds when the file was generated, in decimal digits.
+@kbd{filestamp} is the NTP seconds when the file was generated, in decimal digits.
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-.Ic
-rm
-ntpkey\&*
-command or all files generated
+@code{rm}ntpkey\&* command or all files generated
at a specific time can be removed by a
-.Ic
-rm
-.Ar
-\&*filestamp
-command.
+@code{rm} \&*filestamp command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
and generation date and time as comments.
All files are installed by default in the keys directory
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
,
which is normally in a shared filesystem
in NFS-mounted networks.
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
-.Ss
+@node Running
+@section Running
+
Running
the
program
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
,
then run the program.
When run for the first time,
or if all
-.Cm
-ntpkey
-files have been removed,
+@code{ntpkey} files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
as the other files, are probably not compatible with anything other than Autokey.
Running the program as other than root and using the Unix
-.Ic
-su
-command
+@code{su} command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm
-.rnd
-in the user home directory.
+.rnd in the user home directory.
However, there should be only one
-.Cm
-.rnd
-,
-most conveniently
+.rnd, most conveniently
in the root directory, so it is convenient to define the
-.Cm
-$RANDFILE
-environment variable used by the OpenSSL library as the path to
-.Cm
-/.rnd
-.
-
+$RANDFILE environment variable used by the OpenSSL library as the path to
+/.rnd.
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa
-/etc
+@file{/etc}
using the
-.Ic
-keysdir
-command.
+@code{keysdir} command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
All files are installed by default in the keys directory
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
,
which is normally in a shared filesystem
in NFS-mounted networks.
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
-.Ss
+@node Running
+@section Running
+
Running
the
program
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
,
then run the program.
When run for the first time,
or if all
-.Cm
-ntpkey
-files have been removed,
+@code{ntpkey} files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
as the other files, are probably not compatible with anything other than Autokey.
Running the program as other than root and using the Unix
-.Ic
-su
-command
+@code{su} command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm
-.rnd
-in the user home directory.
+.rnd in the user home directory.
However, there should be only one
-.Cm
-.rnd
-,
-most conveniently
+.rnd, most conveniently
in the root directory, so it is convenient to define the
-.Cm
-$RANDFILE
-environment variable used by the OpenSSL library as the path to
-.Cm
-/.rnd
-.
-
+$RANDFILE environment variable used by the OpenSSL library as the path to
+/.rnd.
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa
-/etc
+@file{/etc}
using the
-.Ic
-keysdir
-command.
+@code{keysdir} command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
Each cryptographic configuration involves selection of a signature scheme
and identification scheme, called a cryptotype,
as explained in the
-.Sx
-Authentication
+@ref{Authentication}Authentication
Options
section of
@code{ntp.conf(5)}.
a certificate trail ending at a trusted host.
The trail is defined by static configuration file entries
or dynamic means described on the
-.Sx
-Automatic
+@ref{Automatic}Automatic
NTP
Configuration
Options
On each trusted host as root, change to the keys directory.
To insure a fresh fileset, remove all
-.Cm
-ntpkey
-files.
+@code{ntpkey} files.
Then run
@code{ntp-keygen}
@code{-T} to generate keys and a trusted certificate.
@code{ntp-keygen}
with the
@code{-S} @code{-Ar} @code{-type} option, where
-.Ar
-type
-is either
-.Cm
-RSA
-or
-.Cm
-DSA
-.
-The most often need to do this is when a DSA-signed certificate is used.
+@kbd{type} is either
+@code{RSA} or
+@code{DSA}. The most often need to do this is when a DSA-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
@code{ntp-keygen}
with the
@code{-c} @code{-Ar} @code{-scheme} option and selected
-.Ar
-scheme
-as needed.
+@kbd{scheme} as needed.
f
@code{ntp-keygen}
is run again without these options, it generates a new certificate
is restarted, it loads any new files and restarts the protocol.
Other dependent hosts will continue as usual until signatures are refreshed,
at which time the protocol is restarted.
-.Ss
+@node Identity
+@section Identity
+
Identity
Schemes
As mentioned on the Autonomous Authentication page,
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
including PC, IFF, GQ and MV described on the
-.Qq
-Identification
-Schemes
+"IdentificationSchemes"
page
(maybe available at
.Li
On trusted host alice run
@code{ntp-keygen}
@code{-P} @code{-p} @code{-Ar} @code{-password} to generate the host key file
-.Pa
-ntpkey_RSAkey_
+@file{ntpkey_RSAkey_}NsAralice.filestamp
Ns
Ar
alice.filestamp
and trusted private certificate file
-.Pa
-ntpkey_RSA-MD5_cert_
+@file{ntpkey_RSA-MD5_cert_}NsAralice.filestamp.
