ntpsnmpd/ntpsnmpd.man.in
ntpsnmpd/ntpsnmpd.mdoc.in
packageinfo.sh
-scripts/invoke-ntp-wait.texi
-scripts/ntp-wait.1ntp-waitman
-scripts/ntp-wait.1ntp-waitmdoc
-scripts/ntp-wait.html
-scripts/ntp-wait.man.in
-scripts/ntp-wait.mdoc.in
+scripts/invoke-plot_summary.texi
+scripts/invoke-summary.texi
+scripts/ntp-wait/ntp-wait.html
+scripts/ntpsweep/ntpsweep.html
+scripts/ntptrace/ntptrace.html
+scripts/plot_summary.1plot_summaryman
+scripts/plot_summary.1plot_summarymdoc
+scripts/plot_summary.html
+scripts/plot_summary.man.in
+scripts/plot_summary.mdoc.in
+scripts/summary.1summaryman
+scripts/summary.1summarymdoc
+scripts/summary.html
+scripts/summary.man.in
+scripts/summary.mdoc.in
sntp/invoke-sntp.texi
sntp/sntp-opts.c
sntp/sntp-opts.h
+(4.2.7p402) 2013/12/23 Released by Harlan Stenn <stenn@ntp.org>
* Incorporate Oliver Kindernay's GSoC 2013 scripts/ cleanup.
(4.2.7p401) 2013/11/30 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2491] VS20xx compile fixes.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:31:06 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:07:13 PM by AutoGen 5.18.3pre5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
command line option).
The file format is similar to other
-@sc{UNIX}
+@sc{unix}
configuration files.
Comments begin with a
@quoteleft{}#@quoteright{}
there are sections describing the following supported functionality
and the options used to control it:
@itemize @bullet
-
-@item
+@item
@ref{Authentication Support}
-@item
+@item
@ref{Monitoring Support}
-@item
+@item
@ref{Access Control Support}
-@item
+@item
@ref{Automatic NTP Configuration Options}
-@item
+@item
@ref{Reference Clock Support}
-@item
+@item
@ref{Miscellaneous Options}
@end itemize
@code{manycastclient}
commands.
@node Configuration Support
-@section Configuration Support
-
-
+@subsection Configuration Support
Following is a description of the configuration commands in
NTPv4.
These commands have the same basic functions as in NTPv3 and
persistent association with a remote server or peer or reference
clock, and auxiliary commands that specify environmental variables
that control various related operations.
-@node Configuration Commands
-@section Configuration Commands
-
-
+@subsubsection Configuration Commands
The various modes are determined by the command keyword and the
type of the required IP address.
Addresses are classed by type as
See IPv6 references for the
equivalent classes for that address family.
@table @asis
-
-@item @code{pool} @kbd{address}[@code{burst}][@code{iburst}][@code{version} @kbd{version}][@code{prefer}][@code{minpoll} @kbd{minpoll}][@code{maxpoll} @kbd{maxpoll}]
-@item @code{server} @kbd{address}[@code{key} @kbd{key} @kbd{|} @kbd{Cm} @kbd{autokey}][@code{burst}][@code{iburst}][@code{version} @kbd{version}][@code{prefer}][@code{minpoll} @kbd{minpoll}][@code{maxpoll} @kbd{maxpoll}]
-@item @code{peer} @kbd{address}[@code{key} @kbd{key} @kbd{|} @kbd{Cm} @kbd{autokey}][@code{version} @kbd{version}][@code{prefer}][@code{minpoll} @kbd{minpoll}][@code{maxpoll} @kbd{maxpoll}]
-@item @code{broadcast} @kbd{address}[@code{key} @kbd{key} @kbd{|} @kbd{Cm} @kbd{autokey}][@code{version} @kbd{version}][@code{prefer}][@code{minpoll} @kbd{minpoll}][@code{ttl} @kbd{ttl}]
-@item @code{manycastclient} @kbd{address}[@code{key} @kbd{key} @kbd{|} @kbd{Cm} @kbd{autokey}][@code{version} @kbd{version}][@code{prefer}][@code{minpoll} @kbd{minpoll}][@code{maxpoll} @kbd{maxpoll}][@code{ttl} @kbd{ttl}]
+@item @code{pool} @kbd{address} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
+@item @code{server} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{burst}]} @code{[@code{iburst}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
+@item @code{peer} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]}
+@item @code{broadcast} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{ttl} @kbd{ttl}]}
+@item @code{manycastclient} @kbd{address} @code{[@code{key} @kbd{key} @kbd{|} @code{autokey}]} @code{[@code{version} @kbd{version}]} @code{[@code{prefer}]} @code{[@code{minpoll} @kbd{minpoll}]} @code{[@code{maxpoll} @kbd{maxpoll}]} @code{[@code{ttl} @kbd{ttl}]}
@end table
These five commands specify the time server name or address to
provided in
@file{/usr/share/doc/ntp}).
@table @asis
-
@item @code{pool}
For type s addresses, this command mobilizes a persistent
client mode association with a number of remote servers.
remote server, but the remote server can never be synchronized to
the local clock.
This command should
-@emph{ not}
+@emph{not}
be used for type
b or m addresses.
@item @code{peer}
Options:
@table @asis
-
@item @code{autokey}
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the autokey scheme
Versions 1-4 are the choices, with version 4 the
default.
@end table
-@node Auxiliary Commands
-@section Auxiliary Commands
-
-
+@subsubsection Auxiliary Commands
@table @asis
-
@item @code{broadcastclient}
This command enables reception of broadcast server messages to
any local interface (type b) address.
@ref{Authentication Options}.
@end table
@node Authentication Support
-@section Authentication Support
-
-
+@subsection Authentication Support
Authentication support allows the NTP client to verify that the
server is in fact known and trusted and not an intruder intending
accidentally or on purpose to masquerade as that server.
further details are in the briefings, papers
and reports at the NTP project page linked from
@code{http://www.ntp.org/}.
-@node Symmetric-Key Cryptography
-@section Symmetric-Key Cryptography
-
-
+@subsubsection Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
command selects the key used as the password for the
@code{ntpq(1ntpqmdoc)}
utility.
-@node Public Key Cryptography
-@section Public Key Cryptography
-
-
+@subsubsection Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
described in RFC-1305 and in addition the Autokey protocol,
which is based on public key cryptography.
engineered so that, even under anticipated failure conditions,
the NTP subnet will form such that every group host can find
a trail to at least one trusted host.
-@node Naming and Addressing
-@section Naming and Addressing
-
-
+@subsubsection Naming and Addressing
It is important to note that Autokey does not use DNS to
resolve addresses, since DNS can't be completely trusted
until the name servers have synchronized clocks.
with network address translation schemes is not possible.
This reflects the intended robust security model where government
and corporate NTP servers are operated outside firewall perimeters.
-@node Operation
-@section Operation
-
-
+@subsubsection Operation
A specific combination of authentication scheme (none,
symmetric key, public key) and identity scheme is called
a cryptotype, although not all combinations are compatible.
But, wise security policy might preclude some cryptotype
combinations; for instance, running an identity scheme
with one server and no authentication with another might not be wise.
-@node Key Management
-@section Key Management
-
-
+@subsubsection Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
@code{ntp-keygen(1ntpkeygenmdoc)}
contain the value
@code{trustRoot};.
Other extension fields are ignored.
-@node Authentication Commands
-@section Authentication Commands
-
-
+@subsubsection Authentication Commands
@table @asis
-
-@item @code{autokey} [@kbd{logsec}]
+@item @code{autokey} @code{[@kbd{logsec}]}
Specifies the interval between regenerations of the session key
list used with the Autokey protocol.
Note that the size of the key
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
-@item @code{crypto}[@code{cert} @kbd{file}][@code{leap} @kbd{file}][@code{randfile} @kbd{file}][@code{host} @kbd{file}][@code{sign} @kbd{file}][@code{gq} @kbd{file}][@code{gqpar} @kbd{file}][@code{iffpar} @kbd{file}][@code{mvpar} @kbd{file}][@code{pw} @kbd{password}]
+@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]}
This command requires the OpenSSL library.
It activates public key
cryptography, selects the message digest and signature
@file{/usr/local/etc}.
Following are the subcommands:
@table @asis
-
@item @code{cert} @kbd{file}
Specifies the location of the required host public certificate file.
This overrides the link
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
@end table
-@node Error Codes
-@section Error Codes
-
-
+@subsubsection Error Codes
The following error codes are reported via the NTP control
and monitoring protocol trap mechanism.
@table @asis
-
@item 101
(bad field format or length)
The packet has invalid version, length or format.
The identity key is missing, corrupt or bogus.
@end table
@node Monitoring Support
-@section Monitoring Support
-
-
+@subsection Monitoring Support
@code{ntpd(1ntpdmdoc)}
includes a comprehensive monitoring facility suitable
for continuous, long term recording of server and client
directory of this distribution.
Using
these facilities and
-@sc{UNIX}
+@sc{unix}
@code{cron(8)}
jobs, the data can be
automatically summarized and archived for retrospective analysis.
-@node Monitoring Commands
-@section Monitoring Commands
-
-
+@subsubsection Monitoring Commands
@table @asis
-
@item @code{statistics} @kbd{name} @kbd{...}
Enables writing of statistics records.
Currently, four kinds of
@kbd{name}
statistics are supported.
@table @asis
-
@item @code{clockstats}
Enables recording of clock driver statistics information.
Each update
the statistics counter values accumulated since the last generated
line.
@table @asis
-
@item Time since restart @code{36000}
Time in hours since the system was last rebooted.
@item Packets received @code{81965}
@code{filegen}
filename prefix to be modified for file generation sets, which
is useful for handling statistics logs.
-@item @code{filegen} @kbd{name}
-[@code{file}@kbd{filename}]
-[@code{type}@kbd{typename}]
-[@code{link}|@code{nolink}]
-[@code{enable}|@code{disable}]
-
+@item @code{filegen} @kbd{name} @code{[@code{file} @kbd{filename}]} @code{[@code{type} @kbd{typename}]} @code{[@code{link} | @code{nolink}]} @code{[@code{enable} | @code{disable}]}
Configures setting of generation file set name.
Generation
file sets provide a means for handling files that are
@code{ntpdc(1ntpdcmdoc)}
program running at a remote location.
@table @asis
-
-@item@code{name}
+@item @code{name}
This is the type of the statistics records, as shown in the
@code{statistics}
command.
-@item@code{file}@kbd{filename}
+@item @code{file} @kbd{filename}
This is the file name for the statistics records.
Filenames of set
members are built from three concatenated elements
-@kbd{Cm}@kbd{prefix},
-@kbd{Cm}@kbd{filename}
+@code{prefix},
+@code{filename}
and
-@kbd{Cm}@kbd{suffix}:
+@code{suffix}:
@table @asis
-
-@item@code{prefix}
+@item @code{prefix}
This is a constant filename path.
It is not subject to
modifications via the
generation can be configured using the
@kbd{statsdir}
option explained above.
-@item@code{filename}
+@item @code{filename}
This string is directly concatenated to the prefix mentioned
above (no intervening
-@quoteleft{}/).@quoteright{}
+@quoteleft{}/@quoteright{}).
This can be modified using
the file argument to the
@kbd{filegen}
allowed in this component to prevent filenames referring to
parts outside the filesystem hierarchy denoted by
@kbd{prefix}.
-@item@code{suffix}
+@item @code{suffix}
This part is reflects individual elements of a file set.
It is
generated according to the type of a file set.
@end table
-@item@code{type}@kbd{typename}
+@item @code{type} @kbd{typename}
A file generation set is characterized by its type.
The following
types are supported:
@table @asis
-
-@item@code{none}
+@item @code{none}
The file set is actually a single plain file.
-@item@code{pid}
+@item @code{pid}
One element of file set is used per incarnation of a ntpd
server.