Ns
Ar
alice.filestamp
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
-.Pa
-ntpkey_host_
+@file{ntpkey_host_}NsArbob
Ns
Ar
bob
to the host key file and soft link
-.Pa
-ntpkey_cert_
+@file{ntpkey_cert_}NsArbob
Ns
Ar
bob
On trusted host alice run
@code{ntp-keygen}
@code{-T} @code{-I} @code{-p} @code{-Ar} @code{-password} to produce her parameter file
-.Pa
-ntpkey_IFFpar_
+@file{ntpkey_IFFpar_}NsAralice.filestamp,
Ns
Ar
alice.filestamp
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-.Pa
-ntpkey_iff_
+@file{ntpkey_iff_}NsAralice
Ns
Ar
alice
@code{-e} and pipe the output to a file or mail program.
Copy or mail this file to all restricted clients.
On these clients install a soft link from the generic
-.Pa
-ntpkey_iff_
+@file{ntpkey_iff_}NsAralice
Ns
Ar
alice
On trusted host alice run
@code{ntp-keygen}
@code{-T} @code{-G} @code{-p} @code{-Ar} @code{-password} to produce her parameter file
-.Pa
-ntpkey_GQpar_
+@file{ntpkey_GQpar_}NsAralice.filestamp,
Ns
Ar
alice.filestamp
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-.Pa
-ntpkey_gq_
+@file{ntpkey_gq_}NsAralice
Ns
Ar
alice
to this file.
In addition, on each host bob install a soft link
from generic
-.Pa
-ntpkey_gq_
+@file{ntpkey_gq_}NsArbob
Ns
Ar
bob
On TA trish run
@code{ntp-keygen}
@code{-V} @code{-Ar} @code{-n} @code{-p} @code{-Ar} @code{-password}, where
-.Ar
-n
-is the number of revokable keys (typically 5) to produce
+@kbd{n} is the number of revokable keys (typically 5) to produce
the parameter file
-.Pa
-ntpkeys_MVpar_
+@file{ntpkeys_MVpar_}NsArtrish.filestamp
Ns
Ar
trish.filestamp
and client key files
-.Pa
-ntpkeys_MVkeyd_
+@file{ntpkeys_MVkeyd_}NsArtrish.filestamp
Ns
Ar
trish.filestamp
where
-.Ar
-d
-is the key number (0 \&<
-.Ar
-d
-\&<
-.Ar
-n
-)
-.
-Copy the parameter file to alice and install a soft link
+@kbd{d} is the key number (0 \&<
+@kbd{d} \&<
+@kbd{n}). Copy the parameter file to alice and install a soft link
from the generic
-.Pa
-ntpkey_mv_
+@file{ntpkey_mv_}NsAralice
Ns
Ar
alice
since they all work the same way.
Alice copies the client key file to all of her cliens.
On client bob install a soft link from generic
-.Pa
-ntpkey_mvkey_
+@file{ntpkey_mvkey_}NsArbob
Ns
Ar
bob
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
-.Ss
+@node Command
+@section Command
+
Command
Line
Options
@item Fl
Select certificate message digest/signature encryption scheme.
The
-.Ar
-scheme
-can be one of the following:
+@kbd{scheme} can be one of the following:
.
Cm
RSA-MD2
DSA-SHA
,
or
-.Cm
-DSA-SHA1
-.
-Note that RSA schemes must be used with a RSA sign key and DSA
+@code{DSA-SHA1}. Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-.Cm
-RSA-MD5
-.
-@item Fl
+@code{RSA-MD5}. @item Fl
Enable debugging.
This option displays the cryptographic data produced in eye-friendly billboards.
@item Fl
obsoleting any that may exist.
@item Fl
Set the suject name to
-.Ar
-name
-.
-This is used as the subject field in certificates
+@kbd{name}. This is used as the subject field in certificates
and in the file name for host and sign keys.
@item Fl
Generate MD5 keys, obsoleting any that may exist.
By default, the program generates public certificates.
@item Fl
Encrypt generated files containing private data with
-.Ar
-password
-and the DES-CBC algorithm.
+@kbd{password} and the DES-CBC algorithm.
@item Fl
Set the password for reading files to password.
@item Fl
By default, the program uses the host key as the sign key.
@item Fl
Set the issuer name to
-.Ar
-name
-.
-This is used for the issuer field in certificates
+@kbd{name}. This is used for the issuer field in certificates
and in the file name for identity files.