This type does not perform any changes to file set
appending the decimal representation of the process ID of the
@code{ntpd(1ntpdmdoc)}
server process.
-@item@code{day}
+@item @code{day}
One file generation set element is created per day.
A day is
defined as the period between 00:00 and 24:00 UTC.
Thus, all information written at 10 December 1992 would end up
in a file named
@kbd{prefix}
-@kbd{filename}@kbd{Ns}@kbd{.19921210}.
-@item@code{week}
+@kbd{filename}.19921210.
+@item @code{week}
Any file set member contains data related to a certain week of
a year.
The term week is defined by computing day-of-year
and a 2-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
-No.@kbd{1992W1}.
-@item@code{month}
+.No . Ns Ar 1992W1 .
+@item @code{month}
One generation file set element is generated per month.
The
file name suffix consists of a dot, a 4-digit year number, and
a 2-digit month.
-@item@code{year}
+@item @code{year}
One generation file element is generated per year.
The filename
suffix consists of a dot and a 4 digit year number.
-@item@code{age}
+@item @code{age}
This type of file generation sets changes to a new element of
the file set every 24 hours of server operation.
The filename
output is prevented by specifying
@code{disable}.
@end table
-@item@code{link}|@code{nolink}
+@item @code{link} | @code{nolink}
It is convenient to be able to access the current element of a file
generation set by a fixed name.
This feature is enabled by
number of links is greater than one, the file is unlinked.
This
allows the current file to be accessed by a constant name.
-@item@code{enable}@code{|}@code{Cm}@code{disable}
+@item @code{enable} @code{|} @code{disable}
Enables or disables the recording function.
@end table
@end table
@end table
@node Access Control Support
-@section Access Control Support
-
-
+@subsection Access Control Support
The
@code{ntpd(1ntpdmdoc)}
daemon implements a general purpose address/mask based restriction
last match found defining the restriction flags associated
with the entry.
Additional information and examples can be found in the
-"NotesonConfiguringNTPandSettingupaNTPSubnet"
+"Notes on Configuring NTP and Setting up a NTP Subnet"
page
(available as part of the HTML documentation
provided in
When a client or network is denied access
for an indefinate period, the only way at present to remove
the restrictions is by restarting the server.
-@node The Kiss-of-Death Packet
-@section The Kiss-of-Death Packet
-
-
+@subsubsection The Kiss-of-Death Packet
Ordinarily, packets denied service are simply dropped with no
further action except incrementing statistics counters.
Sometimes a
This
happens automatically at the client when the association times out.
It will happen at the server only if the server operator cooperates.
-@node Access Control Commands
-@section Access Control Commands
-
-
+@subsubsection Access Control Commands
@table @asis
-
-@item@code{discard}[@code{average}@kbd{avg}][@code{minimum}@kbd{min}][@code{monitor}@kbd{prob}]
+@item @code{discard} @code{[@code{average} @kbd{avg}]} @code{[@code{minimum} @kbd{min}]} @code{[@code{monitor} @kbd{prob}]}
Set the parameters of the
@code{limited}
facility which protects the server from
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
for packets that overflow the rate-control window.
-@item@code{restrict}@code{address}[@code{mask}@kbd{mask}][@kbd{flag}@kbd{...}]
+@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@kbd{flag} @kbd{...}]}
The
@kbd{address}
argument expressed in
One or more of the following flags
may be specified:
@table @asis
-
-@item@code{ignore}
+@item @code{ignore}
Deny packets of all kinds, including
@code{ntpq(1ntpqmdoc)}
and
@code{ntpdc(1ntpdcmdoc)}
queries.
-@item@code{kod}
+@item @code{kod}
If this flag is set when an access violation occurs, a kiss-o'-death
(KoD) packet is sent.
KoD packets are rate limited to no more than one
per second.
If another KoD packet occurs within one second after the
last one, the packet is dropped.
-@item@code{limited}
+@item @code{limited}
Deny service if the packet spacing violates the lower limits specified
in the discard command.
A history of clients is kept using the
long as there is a restriction entry with the
@code{limited}
flag.
-@item@code{lowpriotrap}
+@item @code{lowpriotrap}
Declare traps set by matching hosts to be low priority.
The
number of traps a server can maintain is limited (the current limit
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
-@item@code{nomodify}
+@item @code{nomodify}
Deny
@code{ntpq(1ntpqmdoc)}
and
server (i.e., run time reconfiguration).
Queries which return
information are permitted.
-@item@code{noquery}
+@item @code{noquery}
Deny
@code{ntpq(1ntpqmdoc)}
and
@code{ntpdc(1ntpdcmdoc)}
queries.
Time service is not affected.
-@item@code{nopeer}
+@item @code{nopeer}
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
-@item@code{noserve}
+@item @code{noserve}
Deny all packets except
@code{ntpq(1ntpqmdoc)}
and
@code{ntpdc(1ntpdcmdoc)}
queries.
-@item@code{notrap}
+@item @code{notrap}
Decline to provide mode 6 control message trap service to matching
hosts.
The trap service is a subsystem of the ntpdq control message
protocol which is intended for use by remote event logging programs.
-@item@code{notrust}
+@item @code{notrust}
Deny service unless the packet is cryptographically authenticated.
-@item@code{ntpport}
+@item @code{ntpport}
This is actually a match algorithm modifier, rather than a
restriction flag.
Its presence causes the restriction entry to be
@code{ntpport}
is considered more specific and
is sorted later in the list.
-@item@code{version}
+@item @code{version}
Deny packets that do not match the current NTP version.
@end table
NTP server is unrestricted).
@end table
@node Automatic NTP Configuration Options
-@section Automatic NTP Configuration Options
-
-
-@node Manycasting
-@section Manycasting
-
-
+@subsection Automatic NTP Configuration Options
+@subsubsection Manycasting
Manycasting is a automatic discovery and configuration paradigm
new to NTPv4.
It is intended as a means for a multicast client
Servers do not have to be configured in advance and
all clients throughout the network can have the same
configuration file.
-@node Manycast Interactions with Autokey
-@section Manycast Interactions with Autokey
-
-
+@subsubsection Manycast Interactions with Autokey
Each time a manycast client sends a client mode packet
to a multicast group address, all manycast servers
in scope generate a reply including the host name
scheme starts all over from the beginning and
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
-@node Manycast Options
-@section Manycast Options
-
-
+@subsubsection Manycast Options
@table @asis
-
-@item@code{tos}Oo@code{ceiling}@kbd{ceiling}|@code{cohort}{@code{0}|@code{1}}|@code{floor}@kbd{floor}|@code{minclock}@kbd{minclock}|@code{minsane}@kbd{minsane}Oc
+@item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]}
This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
The variables operate
as follows:
@table @asis
-
-@item@code{ceiling}@kbd{ceiling}
+@item @code{ceiling} @kbd{ceiling}
Peers with strata above
@code{ceiling}
will be discarded if there are at least
peers remaining.
This value defaults to 15, but can be changed
to any number from 1 to 15.
-@item@code{cohort}@code{Bro}@code{0}|@code{1}@code{Brc}
+@item @code{cohort} @code{@{0 | 1@}}
This is a binary flag which enables (0) or disables (1)
manycast server replies to manycast clients with the same
stratum level.
large numbers of clients with the same stratum level
are present.
The default is to enable these replies.
-@item@code{floor}@kbd{floor}
+@item @code{floor} @kbd{floor}
Peers with strata below
@code{floor}
will be discarded if there are at least
peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
-@item@code{minclock}@kbd{minclock}
+@item @code{minclock} @kbd{minclock}
The clustering algorithm repeatedly casts out outlyer
associations until no more than
@code{minclock}
This value defaults to 3,
but can be changed to any number from 1 to the number of
configured sources.
-@item@code{minsane}@kbd{minsane}
+@item @code{minsane} @kbd{minsane}
This is the minimum number of candidates available
to the clock selection algorithm in order to produce
one or more truechimers for the clustering algorithm.
should be at least 4 in order to detect and discard
a single falseticker.
@end table
-@item@code{ttl}@kbd{hop}@kbd{...}
+@item @code{ttl} @kbd{hop} @kbd{...}
This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
multiples of 32 starting at 31.
@end table
@node Reference Clock Support
-@section Reference Clock Support
-
-
+@subsection Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
-"ReferenceClockDrivers"
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
@file{/usr/share/doc/ntp}).
Additional information can be found in the pages linked
there, including the
-"DebuggingHintsforReferenceClockDrivers"
+"Debugging Hints for Reference Clock Drivers"
and
-"HowToWriteaReferenceClockDriver"
+"How To Write a Reference Clock Driver"
pages
(available as part of the HTML documentation
provided in
@file{/usr/share/doc/ntp}).
In addition, support for a PPS
signal is available as described in the
-"Pulse-per-second(PPS)SignalInterfacing"
+"Pulse-per-second (PPS) Signal Interfacing"
page
(available as part of the HTML documentation
provided in
significantly improve the accuracy using the driver.
These are
described in the
-"LineDisciplinesandStreamsDrivers"
+"Line Disciplines and Streams Drivers"
page
(available as part of the HTML documentation
provided in
correct but invalid IP address, in order to distinguish them from
normal NTP peers.
Reference clock addresses are of the form
-
@code{127.127.}@kbd{t}.@kbd{u},
-
where
@kbd{t}
is an integer
option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
-@node Reference Clock Commands
-@section Reference Clock Commands
-
-
+@subsubsection Reference Clock Commands
@table @asis
-
-@item @code{server}@code{127.127.}@kbd{t}.@kbd{u}[@code{prefer}][@code{mode} @kbd{int}][@code{minpoll} @kbd{int}][@code{maxpoll} @kbd{int}]
+@item @code{server} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{prefer}]} @code{[@code{mode} @kbd{int}]} @code{[@code{minpoll} @kbd{int}]} @code{[@code{maxpoll} @kbd{int}]}
This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
@table @asis
-
@item @code{prefer}
Marks the reference clock as preferred.
All other things being
defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
@end table
-@item @code{fudge}@code{127.127.}@kbd{t}.@kbd{u}[@code{time1} @kbd{sec}][@code{time2} @kbd{sec}][@code{stratum} @kbd{int}][@code{refid} @kbd{string}][@code{mode} @kbd{int}][@code{flag1} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}][@code{flag2} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}][@code{flag3} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}][@code{flag4} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}]
+@item @code{fudge} @code{127.127.}@kbd{t}.@kbd{u} @code{[@code{time1} @kbd{sec}]} @code{[@code{time2} @kbd{sec}]} @code{[@code{stratum} @kbd{int}]} @code{[@code{refid} @kbd{string}]} @code{[@code{mode} @kbd{int}]} @code{[@code{flag1} @code{0} @code{|} @code{1}]} @code{[@code{flag2} @code{0} @code{|} @code{1}]} @code{[@code{flag3} @code{0} @code{|} @code{1}]} @code{[@code{flag4} @code{0} @code{|} @code{1}]}
This command can be used to configure reference clocks in
special ways.
It must immediately follow the
The options are interpreted as
follows:
@table @asis
-
@item @code{time1} @kbd{sec}
Specifies a constant to be added to the time offset produced by
the driver, a fixed-point decimal number in seconds.
protocol in the ACTS driver and a device subtype in the
parse
drivers.
-@item @code{flag1} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}
-@item @code{flag2} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}
-@item @code{flag3} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}
-@item @code{flag4} @code{Cm} @code{0} @code{|} @code{Cm} @code{1}
+@item @code{flag1} @code{0} @code{|} @code{1}
+@item @code{flag2} @code{0} @code{|} @code{1}
+@item @code{flag3} @code{0} @code{|} @code{1}
+@item @code{flag4} @code{0} @code{|} @code{1}
These four flags are used for customizing the clock driver.
The
interpretation of these values, and whether they are used at all,
@end table
@end table
@node Miscellaneous Options
-@section Miscellaneous Options
-
-
+@subsection Miscellaneous Options
@table @asis
-
@item @code{broadcastdelay} @kbd{seconds}
The broadcast and multicast modes require a special calibration
to determine the network delay between the local and remote
must have write permission for the directory the
drift file is located in, and that file system links, symbolic or
otherwise, should be avoided.
-@item @code{enable}Oo@code{auth} | @code{Cm} @code{bclient} |@code{calibrate} | @code{Cm} @code{kernel} |@code{monitor} | @code{Cm} @code{ntp} |@code{pps} | @code{Cm} @code{stats}Oc
-@item @code{disable}Oo@code{auth} | @code{Cm} @code{bclient} |@code{calibrate} | @code{Cm} @code{kernel} |@code{monitor} | @code{Cm} @code{ntp} |@code{pps} | @code{Cm} @code{stats}Oc
+@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{monitor} | @code{ntp} | @code{pps} | @code{stats}]}
+@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{monitor} | @code{ntp} | @code{pps} | @code{stats}]}
Provides a way to enable or disable various server options.
Flags not mentioned are unaffected.
Note that all of these flags
@code{ntpdc(1ntpdcmdoc)}
utility program.
@table @asis
-
@item @code{auth}
Enables the server to synchronize with unconfigured peers only if the
peer has been correctly authenticated using either public key or
All
@kbd{configkeyword}
keywords can be prefixed with
-@quoteleft{}=,@quoteright{}
+@quoteleft{}=@quoteright{},
@quoteleft{}+@quoteright{}
and
-@quoteleft{}-,@quoteright{}
+@quoteleft{}-@quoteright{},
where
@quoteleft{}=@quoteright{}
sets the
@code{syslog(3)}
messages can be controlled in four
classes
-Po
-@code{clock},
-@code{peer},
-@code{sys}
-and
-@code{sync}
-Pc.
+(@code{clock}, @code{peer}, @code{sys} and @code{sync}).
Within these classes four types of messages can be
controlled: informational messages
-Po
-@code{info}
-Pc,
+(@code{info}),
event messages
-Po
-@code{events}
-Pc,
+(@code{events}),
statistics messages
-Po
-@code{statistics}
-Pc
+(@code{statistics})
and
status messages
-Po
-@code{status}
-Pc.
+(@code{status}).
Configuration keywords are formed by concatenating the message class with
the event class.
@code{syslog(3)}
facility.
This is the same operation as the -l command line option.
-@item @code{setvar} @kbd{variable} [@code{default}]
+@item @code{setvar} @kbd{variable} @code{[@code{default}]}
This command adds an additional system variable.
These
variables can be used to distribute additional information such as
the access policy.
If the variable of the form
-
-Vaname=@kbd{value}
-
+@code{name}@code{=}@kbd{value}
is followed by the
@code{default}
keyword, the
variable will be listed as part of the default system variables
-Po
-@code{ntpq(1ntpqmdoc)}
-@code{rv}
-command
-Pc).
+(@code{rv} command)).
These additional variables serve
informational purposes only.
They are not related to the protocol
There are three special variables that contain the names
of all variable of the same group.
The
-Va sys_var_list
+@code{sys_var_list}
holds
the names of all system variables.
The
-Va peer_var_list
+@code{peer_var_list}
holds
the names of all peer variables and the
-Va clock_var_list
+@code{clock_var_list}
holds the names of the reference clock variables.
-@item @code{tinker}Oo@code{allan} @kbd{allan} |@code{dispersion} @kbd{dispersion} |@code{freq} @kbd{freq} |@code{huffpuff} @kbd{huffpuff} |@code{panic} @kbd{panic} |@code{step} @kbd{srep} |@code{stepout} @kbd{stepout}Oc
+@item @code{tinker} @code{[@code{allan} @kbd{allan} | @code{dispersion} @kbd{dispersion} | @code{freq} @kbd{freq} | @code{huffpuff} @kbd{huffpuff} | @code{panic} @kbd{panic} | @code{step} @kbd{srep} | @code{stepout} @kbd{stepout}]}
This command can be used to alter several system variables in
very exceptional circumstances.
It should occur in the
The variables operate as follows:
@table @asis
-
@item @code{allan} @kbd{allan}
The argument becomes the new value for the minimum Allan
intercept, which is a parameter of the PLL/FLL clock discipline
If set to zero, the stepout
pulses will not be suppressed.
@end table
-@item @code{rlimit}Oo@code{memlock} @kbd{Nmegabytes} |@code{stacksize} @kbd{N4kPages}@code{filenum} @kbd{Nfiledescriptors}Oc
+@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
@table @asis
-
@item @code{memlock} @kbd{Nmegabytes}
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
Specifies the maximum size of the process stack on systems with the
@item @code{filenum} @kbd{Nfiledescriptors}
Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
-@code{mlockall}()
+@code{mlockall()}
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
@end table
-@item @code{trap} @kbd{host_address}[@code{port} @kbd{port_number}][@code{interface} @kbd{interface_address}]
+@item @code{trap} @kbd{host_address} @code{[@code{port} @kbd{port_number}]} @code{[@code{interface} @kbd{interface_address}]}
This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
@node ntp.conf Files
@subsection ntp.conf Files
@table @asis
-
@item @file{/etc/ntp.conf}
the default name of the configuration file
@item @file{ntp.keys}
A snapshot of this documentation is available in HTML format in
@file{/usr/share/doc/ntp}.
@*
- David L. Mills, @emph{Network Time Protocol (Version 4)}, RFC5905.
+
+@*
+David L. Mills, @emph{Network Time Protocol (Version 4)}, RFC5905
@node ntp.conf Bugs
@subsection ntp.conf Bugs
The syntax checking is not picky; some combinations of
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:31:08 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:07:15 PM by AutoGen 5.18.3pre5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
What follows are some key types, and corresponding formats:
@table @asis
-
@item @code{MD5}
The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
-#
+@code{#}
(which is the "start of comment" character).
@item @code{SHA}
@node ntp.keys Files
@subsection ntp.keys Files
@table @asis
-
@item @file{/etc/ntp.keys}
the default name of the configuration file
@end table
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:31:10 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:07:17 PM by AutoGen 5.18.3pre5
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
listening to broadcasts at run time.
If NetInfo support is built into
-@code{ntpd},
+@code{ntpd}
then
@code{ntpd}
will attempt to read its configuration from the
@exampleindent 0
@example
-ntpd - NTP daemon program - Ver. 4.2.7p401
+ntpd - NTP daemon program - Ver. 4.2.7p402
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
-.TH ntp.conf 5man "30 Nov 2013" "4.2.7p401" "File Formats"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntp.conf 5man "22 Dec 2013" "4.2.7p402" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntp.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:30:49 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntp.conf.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tgaa3K/ag-ihaa2K)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:06:59 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp.conf.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntp.conf \- Network Time Protocol (NTP) daemon configuration file format
+\f\*[B-Font]ntp.conf\fP
+\- Network Time Protocol (NTP) daemon configuration file format
.SH SYNOPSIS
-.B ntp.conf
-.\" Long options only
-.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
-.PP
+\f\*[B-Font]ntp.conf\fP
+[\f\*[B-Font]\-\-option-name\f[]]
+[\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntp.conf\fP
configuration file is read at initial startup by the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
daemon in order to specify the synchronization sources,
modes and other related information.
Usually, it is installed in the
-.Pa /etc
+\fI/etc\f[]
directory,
but could be installed elsewhere
(see the daemon's
- c
+\f\*[B-Font]\-c\f[]
command line option).
-.PP
+.sp \n(Ppu
+.ne 2
+
The file format is similar to other
-.Ux
+UNIX
configuration files.
Comments begin with a
-.Ql #
+\[oq]#\[cq]
character and extend to the end of the line;
blank lines are ignored.
Configuration commands consist of an initial keyword
host addresses written in numeric, dotted-quad form,
integers, floating point numbers (when specifying times in seconds)
and text strings.
-.PP
+.sp \n(Ppu
+.ne 2
+
The rest of this page describes the configuration and control options.
The
-.Qq Notes on Configuring NTP and Setting up an NTP Subnet
+"Notes on Configuring NTP and Setting up an NTP Subnet"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
contains an extended discussion of these options.
In addition to the discussion of general
-.Sx Configuration Options ,
+\fIConfiguration\f[] \fIOptions\f[],
there are sections describing the following supported functionality
and the options used to control it:
-.in +4
-.ti -4
-\fB*\fP
-
-.Sx Authentication Support
-.ti -4
-\fB*\fP
-
-.Sx Monitoring Support
-.ti -4
-\fB*\fP
-
-.Sx Access Control Support
-.ti -4
-\fB*\fP
+.IP \fB\(bu\fP 2
+\fIAuthentication\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIMonitoring\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIAccess\f[] \fIControl\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
+.IP \fB\(bu\fP 2
+\fIReference\f[] \fIClock\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIMiscellaneous\f[] \fIOptions\f[]
+.PP
+.sp \n(Ppu
+.ne 2
-.Sx Automatic NTP Configuration Options
-.ti -4
-\fB*\fP
-
-.Sx Reference Clock Support
-.ti -4
-\fB*\fP
-
-.Sx Miscellaneous Options
-.in -4
-.PP
Following these is a section describing
-.Sx Miscellaneous Options .
+\fIMiscellaneous\f[] \fIOptions\f[].
While there is a rich set of options available,
the only required option is one or more
-.Ic pool ,
-.Ic server ,
-.Ic peer ,
-.Ic broadcast
+\f\*[B-Font]pool\f[],
+\f\*[B-Font]server\f[],
+\f\*[B-Font]peer\f[],
+\f\*[B-Font]broadcast\f[]
or
-.Ic manycastclient
+\f\*[B-Font]manycastclient\f[]
commands.
.SH Configuration Support
Following is a description of the configuration commands in
Use
of options not listed may not be caught as an error, but may result
in some weird and even destructive behavior.
-.PP
+.sp \n(Ppu
+.ne 2
+
If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
is detected, support for the IPv6 address family is generated
in addition to the default support of the IPv4 address family.
In a few cases, including the reslist billboard generated
by ntpdc, IPv6 addresses are automatically generated.
IPv6 addresses can be identified by the presence of colons
-.Dq \&:
+\*[Lq]\&:\*[Rq]
in the address field.
IPv6 addresses can be used almost everywhere where
IPv4 addresses can be used,
with the exception of reference clock addresses,
which are always IPv4.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that in contexts where a host name is expected, a
- 4
+\f\*[B-Font]\-4\f[]
qualifier preceding
the host name forces DNS resolution to the IPv4 namespace,
while a
- 6
+\f\*[B-Font]\-6\f[]
qualifier forces DNS resolution to the IPv6 namespace.
See IPv6 references for the
equivalent classes for that address family.
-.TP
-.BR Xo Ic pool Ar address
-[ "\fIburst\fR" ]
-[ "\fIiburst\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic server Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIburst\fR" ]
-[ "\fIiburst\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic peer Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic broadcast Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fIttl\fR" "\fIttl\fR" ]
-.Xc
-.TP
-.BR Xo Ic manycastclient Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-[ "\fIttl\fR" "\fIttl\fR" ]
-.Xc
-.PP
+.TP 7
+.NOP \f\*[B-Font]pool\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]server\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]peer\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]]
+.TP 7
+.NOP \f\*[B-Font]manycastclient\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]]
+.PP
+.sp \n(Ppu
+.ne 2
+
These five commands specify the time server name or address to
be used and the mode in which to operate.
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
can be
either a DNS name or an IP address in dotted-quad notation.
Additional information on association behavior can be found in the
-.Qq Association Management
+"Association Management"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.TP
-.BR Ic pool
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]pool\f[]
For type s addresses, this command mobilizes a persistent
client mode association with a number of remote servers.