@item Fl
Generate a trusted certificate.
Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
@end multitable
-.Ss
+@node Random
+@section Random
+
Random
Seed
File
The entropy seed used by the OpenSSL library is contained in a file,
usually called
-.Cm
-.rnd
-,
-which must be available when starting the NTP daemon
+.rnd, which must be available when starting the NTP daemon
or the
@code{ntp-keygen}
program.
The NTP daemon will first look for the file
using the path specified by the
-.Ic
-randfile
-subcommand of the
-.Ic
-crypto
-configuration command.
+@code{randfile} subcommand of the
+@code{crypto} configuration command.
If not specified in this way, or when starting the
@code{ntp-keygen}
program,
RANDFILE
environment variable is not present,
the library will look for the
-.Cm
-.rnd
-file in the user home directory.
+.rnd file in the user home directory.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
exits with a suitable error message.
-.Ss
+@node Cryptographic
+@section Cryptographic
+
Cryptographic
Data
Files
type
key
where
-.Ar
-keyno
-is a positive integer in the range 1-65,535,
-.Ar
-type
-is the string MD5 defining the key format and
-.Ar
-key
-is the key itself,
+@kbd{keyno} is a positive integer in the range 1-65,535,
+@kbd{type} is the string MD5 defining the key format and
+@kbd{key} is the key itself,
which is a printable ASCII string 16 characters or less in length.
Each character is chosen from the 93 printable characters
in the range 0x21 through 0x7f excluding space and the
-.Ql
-#
+@quoteleft{}#@quoteright{}
character.
Note that the keys used by the
The
@code{ntp-keygen}
program generates a MD5 symmetric keys file
-.Pa
-ntpkey_MD5key_
+@file{ntpkey_MD5key_}NsArhostname.filestamp.
Ns
Ar
hostname.filestamp
it should be visible only to root and distributed by secure means
to other subnet hosts.
The NTP daemon loads the file
-.Pa
-ntp.keys
+@file{ntp.keys},
,
so
@code{ntp-keygen}
@exampleindent 0
@example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p335
USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed December 10, 2012 at 06:41:23 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:35 AM by AutoGen 5.16.2
* From the definitions ntp-keygen-opts.def
* and the template file options
*
* ntp-keygen option static const strings
*/
static char const ntp_keygen_opt_strs[2358] =
-/* 0 */ "ntp-keygen (ntp) 4.2.7p334\n"
+/* 0 */ "ntp-keygen (ntp) 4.2.7p335\n"
"Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2136 */ "no-load-opts\0"
/* 2149 */ "no\0"
/* 2152 */ "NTP_KEYGEN\0"
-/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334\n"
+/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p335\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 2279 */ "$HOME\0"
/* 2285 */ ".\0"
/* 2287 */ ".ntprc\0"
/* 2294 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2328 */ "\n\n\0"
-/* 2331 */ "ntp-keygen (ntp) 4.2.7p334";
+/* 2331 */ "ntp-keygen (ntp) 4.2.7p335";
/*
* imbits option description:
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed December 10, 2012 at 06:41:22 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 18, 2012 at 03:58:35 AM by AutoGen 5.16.2
* From the definitions ntp-keygen-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 26
-#define NTP_KEYGEN_VERSION "4.2.7p334"
-#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p334"
+#define NTP_KEYGEN_VERSION "4.2.7p335"
+#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p335"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntp-keygen 1ntp-keygenman "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-keygen 1ntp-keygenman "18 Dec 2012" "ntp (4.2.7p335)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:35 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:44 AM by AutoGen 5.16.2
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:42 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:51 AM by AutoGen 5.16.2
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
printable ASCII format so they can be embedded as MIME attachments in
mail to other sites.
- <p>This document applies to version 4.2.7p334 of <code>ntp-keygen</code>.
+ <p>This document applies to version 4.2.7p335 of <code>ntp-keygen</code>.
<div class="node">
<p><hr>
and certificate authorities.
By default, files are not encrypted.
+ <p>When used to generate message digest keys, the program produces a file
+containing ten pseudo-random printable ASCII strings suitable for the
+MD5 message digest algorithm included in the distribution.
+If the OpenSSL library is installed, it produces an additional ten
+hex-encoded random bit strings suitable for the SHA1 and other message
+digest algorithms.
+The message digest keys file must be distributed and stored
+using secure means beyond the scope of NTP itself.
+Besides the keys used for ordinary NTP associations, additional keys
+can be defined as passwords for the ntpq and ntpdc utility programs.
+
+ <p>The remaining generated files are compatible with other OpenSSL
+applications and other Public Key Infrastructure (PKI) resources.