In this mode the local clock can synchronized to the
remote server, but the remote server can never be synchronized to
the local clock.
-.TP
-.BR Ic server
+.TP 7
+.NOP \f\*[B-Font]server\f[]
For type s and r addresses, this command mobilizes a persistent
client mode association with the specified remote server or local
radio clock.
remote server, but the remote server can never be synchronized to
the local clock.
This command should
-.I not
+\fInot\f[]
be used for type
b or m addresses.
-.TP
-.BR Ic peer
+.TP 7
+.NOP \f\*[B-Font]peer\f[]
For type s addresses (only), this command mobilizes a
persistent symmetric-active mode association with the specified
remote peer.
the better source of time.
This command should NOT be used for type
b, m or r addresses.
-.TP
-.BR Ic broadcast
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[]
For type b and m addresses (only), this
command mobilizes a persistent broadcast mode association.
Multiple
subnet specified, but multicast messages go to all interfaces.
In broadcast mode the local server sends periodic broadcast
messages to a client population at the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
specified, which is usually the broadcast address on (one of) the
local network(s) or a multicast address assigned to NTP.
The IANA
Ordinarily, this
specification applies only to the local server operating as a
sender; for operation as a broadcast client, see the
-.Ic broadcastclient
+\f\*[B-Font]broadcastclient\f[]
or
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
commands
below.
-.TP
-.BR Ic manycastclient
+.TP 7
+.NOP \f\*[B-Font]manycastclient\f[]
For type m addresses (only), this command mobilizes a
manycast client mode association for the multicast address
specified.
In this case a specific address must be supplied which
matches the address used on the
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command for
the designated manycast servers.
The NTP multicast address
these messages and causing a possibly massive implosion of replies
at the sender.
The
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command specifies that the local server
is to operate in client mode with the remote servers that are
discovered as the result of broadcast/multicast messages.
The
client broadcasts a request message to the group address associated
with the specified
-\fIaddress\fR
+\f\*[I-Font]address\f[]
and specifically enabled
servers respond to these messages.
The client selects the servers
providing the best time and continues as with the
-.Ic server
+\f\*[B-Font]server\f[]
command.
The remaining servers are discarded as if never
heard.
.PP
+.sp \n(Ppu
+.ne 2
+
Options:
-.TP
-.BR Cm autokey
+.TP 7
+.NOP \f\*[B-Font]autokey\f[]
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the autokey scheme
described in
-.Sx Authentication Options .
-.TP
-.BR Cm burst
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]burst\f[]
when the server is reachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
additional time for a modem or ISDN call to complete.
This is designed to improve timekeeping quality
with the
-.Ic server
+\f\*[B-Font]server\f[]
command and s addresses.
-.TP
-.BR Cm iburst
+.TP 7
+.NOP \f\*[B-Font]iburst\f[]
When the server is unreachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
additional time for a modem or ISDN call to complete.
This is designed to speed the initial synchronization
acquisition with the
-.Ic server
+\f\*[B-Font]server\f[]
command and s addresses and when
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
is started with the
- q
+\f\*[B-Font]\-q\f[]
option.
-.TP
-.BR Cm key Ar key
+.TP 7
+.NOP \f\*[B-Font]key\f[] \f\*[I-Font]key\f[]
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
-\fIkey\fR
+\f\*[I-Font]key\f[]
identifier with values from 1 to 65534, inclusive.
The
default is to include no encryption field.
-.TP
-.BR Cm minpoll Ar minpoll
-.TP
-.BR Cm maxpoll Ar maxpoll
+.TP 7
+.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]
+.TP 7
+.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]
These options specify the minimum and maximum poll intervals
for NTP messages, as a power of 2 in seconds
The maximum poll
interval defaults to 10 (1,024 s), but can be increased by the
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
option to an upper limit of 17 (36.4 h).
The
minimum poll interval defaults to 6 (64 s), but can be decreased by
the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
option to a lower limit of 4 (16 s).
-.TP
-.BR Cm noselect
+.TP 7
+.NOP \f\*[B-Font]noselect\f[]
Marks the server as unused, except for display purposes.
The server is discarded by the selection algroithm.
-.TP
-.BR Cm prefer
+.TP 7
+.NOP \f\*[B-Font]prefer\f[]
Marks the server as preferred.
All other things being equal,
this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
for further information.
-.TP
-.BR Cm ttl Ar ttl
+.TP 7
+.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]
This option is used only with broadcast server and manycast
client modes.
It specifies the time-to-live
-\fIttl\fR
+\f\*[I-Font]ttl\f[]
to
use on broadcast server and multicast server and the maximum
-\fIttl\fR
+\f\*[I-Font]ttl\f[]
for the expanding ring search with manycast
client packets.
Selection of the proper value, which defaults to
127, is something of a black art and should be coordinated with the
network administrator.
-.TP
-.BR Cm version Ar version
+.TP 7
+.NOP \f\*[B-Font]version\f[] \f\*[I-Font]version\f[]
Specifies the version number to be used for outgoing NTP
packets.
Versions 1-4 are the choices, with version 4 the
default.
+.PP
.SS Auxiliary Commands
-.TP
-.BR Ic broadcastclient
+.TP 7
+.NOP \f\*[B-Font]broadcastclient\f[]
This command enables reception of broadcast server messages to
any local interface (type b) address.
Upon receiving a message for
to avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric-key or public-key
authentication as described in
-.Sx Authentication Options .
-.TP
-.BR Ic manycastserver Ar address ...
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]manycastserver\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
This command enables reception of manycast client messages to
the multicast group address(es) (type m) specified.
At least one
accidental or malicious disruption in this mode, both the server
and client should operate using symmetric-key or public-key
authentication as described in
-.Sx Authentication Options .
-.TP
-.BR Ic multicastclient Ar address ...
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]multicastclient\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
This command enables reception of multicast server messages to
the multicast group address(es) (type m) specified.
Upon receiving
in order to avoid accidental or malicious disruption in this mode,
both the server and client should operate using symmetric-key or
public-key authentication as described in
-.Sx Authentication Options .
+\fIAuthentication\f[] \fIOptions\f[].
+.PP
.SH Authentication Support
Authentication support allows the NTP client to verify that the
server is in fact known and trusted and not an intruder intending
Either algorithm computes a message digest, or one-way hash, which
can be used to verify the server has the correct private key and
key identifier.
-.PP
+.sp \n(Ppu
+.ne 2
+
NTPv4 retains the NTPv3 scheme, properly described as symmetric key
cryptography and, in addition, provides a new Autokey scheme
based on public key cryptography.
which can be provided by commercial services or
produced by utility programs in the OpenSSL software library
or the NTPv4 distribution.
-.PP
+.sp \n(Ppu
+.ne 2
+
While the algorithms for symmetric key cryptography are
included in the NTPv4 distribution, public key cryptography
requires the OpenSSL software library to be installed
before building the NTP distribution.
Directions for doing that
are on the Building and Installing the Distribution page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authentication is configured separately for each association
using the
-.Cm key
+\f\*[B-Font]key\f[]
or
-.Cm autokey
+\f\*[B-Font]autokey\f[]
subcommand on the
-.Ic peer ,
-.Ic server ,
-.Ic broadcast
+\f\*[B-Font]peer\f[],
+\f\*[B-Font]server\f[],
+\f\*[B-Font]broadcast\f[]
and
-.Ic manycastclient
+\f\*[B-Font]manycastclient\f[]
configuration commands as described in
-.Sx Configuration Options
+\fIConfiguration\f[] \fIOptions\f[]
page.
The authentication
options described below specify the locations of the key files,
if other than default, which symmetric keys are trusted
and the interval between various operations, if other than default.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authentication is always enabled,
although ineffective if not configured as
described below.
preliminary protocol exchange to obtain
the server certificate, verify its
credentials and initialize the protocol
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Cm auth
+\f\*[B-Font]auth\f[]
flag controls whether new associations or
remote configuration commands require cryptographic authentication.
This flag can be set or reset by the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
commands and also by remote
configuration commands sent by a
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
program running in
another machine.
If this flag is enabled, which is the default
authenticated.
It should be understood
that operating with the
-.Ic auth
+\f\*[B-Font]auth\f[]
flag disabled invites a significant vulnerability
where a rogue hacker can
masquerade as a falseticker and seriously
and remote configuration commands and, in particular,
the flag has no effect on
the authentication process itself.
-.PP
+.sp \n(Ppu
+.ne 2
+
An attractive alternative where multicast support is available
is manycast mode, in which clients periodically troll
for servers as described in the
-.Sx Automatic NTP Configuration Options
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
page.
Either symmetric key or public key
cryptographic authentication can be used in this mode.
since the client finds them during regular operation,
and the configuration
files for all clients can be identical.
-.PP
+.sp \n(Ppu
+.ne 2
+
The security model and protocol schemes for
both symmetric key and public key
cryptography are summarized below;
further details are in the briefings, papers
and reports at the NTP project page linked from
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
.SS Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
Keys and
related information are specified in a key
file, usually called
-.Pa ntp.keys ,
+\fIntp.keys\f[],
which must be distributed and stored using
secure means beyond the scope of the NTP protocol itself.
Besides the keys used
for ordinary NTP associations,
additional keys can be used as passwords for the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
When
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
is first started, it reads the key file specified in the
-.Ic keys
+\f\*[B-Font]keys\f[]
configuration command and installs the keys
in the key cache.
However,
individual keys must be activated with the
-.Ic trusted
+\f\*[B-Font]trusted\f[]
command before use.
This
allows, for instance, the installation of possibly
several batches of keys and
then activating or deactivating each batch
remotely using
-.Xr ntpdc 1ntpdcmdoc .
+\fCntpdc\fR(1ntpdcmdoc)\f[].
This also provides a revocation capability that can be used
if a key becomes compromised.
The
-.Ic requestkey
+\f\*[B-Font]requestkey\f[]
command selects the key used as the password for the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility, while the
-.Ic controlkey
+\f\*[B-Font]controlkey\f[]
command selects the key used as the password for the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
utility.
.SS Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
.\" the configure and build
.\" process automatically detects the library and links
.\" the library routines required.
-.PP
+.sp \n(Ppu
+.ne 2
+
The Autokey protocol has several modes of operation
corresponding to the various NTP modes supported.
Most modes use a special cookie which can be
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
-.Sx Autonomous Authentication
+\fIAutonomous\f[] \fIAuthentication\f[]
page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The specific cryptographic environment used by Autokey servers
and clients is determined by a set of files
and soft links generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
program.
This includes a required host key file,
required certificate file and optional sign key file,
There are several schemes
available in the OpenSSL software library, each identified
by a specific string such as
-.Cm md5WithRSAEncryption ,
+\f\*[B-Font]md5WithRSAEncryption\f[],
which stands for the MD5 message digest with RSA
encryption scheme.
The current NTP distribution supports
all the schemes in the OpenSSL library, including
those based on RSA and DSA digital signatures.
-.PP
+.sp \n(Ppu
+.ne 2
+
NTP secure groups can be used to define cryptographic compartments
and security hierarchies.
It is important that every host
The name appears in the host certificate in either or both
the subject and issuer fields, so protection against
DNS compromise is essential.
-.PP
+.sp \n(Ppu
+.ne 2
+
By convention, the name of an Autokey host is the name returned
by the Unix
-.Xr gethostname 2
+\fCgethostname\fR(2)\f[]
system call or equivalent in other systems.
By the system design
model, there are no provisions to allow alternate names or aliases.
However, this is not to say that DNS aliases, different names
for each interface, etc., are constrained in any way.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is also important to note that Autokey verifies authenticity
using the host name, network address and public keys,
all of which are bound together by the protocol specifically
Note however that some cryptotype
combinations may successfully interoperate with each other,
but may not represent good security practice.
-.PP
+.sp \n(Ppu
+.ne 2
+
The cryptotype of an association is determined at the time
of mobilization, either at configuration time or some time
later when a message of appropriate cryptotype arrives.
When mobilized by a
-.Ic server
+\f\*[B-Font]server\f[]
or
-.Ic peer
+\f\*[B-Font]peer\f[]
configuration command and no
-.Ic key
+\f\*[B-Font]key\f[]
or
-.Ic autokey
+\f\*[B-Font]autokey\f[]
subcommands are present, the association is not
authenticated; if the
-.Ic key
+\f\*[B-Font]key\f[]
subcommand is present, the association is authenticated
using the symmetric key ID specified; if the
-.Ic autokey
+\f\*[B-Font]autokey\f[]
subcommand is present, the association is authenticated
using Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
When multiple identity schemes are supported in the Autokey
protocol, the first message exchange determines which one is used.
The client request message contains bits corresponding
contains bits corresponding to which schemes it has available.
Both server and client match the received bits with their own
and select a common scheme.
-.PP
+.sp \n(Ppu
+.ne 2
+
Following the principle that time is a public value,
a server responds to any client packet that matches
its cryptotype capabilities.
with the first packet received.
By default, unauthenticated associations will not be mobilized
unless overridden in a decidedly dangerous way.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some examples may help to reduce confusion.
Client Alice has no specific cryptotype selected.
Server Bob has both a symmetric key file and minimal Autokey files.
Bob sends Cathy a thing called a crypto-NAK, which tells her
something broke.
She can see the evidence using the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
program.
-.PP
+.sp \n(Ppu
+.ne 2
+
Denise has rolled her own host key and certificate.
She also uses one of the identity schemes as Bob.
She sends the first Autokey message to Bob and they
both dance the protocol authentication and identity steps.
If all comes out okay, Denise and Bob continue as described above.
-.PP
+.sp \n(Ppu
+.ne 2
+
It should be clear from the above that Bob can support
all the girls at the same time, as long as he has compatible
authentication and identity credentials.
.SS Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
utility program, including symmetric key, host key and
public certificate files, as well as sign key, identity parameters
and leapseconds files.
and certificates can be imported from public certificate
authorities.
Note that symmetric keys are necessary for the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility programs.
The remaining files are necessary only for the
Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Certificates imported from OpenSSL or public certificate
authorities have certian limitations.
The certificate should be in ASN.1 syntax, X.509 Version 3
a subject key identifier or a issuer key identifier field;
however, an extended key usage field for a trusted host must
contain the value
-.Cm trustRoot ; .
+\f\*[B-Font]trustRoot\f[];.
Other extension fields are ignored.
.SS Authentication Commands
-.TP
-.BR Ic autokey Op Ar logsec
+.TP 7
+.NOP \f\*[B-Font]autokey\f[] [\f\*[I-Font]logsec\f[]]
Specifies the interval between regenerations of the session key
list used with the Autokey protocol.
Note that the size of the key
For poll intervals above the specified interval, a session key list
with a single entry will be regenerated for every message
sent.
-.TP
-.BR Ic controlkey Ar key
+.TP 7
+.NOP \f\*[B-Font]controlkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
utility, which uses the standard
protocol defined in RFC-1305.
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
-.TP
-.BR Xo Ic crypto
-[ "\fIcert\fR" "\fIfile\fR" ]
-[ "\fIleap\fR" "\fIfile\fR" ]
-[ "\fIrandfile\fR" "\fIfile\fR" ]
-[ "\fIhost\fR" "\fIfile\fR" ]
-[ "\fIsign\fR" "\fIfile\fR" ]
-[ "\fIgq\fR" "\fIfile\fR" ]
-[ "\fIgqpar\fR" "\fIfile\fR" ]
-[ "\fIiffpar\fR" "\fIfile\fR" ]
-[ "\fImvpar\fR" "\fIfile\fR" ]
-[ "\fIpw\fR" "\fIpassword\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
This command requires the OpenSSL library.
It activates public key
cryptography, selects the message digest and signature
Unless the complete path and name of the file are specified, the
location of a file is relative to the keys directory specified
in the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command or default
-.Pa /usr/local/etc .
+\fI/usr/local/etc\f[].
Following are the subcommands:
-.in +4
-.ti -4
-.IR Cm cert Ar file
+.RS
+.TP 7
+.NOP \f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]
Specifies the location of the required host public certificate file.
This overrides the link
-.Pa ntpkey_cert_ Ns Ar hostname
+\fIntpkey_cert_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm gqpar Ar file
+.TP 7
+.NOP \f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional GQ parameters file.
This
overrides the link
-.Pa ntpkey_gq_ Ns Ar hostname
+\fIntpkey_gq_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm host Ar file
+.TP 7
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]file\f[]
Specifies the location of the required host key file.
This overrides
the link
-.Pa ntpkey_key_ Ns Ar hostname
+\fIntpkey_key_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm iffpar Ar file
+.TP 7
+.NOP \f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional IFF parameters file.This
overrides the link
-.Pa ntpkey_iff_ Ns Ar hostname
+\fIntpkey_iff_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm leap Ar file
+.TP 7
+.NOP \f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional leapsecond file.
This overrides the link
-.Pa ntpkey_leap
+\fIntpkey_leap\f[]
in the keys directory.
-.ti -4
-.IR Cm mvpar Ar file
+.TP 7
+.NOP \f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional MV parameters file.
This
overrides the link
-.Pa ntpkey_mv_ Ns Ar hostname
+\fIntpkey_mv_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm pw Ar password
+.TP 7
+.NOP \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]
Specifies the password to decrypt files containing private keys and
identity parameters.
This is required only if these files have been
encrypted.
-.ti -4
-.IR Cm randfile Ar file
+.TP 7
+.NOP \f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]
Specifies the location of the random seed file used by the OpenSSL
library.
The defaults are described in the main text above.
-.ti -4
-.IR Cm sign Ar file
+.TP 7
+.NOP \f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional sign key file.
This overrides
the link
-.Pa ntpkey_sign_ Ns Ar hostname
+\fIntpkey_sign_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
If this file is
not found, the host key is also the sign key.
-.in -4
-.TP
-.BR Ic keys Ar keyfile
+.RE
+.TP 7
+.NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[]
Specifies the complete path and location of the MD5 key file
containing the keys and key identifiers used by
-.Xr ntpd 1ntpdmdoc ,
-.Xr ntpq 1ntpqmdoc
+\fCntpd\fR(1ntpdmdoc)\f[],
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
when operating with symmetric key cryptography.
This is the same operation as the
- k
+\f\*[B-Font]\-k\f[]
command line option.
-.TP
-.BR Ic keysdir Ar path
+.TP 7
+.NOP \f\*[B-Font]keysdir\f[] \f\*[I-Font]path\f[]
This command specifies the default directory path for
cryptographic keys, parameters and certificates.
The default is
-.Pa /usr/local/etc/ .
-.TP
-.BR Ic requestkey Ar key
+\fI/usr/local/etc/\f[].
+.TP 7
+.NOP \f\*[B-Font]requestkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility program, which uses a
proprietary protocol specific to this implementation of
-.Xr ntpd 1ntpdmdoc .
+\fCntpd\fR(1ntpdmdoc)\f[].
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
-.TP
-.BR Ic revoke Ar logsec
+.TP 7
+.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
Specifies the interval between re-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
seconds.
For poll
intervals above the specified interval, the values will be updated
for every message sent.
-.TP
-.BR Ic trustedkey Ar key ...
+.TP 7
+.NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]key\f[] \f\*[I-Font]...\f[]
Specifies the key identifiers which are trusted for the
purposes of authenticating peers with symmetric key cryptography,
as well as keys used by the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
programs.
The authentication procedures require that both the local
and remote servers share the same key and key identifier for this
purpose, although different keys can be used with different
servers.
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
+.PP
.SS Error Codes
The following error codes are reported via the NTP control
and monitoring protocol trap mechanism.
-.TP
-.BR 101
-.Pq bad field format or length
+.TP 7
+.NOP 101
+(bad field format or length)
The packet has invalid version, length or format.
-.TP
-.BR 102
-.Pq bad timestamp
+.TP 7
+.NOP 102
+(bad timestamp)
The packet timestamp is the same or older than the most recent received.
This could be due to a replay or a server clock time step.
-.TP
-.BR 103
-.Pq bad filestamp
+.TP 7
+.NOP 103
+(bad filestamp)
The packet filestamp is the same or older than the most recent received.
This could be due to a replay or a key file generation error.
-.TP
-.BR 104
-.Pq bad or missing public key
+.TP 7
+.NOP 104
+(bad or missing public key)
The public key is missing, has incorrect format or is an unsupported type.
-.TP
-.BR 105
-.Pq unsupported digest type
+.TP 7
+.NOP 105
+(unsupported digest type)
The server requires an unsupported digest/signature scheme.
-.TP
-.BR 106
-.Pq mismatched digest types
+.TP 7
+.NOP 106
+(mismatched digest types)
Not used.
-.TP
-.BR 107
-.Pq bad signature length
+.TP 7
+.NOP 107
+(bad signature length)
The signature length does not match the current public key.
-.TP
-.BR 108
-.Pq signature not verified
+.TP 7
+.NOP 108
+(signature not verified)
The message fails the signature check.
It could be bogus or signed by a
different private key.
-.TP
-.BR 109
-.Pq certificate not verified
+.TP 7
+.NOP 109
+(certificate not verified)
The certificate is invalid or signed with the wrong key.
-.TP
-.BR 110
-.Pq certificate not verified
+.TP 7
+.NOP 110
+(certificate not verified)
The certificate is not yet valid or has expired or the signature could not
be verified.
-.TP
-.BR 111
-.Pq bad or missing cookie
+.TP 7
+.NOP 111
+(bad or missing cookie)
The cookie is missing, corrupted or bogus.
-.TP
-.BR 112
-.Pq bad or missing leapseconds table
+.TP 7
+.NOP 112
+(bad or missing leapseconds table)
The leapseconds table is missing, corrupted or bogus.
-.TP
-.BR 113
-.Pq bad or missing certificate
+.TP 7
+.NOP 113
+(bad or missing certificate)
The certificate is missing, corrupted or bogus.
-.TP
-.BR 114
-.Pq bad or missing identity
+.TP 7
+.NOP 114
+(bad or missing identity)
The identity key is missing, corrupt or bogus.
+.PP
.SH Monitoring Support
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
includes a comprehensive monitoring facility suitable
for continuous, long term recording of server and client
timekeeping performance.
See the
-.Ic statistics
+\f\*[B-Font]statistics\f[]
command below
for a listing and example of each type of statistics currently
supported.
Statistic files are managed using file generation sets
and scripts in the
-.Pa ./scripts
+\fI./scripts\f[]
directory of this distribution.
Using
these facilities and
-.Ux
-.Xr cron 8
+UNIX
+\fCcron\fR(8)\f[]
jobs, the data can be
automatically summarized and archived for retrospective analysis.
.SS Monitoring Commands
-.TP
-.BR Ic statistics Ar name ...
+.TP 7
+.NOP \f\*[B-Font]statistics\f[] \f\*[I-Font]name\f[] \f\*[I-Font]...\f[]
Enables writing of statistics records.
Currently, four kinds of
-\fIname\fR
+\f\*[I-Font]name\f[]
statistics are supported.
-.in +4
-.ti -4
-.IR Cm clockstats
+.RS
+.TP 7
+.NOP \f\*[B-Font]clockstats\f[]
Enables recording of clock driver statistics information.
Each update
received from a clock driver appends a line of the following form to
the file generation set named
-.Cm clockstats :
+\f\*[B-Font]clockstats\f[]:
.br
.in +4
.nf
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the
can be gathered and displayed as well.