+Certificates generated by this program are compatible with extant
+industry practice, although some users might find the interpretation of
+X509v3 extension fields somewhat liberal.
+However, the identity keys are probably not compatible with anything
+other than Autokey.
+
+ <p>Some files used by this program are encrypted using a private password.
+The
+<code>--p</code> option specifies the password for local encrypted files and the
+<code>--q</code> option the password for encrypted files sent to remote sites.
+If no password is specified, the host name returned by the Unix
+.Fn
+gethostname
+function, normally the DNS name of the host is used.
+
+ <p>The
+.Ar
+pw
+option of the
+.Ar
+crypto
+configuration command specifies the read
+password for previously encrypted local files.
+This must match the local password used by this program.
+If not specified, the host name is used.
+Thus, if files are generated by this program without password,
+they can be read back by
+.Ar
+ntpd
+without password but only on the same host.
+
+ <p>Normally, encrypted files for each host are generated by that host and
+used only by that host, although exceptions exist as noted later on
+this page.
+The symmetric keys file, normally called
+.Ar
+ntp.keys
+,
+is usually installed in
+.Pa
+/etc
+.
+Other files and links are usually installed in
+.Pa
+/usr/local/etc
+,
+which is normally in a shared filesystem in
+NFS-mounted networks and cannot be changed by shared clients.
+The location of the keys directory can be changed by the
+.Ar
+keysdir
+configuration command in such cases.
+Normally, this is in
+.Pa
+/etc
+.
+
+ <p>This program directs commentary and error messages to the standard
+error stream
+.Ar
+stderr
+and remote files to the standard output stream
+.Ar
+stdout
+where they can be piped to other applications or redirected to files.
+The names used for generated files and links all begin with the
+string
+.Ar
+ntpkey
+and include the file type, generating host and filestamp,
+as described in the
+.Dq
+Cryptographic
+Data
+Files
+section below.
+.Ss
+Running
+the
+Program
+To test and gain experience with Autokey concepts, log in as root and
+change to the keys directory, usually
+.Pa
+/usr/local/etc
+When run for the first time, or if all files with names beginning with
+.Ar
+ntpkey
+have been removed, use the
+<code>ntp-keygen</code>
+command without arguments to generate a
+default RSA host key and matching RSA-MD5 certificate with expiration
+date one year hence.
+If run again without options, the program uses the
+existing keys and parameters and generates only a new certificate with
+new expiration date one year hence.
+
+ <p>Run the command on as many hosts as necessary.
+Designate one of them as the trusted host (TH) using
+<code>ntp-keygen</code>
+with the
+<code>-T</code> option and configure it to synchronize from reliable Internet servers.
+Then configure the other hosts to synchronize to the TH directly or
+indirectly.
+A certificate trail is created when Autokey asks the immediately
+ascendant host towards the TH to sign its certificate, which is then
+provided to the immediately descendant host on request.
+All group hosts should have acyclic certificate trails ending on the TH.
+
+ <p>The host key is used to encrypt the cookie when required and so must be
+RSA type.
+By default, the host key is also the sign key used to encrypt
+signatures.
+A different sign key can be assigned using the
+<code>-S</code> option and this can be either RSA or DSA type.
+By default, the signature
+message digest type is MD5, but any combination of sign key type and
+message digest type supported by the OpenSSL library can be specified
+using the
+<code>-c</code> option.
+The rules say cryptographic media should be generated with proventic
+filestamps, which means the host should already be synchronized before
+this program is run.
+This of course creates a chicken-and-egg problem
+when the host is started for the first time.
+Accordingly, the host time
+should be set by some other means, such as eyeball-and-wristwatch, at
+least so that the certificate lifetime is within the current year.
+After that and when the host is synchronized to a proventic source, the
+certificate should be re-generated.
+
+ <p>Additional information on trusted groups and identity schemes is on the
+.Dq
+Autokey
+Public-Key
+Authentication
+page.
+
<p>The
<code>ntpd(8)</code>
configuration command
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
- <pre class="example"> ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p333
+ <pre class="example"> ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334
USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
-.TH ntp-keygen @NTP_KEYGEN_MS@ "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-keygen @NTP_KEYGEN_MS@ "18 Dec 2012" "ntp (4.2.7p335)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:35 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:44 AM by AutoGen 5.16.2
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.\"
-.Dd December 10 2012
+.Dd December 18 2012
.Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 10, 2012 at 06:41:42 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 18, 2012 at 03:58:51 AM by AutoGen 5.16.2
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
projects / thirdparty / ntp.git / commitdiff