See information specific to each
clock for further details.
-.ti -4
-.IR Cm cryptostats
+.TP 7
+.NOP \f\*[B-Font]cryptostats\f[]
This option requires the OpenSSL cryptographic software library.
It
enables recording of cryptographic public key protocol information.
Each message received by the protocol module appends a line of the
following form to the file generation set named
-.Cm cryptostats :
+\f\*[B-Font]cryptostats\f[]:
.br
.in +4
.nf
49213 525.624 127.127.4.1 message
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the peer
address in dotted-quad notation, The final message field includes the
message type and certain ancillary information.
See the
-.Sx Authentication Options
+\fIAuthentication\f[] \fIOptions\f[]
section for further information.
-.ti -4
-.IR Cm loopstats
+.TP 7
+.NOP \f\*[B-Font]loopstats\f[]
Enables recording of loop filter statistics information.
Each
update of the local clock outputs a line of the following form to
the file generation set named
-.Cm loopstats :
+\f\*[B-Font]loopstats\f[]:
.br
.in +4
.nf
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
-.ti -4
-.IR Cm peerstats
+.TP 7
+.NOP \f\*[B-Font]peerstats\f[]
Enables recording of peer statistics information.
This includes
statistics records of all peers of a NTP server and of special
Each valid update appends a
line of the following form to the current element of a file
generation set named
-.Cm peerstats :
+\f\*[B-Font]peerstats\f[]:
.br
.in +4
.nf
48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
described in Appendix A of the NTP specification RFC 1305.
The final four fields show the offset,
delay, dispersion and RMS jitter, all in seconds.
-.ti -4
-.IR Cm rawstats
+.TP 7
+.NOP \f\*[B-Font]rawstats\f[]
Enables recording of raw-timestamp statistics information.
This
includes statistics records of all peers of a NTP server and of
Each NTP message
received from a peer or clock driver appends a line of the
following form to the file generation set named
-.Cm rawstats :
+\f\*[B-Font]rawstats\f[]:
.br
.in +4
.nf
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
The timestamp
values are as received and before processing by the various data
smoothing and mitigation algorithms.
-.ti -4
-.IR Cm sysstats
+.TP 7
+.NOP \f\*[B-Font]sysstats\f[]
Enables recording of ntpd statistics counters on a periodic basis.
Each
hour a line of the following form is appended to the file generation
set named
-.Cm sysstats :
+\f\*[B-Font]sysstats\f[]:
.br
.in +4
.nf
50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The remaining ten fields show
the statistics counter values accumulated since the last generated
line.
-.in +4
-.ti -4
-.IR Time since restart Cm 36000
+.RS
+.TP 7
+.NOP Time since restart \f\*[B-Font]36000\f[]
Time in hours since the system was last rebooted.
-.ti -4
-.IR Packets received Cm 81965
+.TP 7
+.NOP Packets received \f\*[B-Font]81965\f[]
Total number of packets received.
-.ti -4
-.IR Packets processed Cm 0
+.TP 7
+.NOP Packets processed \f\*[B-Font]0\f[]
Number of packets received in response to previous packets sent
-.ti -4
-.IR Current version Cm 9546
+.TP 7
+.NOP Current version \f\*[B-Font]9546\f[]
Number of packets matching the current NTP version.
-.ti -4
-.IR Previous version Cm 56
+.TP 7
+.NOP Previous version \f\*[B-Font]56\f[]
Number of packets matching the previous NTP version.
-.ti -4
-.IR Bad version Cm 71793
+.TP 7
+.NOP Bad version \f\*[B-Font]71793\f[]
Number of packets matching neither NTP version.
-.ti -4
-.IR Access denied Cm 512
+.TP 7
+.NOP Access denied \f\*[B-Font]512\f[]
Number of packets denied access for any reason.
-.ti -4
-.IR Bad length or format Cm 540
+.TP 7
+.NOP Bad length or format \f\*[B-Font]540\f[]
Number of packets with invalid length, format or port number.
-.ti -4
-.IR Bad authentication Cm 10
+.TP 7
+.NOP Bad authentication \f\*[B-Font]10\f[]
Number of packets not verified as authentic.
-.ti -4
-.IR Rate exceeded Cm 147
+.TP 7
+.NOP Rate exceeded \f\*[B-Font]147\f[]
Number of packets discarded due to rate limitation.
-.in -4
-.ti -4
-.IR Cm statsdir Ar directory_path
+.RE
+.TP 7
+.NOP \f\*[B-Font]statsdir\f[] \f\*[I-Font]directory_path\f[]
Indicates the full path of a directory where statistics files
should be created (see below).
This keyword allows
the (otherwise constant)
-.Cm filegen
+\f\*[B-Font]filegen\f[]
filename prefix to be modified for file generation sets, which
is useful for handling statistics logs.
-.ti -4
-.IR Cm filegen Ar name Xo
-[ "\fIfile\fR" "\fIfilename\fR" ]
-[ "\fItype\fR" "\fItypename\fR" ]
-[ "\fIlink\fR" | nolink ]
-[ "\fIenable\fR" | disable ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]filegen\f[] \f\*[I-Font]name\f[] [\f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]] [\f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]] [\f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]] [\f\*[B-Font]enable\f[] | \f\*[B-Font]disable\f[]]
Configures setting of generation file set name.
Generation
file sets provide a means for handling files that are
operations without the risk of disturbing the operation of ntpd.
(Most important: they can be removed to free space for new data
produced.)
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that this command can be sent from the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
program running at a remote location.
-.in +4
-.ti -4
-.IR Cm name
+.RS
+.TP 7
+.NOP \f\*[B-Font]name\f[]
This is the type of the statistics records, as shown in the
-.Cm statistics
+\f\*[B-Font]statistics\f[]
command.
-.ti -4
-.IR Cm file Ar filename
+.TP 7
+.NOP \f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]
This is the file name for the statistics records.
Filenames of set
members are built from three concatenated elements
-\fICm prefix ,\fR
-\fICm filename\fR
+\f\*[B-Font]prefix\f[],
+\f\*[B-Font]filename\f[]
and
-\fICm suffix :\fR
-.in +4
-.ti -4
-.IR Cm prefix
+\f\*[B-Font]suffix\f[]:
+.RS
+.TP 7
+.NOP \f\*[B-Font]prefix\f[]
This is a constant filename path.
It is not subject to
modifications via the
-\fIfilegen\fR
+\f\*[I-Font]filegen\f[]
option.
It is defined by the
server, usually specified as a compile-time constant.
however, be configurable for individual file generation sets
via other commands.
For example, the prefix used with
-\fIloopstats\fR
+\f\*[I-Font]loopstats\f[]
and
-\fIpeerstats\fR
+\f\*[I-Font]peerstats\f[]
generation can be configured using the
-\fIstatsdir\fR
+\f\*[I-Font]statsdir\f[]
option explained above.
-.ti -4
-.IR Cm filename
+.TP 7
+.NOP \f\*[B-Font]filename\f[]
This string is directly concatenated to the prefix mentioned
above (no intervening
-.Ql / ) .
+\[oq]/\[cq]).
This can be modified using
the file argument to the
-\fIfilegen\fR
+\f\*[I-Font]filegen\f[]
statement.
No
-.Pa ..
+\fI..\f[]
elements are
allowed in this component to prevent filenames referring to
parts outside the filesystem hierarchy denoted by
-\fIprefix .\fR
-.ti -4
-.IR Cm suffix
+\f\*[I-Font]prefix\f[].
+.TP 7
+.NOP \f\*[B-Font]suffix\f[]
This part is reflects individual elements of a file set.
It is
generated according to the type of a file set.
-.in -4
-.ti -4
-.IR Cm type Ar typename
+.RE
+.TP 7
+.NOP \f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]
A file generation set is characterized by its type.
The following
types are supported:
-.in +4
-.ti -4
-.IR Cm none
+.RS
+.TP 7
+.NOP \f\*[B-Font]none\f[]
The file set is actually a single plain file.
-.ti -4
-.IR Cm pid
+.TP 7
+.NOP \f\*[B-Font]pid\f[]
One element of file set is used per incarnation of a ntpd
server.
This type does not perform any changes to file set
members during runtime, however it provides an easy way of
separating files belonging to different
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
server incarnations.
The set member filename is built by appending a
-.Ql \&.
+\[oq]\&.\[cq]
to concatenated
-\fIprefix\fR
+\f\*[I-Font]prefix\f[]
and
-\fIfilename\fR
+\f\*[I-Font]filename\f[]
strings, and
appending the decimal representation of the process ID of the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
server process.
-.ti -4
-.IR Cm day
+.TP 7
+.NOP \f\*[B-Font]day\f[]
One file generation set element is created per day.
A day is
defined as the period between 00:00 and 24:00 UTC.
The file set
member suffix consists of a
-.Ql \&.
+\[oq]\&.\[cq]
and a day specification in
the form
-.Cm YYYYMMdd .
-.Cm YYYY
+\f\*[B-Font]YYYYMMdd\f[].
+\f\*[B-Font]YYYY\f[]
is a 4-digit year number (e.g., 1992).
-.Cm MM
+\f\*[B-Font]MM\f[]
is a two digit month number.
-.Cm dd
+\f\*[B-Font]dd\f[]
is a two digit day number.
Thus, all information written at 10 December 1992 would end up
in a file named
-\fIprefix\fR
-\fIfilename Ns .19921210 .\fR
-.ti -4
-.IR Cm week
+\f\*[I-Font]prefix\f[]
+\f\*[I-Font]filename\f[].19921210.
+.TP 7
+.NOP \f\*[B-Font]week\f[]
Any file set member contains data related to a certain week of
a year.
The term week is defined by computing day-of-year
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
filename base: A dot, a 4-digit year number, the letter
-.Cm W ,
+\f\*[B-Font]W\f[],
and a 2-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
-.No . Ns Ar 1992W1 .
-.ti -4
-.IR Cm month
+.NOP. \f\*[I-Font]1992W1\f[].
+.TP 7
+.NOP \f\*[B-Font]month\f[]
One generation file set element is generated per month.
The
file name suffix consists of a dot, a 4-digit year number, and
a 2-digit month.
-.ti -4
-.IR Cm year
+.TP 7
+.NOP \f\*[B-Font]year\f[]
One generation file element is generated per year.
The filename
suffix consists of a dot and a 4 digit year number.
-.ti -4
-.IR Cm age
+.TP 7
+.NOP \f\*[B-Font]age\f[]
This type of file generation sets changes to a new element of
the file set every 24 hours of server operation.
The filename
suffix consists of a dot, the letter
-.Cm a ,
+\f\*[B-Font]a\f[],
and an 8-digit number.
This number is taken to be the number of seconds the server is
running at the start of the corresponding 24-hour period.
Information is only written to a file generation by specifying
-.Cm enable ;
+\f\*[B-Font]enable\f[];
output is prevented by specifying
-.Cm disable .
-.in -4
-.ti -4
-.IR Cm link | nolink
+\f\*[B-Font]disable\f[].
+.RE
+.TP 7
+.NOP \f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]
It is convenient to be able to access the current element of a file
generation set by a fixed name.
This feature is enabled by
specifying
-.Cm link
+\f\*[B-Font]link\f[]
and disabled using
-.Cm nolink .
+\f\*[B-Font]nolink\f[].
If link is specified, a
hard link from the current file set element to a file without
suffix is created.
When there is already a file with this name and
the number of links of this file is one, it is renamed appending a
dot, the letter
-.Cm C ,
+\f\*[B-Font]C\f[],
and the pid of the ntpd server process.
When the
number of links is greater than one, the file is unlinked.
This
allows the current file to be accessed by a constant name.
-.ti -4
-.IR Cm enable \&| Cm disable
+.TP 7
+.NOP \f\*[B-Font]enable\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]disable\f[]
Enables or disables the recording function.
-.in -4
-.in -4
+.RE
+.RE
+.PP
.SH Access Control Support
The
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
daemon implements a general purpose address/mask based restriction
list.
The list contains address/match entries sorted first
last match found defining the restriction flags associated
with the entry.
Additional information and examples can be found in the
-.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+"Notes on Configuring NTP and Setting up a NTP Subnet"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.PP
+\fI/usr/share/doc/ntp\f[]).
+.sp \n(Ppu
+.ne 2
+
The restriction facility was implemented in conformance
with the access policies for the original NSFnet backbone
time servers.
an alternative to the NTP authentication facilities.
Source address based restrictions are easily circumvented
by a determined cracker.
-.PP
+.sp \n(Ppu
+.ne 2
+
Clients can be denied service because they are explicitly
included in the restrict list created by the restrict command
or implicitly as the result of cryptographic or rate limit
to zero and the reference identifier field set to a four-byte
ASCII code.
If the
-.Cm noserve
+\f\*[B-Font]noserve\f[]
or
-.Cm notrust
+\f\*[B-Font]notrust\f[]
flag of the matching restrict list entry is set,
the code is "DENY"; if the
-.Cm limited
+\f\*[B-Font]limited\f[]
flag is set and the rate limit
is exceeded, the code is "RATE".
Finally, if a cryptographic violation occurs, the code is "CRYP".
-.PP
+.sp \n(Ppu
+.ne 2
+
A client receiving a KoD performs a set of sanity checks to
minimize security exposure, then updates the stratum and
reference identifier peer variables, sets the access
happens automatically at the client when the association times out.
It will happen at the server only if the server operator cooperates.
.SS Access Control Commands
-.TP
-.BR Xo Ic discard
-[ "\fIaverage\fR" "\fIavg\fR" ]
-[ "\fIminimum\fR" "\fImin\fR" ]
-[ "\fImonitor\fR" "\fIprob\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]discard\f[] [\f\*[B-Font]average\f[] \f\*[I-Font]avg\f[]] [\f\*[B-Font]minimum\f[] \f\*[I-Font]min\f[]] [\f\*[B-Font]monitor\f[] \f\*[I-Font]prob\f[]]
Set the parameters of the
-.Cm limited
+\f\*[B-Font]limited\f[]
facility which protects the server from
client abuse.
The
-.Cm average
+\f\*[B-Font]average\f[]
subcommand specifies the minimum average packet
spacing, while the
-.Cm minimum
+\f\*[B-Font]minimum\f[]
subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
and a kiss-o'-death packet returned if enabled.
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
for packets that overflow the rate-control window.
-.TP
-.BR Xo Ic restrict address
-[ "\fImask\fR" "\fImask\fR" ]
-[ "\fIflag\fR" ... ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument expressed in
dotted-quad form is the address of a host or network.
Alternatively, the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument can be a valid host DNS name.
The
-\fImask\fR
+\f\*[I-Font]mask\f[]
argument expressed in dotted-quad form defaults to
-.Cm 255.255.255.255 ,
+\f\*[B-Font]255.255.255.255\f[],
meaning that the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
is treated as the address of an individual host.
A default entry (address
-.Cm 0.0.0.0 ,
+\f\*[B-Font]0.0.0.0\f[],
mask
-.Cm 0.0.0.0 )
+\f\*[B-Font]0.0.0.0\f[])
is always included and is always the first entry in the list.
Note that text string
-.Cm default ,
+\f\*[B-Font]default\f[],
with no mask option, may
be used to indicate the default entry.
In the current implementation,
-.Cm flag
+\f\*[B-Font]flag\f[]
always
restricts access, i.e., an entry with no flags indicates that free
access to the server is to be given.
reconfiguration of the server.
One or more of the following flags
may be specified:
-.in +4
-.ti -4
-.IR Cm ignore
+.RS
+.TP 7
+.NOP \f\*[B-Font]ignore\f[]
Deny packets of all kinds, including
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
queries.
-.ti -4
-.IR Cm kod
+.TP 7
+.NOP \f\*[B-Font]kod\f[]
If this flag is set when an access violation occurs, a kiss-o'-death
(KoD) packet is sent.
KoD packets are rate limited to no more than one
per second.
If another KoD packet occurs within one second after the
last one, the packet is dropped.
-.ti -4
-.IR Cm limited
+.TP 7
+.NOP \f\*[B-Font]limited\f[]
Deny service if the packet spacing violates the lower limits specified
in the discard command.
A history of clients is kept using the
monitoring capability of
-.Xr ntpd 1ntpdmdoc .
+\fCntpd\fR(1ntpdmdoc)\f[].
Thus, monitoring is always active as
long as there is a restriction entry with the
-.Cm limited
+\f\*[B-Font]limited\f[]
flag.
-.ti -4
-.IR Cm lowpriotrap
+.TP 7
+.NOP \f\*[B-Font]lowpriotrap\f[]
Declare traps set by matching hosts to be low priority.
The
number of traps a server can maintain is limited (the current limit
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
-.ti -4
-.IR Cm nomodify
+.TP 7
+.NOP \f\*[B-Font]nomodify\f[]
Deny
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
queries which attempt to modify the state of the
server (i.e., run time reconfiguration).
Queries which return
information are permitted.
-.ti -4
-.IR Cm noquery
+.TP 7
+.NOP \f\*[B-Font]noquery\f[]
Deny
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
queries.
Time service is not affected.
-.ti -4
-.IR Cm nopeer
+.TP 7
+.NOP \f\*[B-Font]nopeer\f[]
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
-.ti -4
-.IR Cm noserve
+.TP 7
+.NOP \f\*[B-Font]noserve\f[]
Deny all packets except
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
queries.
-.ti -4
-.IR Cm notrap
+.TP 7
+.NOP \f\*[B-Font]notrap\f[]
Decline to provide mode 6 control message trap service to matching
hosts.
The trap service is a subsystem of the ntpdq control message
protocol which is intended for use by remote event logging programs.
-.ti -4
-.IR Cm notrust
+.TP 7
+.NOP \f\*[B-Font]notrust\f[]
Deny service unless the packet is cryptographically authenticated.
-.ti -4
-.IR Cm ntpport
+.TP 7
+.NOP \f\*[B-Font]ntpport\f[]
This is actually a match algorithm modifier, rather than a
restriction flag.
Its presence causes the restriction entry to be
matched only if the source port in the packet is the standard NTP
UDP port (123).
Both
-.Cm ntpport
+\f\*[B-Font]ntpport\f[]
and
-.Cm non-ntpport
+\f\*[B-Font]non-ntpport\f[]
may
be specified.
The
-.Cm ntpport
+\f\*[B-Font]ntpport\f[]
is considered more specific and
is sorted later in the list.
-.ti -4
-.IR Cm version
+.TP 7
+.NOP \f\*[B-Font]version\f[]
Deny packets that do not match the current NTP version.
-.in -4
-.PP
+.RE
+.sp \n(Ppu
+.ne 2
+
Default restriction list entries with the flags ignore, interface,
ntpport, for each of the local host's interface addresses are
inserted into the table at startup to prevent the server
otherwise unconfigured; no flags are associated
with the default entry (i.e., everything besides your own
NTP server is unrestricted).
+.PP
.SH Automatic NTP Configuration Options
.SS Manycasting
Manycasting is a automatic discovery and configuration paradigm
client associations with some number of the "best"
of the nearby manycast servers, yet automatically reconfigures
to sustain this number of servers should one or another fail.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that the manycasting paradigm does not coincide
with the anycast paradigm described in RFC-1546,
which is designed to find a single server from a clique
of servers providing the same service.
The manycast paradigm is designed to find a plurality
of redundant servers satisfying defined optimality criteria.
-.PP
+.sp \n(Ppu
+.ne 2
+
Manycasting can be used with either symmetric key
or public key cryptography.
The public key infrastructure (PKI)
large key sizes.
It is implemented using the Autokey protocol and
the OpenSSL cryptographic library available from
-.Li http://www.openssl.org/ .
+\f[C]http://www.openssl.org/\f[].
The library can also be used with other NTPv4 modes
as well and is highly recommended, especially for broadcast modes.
-.PP
+.sp \n(Ppu
+.ne 2
+
A persistent manycast client association is configured
using the manycastclient command, which is similar to the
server command but with a multicast (IPv4 class
-.Cm D
+\f\*[B-Font]D\f[]
or IPv6 prefix
-.Cm FF )
+\f\*[B-Font]FF\f[])
group address.
The IANA has designated IPv4 address 224.1.1.1
and IPv6 address FF05::101 (site local) for NTP.
There can be as many manycast client associations
as different group address, each one serving as a template
for a future ephemeral unicast client/server association.
-.PP
+.sp \n(Ppu
+.ne 2
+
Manycast servers configured with the
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command listen on the specified group address for manycast
client messages.
Note the distinction between manycast client,
to a valid source and operating at a stratum level equal
to or lower than the manycast client, it replies to the
manycast client message with an ordinary unicast server message.
-.PP
+.sp \n(Ppu
+.ne 2
+
The manycast client receiving this message mobilizes
an ephemeral client/server association according to the
matching manycast client template, but only if cryptographically
distance.
The surviving associations then continue
in ordinary client/server mode.
-.PP
+.sp \n(Ppu
+.ne 2
+
The manycast client polling strategy is designed to reduce
as much as possible the volume of manycast client messages
and the effects of implosion due to near-simultaneous
arrival of manycast server messages.
The strategy is determined by the
-.Ic manycastclient ,
-.Ic tos
+\f\*[B-Font]manycastclient\f[],
+\f\*[B-Font]tos\f[]
and
-.Ic ttl
+\f\*[B-Font]ttl\f[]
configuration commands.
The manycast poll interval is
normally eight times the system poll interval,
which starts out at the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
value specified in the
-.Ic manycastclient ,
+\f\*[B-Font]manycastclient\f[],
command and, under normal circumstances, increments to the
-.Cm maxpolll
+\f\*[B-Font]maxpolll\f[]
value specified in this command.
Initially, the TTL is
set at the minimum hops specified by the ttl command.
the maximum hops specified by this command or a sufficient
number client associations have been found.
Further retransmissions use the same TTL.
-.PP
+.sp \n(Ppu
+.ne 2
+
The quality and reliability of the suite of associations
discovered by the manycast client is determined by the NTP
mitigation algorithms and the
-.Cm minclock
+\f\*[B-Font]minclock\f[]
and
-.Cm minsane
+\f\*[B-Font]minsane\f[]
values specified in the
-.Ic tos
+\f\*[B-Font]tos\f[]
configuration command.
At least
-.Cm minsane
+\f\*[B-Font]minsane\f[]
candidate servers must be available and the mitigation
algorithms produce at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
survivors in order to synchronize the clock.
Byzantine agreement principles require at least four
candidates in order to correctly discard a single falseticker.
For legacy purposes,
-.Cm minsane
+\f\*[B-Font]minsane\f[]
defaults to 1 and
-.Cm minclock
+\f\*[B-Font]minclock\f[]
defaults to 3.
For manycast service
-.Cm minsane
+\f\*[B-Font]minsane\f[]
should be explicitly set to 4, assuming at least that
number of servers are available.
-.PP
+.sp \n(Ppu
+.ne 2
+
If at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
servers are found, the manycast poll interval is immediately
set to eight times
-.Cm maxpoll .
+\f\*[B-Font]maxpoll\f[].
If less than
-.Cm minclock
+\f\*[B-Font]minclock\f[]
servers are found when the TTL has reached the maximum hops,
the manycast poll interval is doubled.
For each transmission
after that, the poll interval is doubled again until
reaching the maximum of eight times
-.Cm maxpoll .
+\f\*[B-Font]maxpoll\f[].
Further transmissions use the same poll interval and
TTL values.
Note that while all this is going on,
each client/server association found is operating normally
it the system poll interval.
-.PP
+.sp \n(Ppu
+.ne 2
+
Administratively scoped multicast boundaries are normally
specified by the network router configuration and,
in the case of IPv6, the link/site scope prefix.
By default, the increment for TTL hops is 32 starting
from 31; however, the
-.Ic ttl
+\f\*[B-Font]ttl\f[]
configuration command can be
used to modify the values to match the scope rules.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is often useful to narrow the range of acceptable
servers which can be found by manycast client associations.
Because manycast servers respond only when the client
in TTL range, which is probably not the most common
objective in large networks.
The
-.Ic tos
+\f\*[B-Font]tos\f[]
command can be used to modify this behavior.
Servers with stratum below
-.Cm floor
+\f\*[B-Font]floor\f[]
or above
-.Cm ceiling
+\f\*[B-Font]ceiling\f[]
specified in the
-.Ic tos
+\f\*[B-Font]tos\f[]
command are strongly discouraged during the selection
process; however, these servers may be temporally
accepted if the number of servers within TTL range is
less than
-.Cm minclock .
-.PP
+\f\*[B-Font]minclock\f[].
+.sp \n(Ppu
+.ne 2
+
The above actions occur for each manycast client message,
which repeats at the designated poll interval.
However, once the ephemeral client association is mobilized,
since that would result in a duplicate association.
If during a poll interval the number of client associations
falls below
-.Cm minclock ,
+\f\*[B-Font]minclock\f[],
all manycast client prototype associations are reset
to the initial poll interval and TTL hops and operation
resumes from the beginning.
The result could well be an implosion, either minor or major,
depending on the number of servers in range.
The recommended value for
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
is 12 (4,096 s).
-.PP
+.sp \n(Ppu
+.ne 2
+
It is possible and frequently useful to configure a host
as both manycast client and manycast server.
A number of hosts configured this way and sharing a common
dependent clients.
With two exceptions, all servers
and clients have identical configuration files including both
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
and
-.Ic multicastserver
+\f\*[B-Font]multicastserver\f[]
commands using, for instance, multicast group address
239.1.1.1.
The only exception is that each primary server
configuration file must include commands for the primary
reference source such as a GPS receiver.
-.PP
+.sp \n(Ppu
+.ne 2
+
The remaining configuration files for all secondary
servers and clients have the same contents, except for the
-.Ic tos
+\f\*[B-Font]tos\f[]
command, which is specific for each stratum level.
For stratum 1 and stratum 2 servers, that command is
not necessary.
For stratum 3 and above servers the
-.Cm floor
+\f\*[B-Font]floor\f[]
value is set to the intended stratum number.
Thus, all stratum 3 configuration files are identical,
all stratum 4 files are identical and so forth.
-.PP
+.sp \n(Ppu
+.ne 2
+
Once operations have stabilized in this scenario,
the primary servers will find the primary reference source
and each other, since they both operate at the same
it will continue to operate as a client and other clients
will time out the corresponding association and
re-associate accordingly.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some administrators prefer to avoid running
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
continuously and run either
-.Xr ntpdate 8
+\fCntpdate\fR(8)\f[]
or
-.Xr ntpd 1ntpdmdoc
- q
+\fCntpd\fR(1ntpdmdoc)\f[]
+\f\*[B-Font]\-q\f[]
as a cron job.
In either case the servers must be
configured in advance and the program fails if none are
available when the cron job runs.
A really slick
application of manycast is with
-.Xr ntpd 1ntpdmdoc
- q .
+\fCntpd\fR(1ntpdmdoc)\f[]
+\f\*[B-Font]\-q\f[].
The program wakes up, scans the local landscape looking
for the usual suspects, selects the best from among
the rascals, sets the clock and then departs.
but the certificates remain in the local cache.
It often happens that several complete signing trails
from the client to the primary servers are collected in this way.
-.PP
+.sp \n(Ppu
+.ne 2
+
About once an hour or less often if the poll interval
exceeds this, the client regenerates the Autokey key list.
This is in general transparent in client/server mode.
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.SS Manycast Options
-.TP
-.BR Xo Ic tos
-.Oo
-.Cm ceiling Ar ceiling |
-.Cm cohort { 0 | 1 } |
-.Cm floor Ar floor |
-.Cm minclock Ar minclock |
-.Cm minsane Ar minsane
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
and is most useful in manycast mode.
The variables operate
as follows:
-.in +4
-.ti -4
-.IR Cm ceiling Ar ceiling
+.RS
+.TP 7
+.NOP \f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[]
Peers with strata above
-.Cm ceiling
+\f\*[B-Font]ceiling\f[]
will be discarded if there are at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
peers remaining.
This value defaults to 15, but can be changed
to any number from 1 to 15.
-.ti -4
-.IR Cm cohort Bro 0 | 1 Brc
+.TP 7
+.NOP \f\*[B-Font]cohort\f[] {0 | 1 }
This is a binary flag which enables (0) or disables (1)
manycast server replies to manycast clients with the same
stratum level.
large numbers of clients with the same stratum level
are present.
The default is to enable these replies.
-.ti -4
-.IR Cm floor Ar floor
+.TP 7
+.NOP \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[]
Peers with strata below
-.Cm floor
+\f\*[B-Font]floor\f[]
will be discarded if there are at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
-.ti -4
-.IR Cm minclock Ar minclock
+.TP 7
+.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
The clustering algorithm repeatedly casts out outlyer
associations until no more than
-.Cm minclock
+\f\*[B-Font]minclock\f[]
associations remain.
This value defaults to 3,
but can be changed to any number from 1 to the number of
configured sources.
-.ti -4
-.IR Cm minsane Ar minsane
+.TP 7
+.NOP \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]
This is the minimum number of candidates available
to the clock selection algorithm in order to produce
one or more truechimers for the clustering algorithm.
for legacy purposes.
However, according to principles of
Byzantine agreement,
-.Cm minsane
+\f\*[B-Font]minsane\f[]
should be at least 4 in order to detect and discard
a single falseticker.
-.in -4
-.TP
-.BR Cm ttl Ar hop ...
+.RE
+.TP 7
+.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
+.PP
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
Additional information can be found in the pages linked
there, including the
-.Qq Debugging Hints for Reference Clock Drivers
+"Debugging Hints for Reference Clock Drivers"
and
-.Qq How To Write a Reference Clock Driver
+"How To Write a Reference Clock Driver"
pages
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
In addition, support for a PPS
signal is available as described in the
-.Qq Pulse-per-second (PPS) Signal Interfacing
+"Pulse-per-second (PPS) Signal Interfacing"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
Many
drivers support special line discipline/streams modules which can
significantly improve the accuracy using the driver.
These are
described in the
-.Qq Line Disciplines and Streams Drivers
+"Line Disciplines and Streams Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.PP
+\fI/usr/share/doc/ntp\f[]).
+.sp \n(Ppu
+.ne 2
+
A reference clock will generally (though not always) be a radio
timecode receiver which is synchronized to a source of standard
time such as the services offered by the NRC in Canada and NIST and
or the hardware port has not been appropriately configured results
in a scalding remark to the system log file, but is otherwise non
hazardous.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the purposes of configuration,
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
treats
reference clocks in a manner analogous to normal NTP peers as much
as possible.
correct but invalid IP address, in order to distinguish them from
normal NTP peers.
Reference clock addresses are of the form
-.Sm off
-.Li 127.127. Ar t . Ar u ,
-.Sm on
+\f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[],
where
-\fIt\fR
+\f\*[I-Font]t\f[]
is an integer
denoting the clock type and
-\fIu\fR
+\f\*[I-Font]u\f[]
indicates the unit
number in the range 0-3.
While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Ic server
+\f\*[B-Font]server\f[]
command is used to configure a reference
clock, where the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument in that command
is the clock address.
The
-.Cm key ,
-.Cm version
+\f\*[B-Font]key\f[],
+\f\*[B-Font]version\f[]
and
-.Cm ttl
+\f\*[B-Font]ttl\f[]
options are not used for reference clock support.
The
-.Cm mode
+\f\*[B-Font]mode\f[]
option is added for reference clock support, as
described below.
The
-.Cm prefer
+\f\*[B-Font]prefer\f[]
option can be useful to
persuade the server to cherish a reference clock with somewhat more
enthusiasm than other reference clocks or peers.
Further
information on this option can be found in the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page.
The
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
options have
meaning only for selected clock drivers.
See the individual clock
driver document pages for additional information.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Ic fudge
+\f\*[B-Font]fudge\f[]
command is used to provide additional
information for individual clock drivers and normally follows
immediately after the
-.Ic server
+\f\*[B-Font]server\f[]
command.
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument specifies the clock address.
The
-.Cm refid
+\f\*[B-Font]refid\f[]
and
-.Cm stratum
+\f\*[B-Font]stratum\f[]
options can be used to
override the defaults for the device.
There are two optional
device-dependent time offsets and four flags that can be included
in the
-.Ic fudge
+\f\*[B-Font]fudge\f[]
command as well.
-.PP
+.sp \n(Ppu
+.ne 2
+
The stratum number of a reference clock is by default zero.
Since the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
daemon adds one to the stratum of each
peer, a primary server ordinarily displays an external stratum of
one.
In order to provide engineered backups, it is often useful to
specify the reference clock stratum as greater than zero.
The
-.Cm stratum
+\f\*[B-Font]stratum\f[]
option is used for this purpose.
Also, in cases
involving both a reference clock and a pulse-per-second (PPS)
discipline signal, it is useful to specify the reference clock
identifier as other than the default, depending on the driver.
The
-.Cm refid
+\f\*[B-Font]refid\f[]
option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
-.TP
-.BR Xo Ic server
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-[ "\fIprefer\fR" ]
-[ "\fImode\fR" "\fIint\fR" ]
-[ "\fIminpoll\fR" "\fIint\fR" ]
-[ "\fImaxpoll\fR" "\fIint\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
-.in +4
-.ti -4
-.IR Cm prefer
+.RS
+.TP 7
+.NOP \f\*[B-Font]prefer\f[]
Marks the reference clock as preferred.
All other things being
equal, this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
for further information.
-.ti -4
-.IR Cm mode Ar int
+.TP 7
+.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
Specifies a mode number which is interpreted in a
device-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
drivers.
-.ti -4
-.IR Cm minpoll Ar int
-.ti -4
-.IR Cm maxpoll Ar int
+.TP 7
+.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]
+.TP 7
+.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]
These options specify the minimum and maximum polling interval
for reference clock messages, as a power of 2 in seconds
For
most directly connected reference clocks, both
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
default to 6 (64 s).
For modem reference clocks,
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
defaults to 10 (17.1 m) and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
-.in -4
-.TP
-.BR Xo Ic fudge
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-[ "\fItime1\fR" "\fIsec\fR" ]
-[ "\fItime2\fR" "\fIsec\fR" ]
-[ "\fIstratum\fR" "\fIint\fR" ]
-[ "\fIrefid\fR" "\fIstring\fR" ]
-[ "\fImode\fR" "\fIint\fR" ]
-[ "\fIflag1\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag2\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag3\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag4\fR" "\fI0\fR" \&| "\fI1\fR" ]
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]fudge\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]time2\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]]
This command can be used to configure reference clocks in
special ways.
It must immediately follow the
-.Ic server
+\f\*[B-Font]server\f[]
command which configures the driver.
Note that the same capability
is possible at run time using the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
program.
The options are interpreted as
follows:
-.in +4
-.ti -4
-.IR Cm time1 Ar sec
+.RS
+.TP 7
+.NOP \f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]
Specifies a constant to be added to the time offset produced by
the driver, a fixed-point decimal number in seconds.
This is used
radio clock or PPS signal is supported, a special calibration
feature is available.
It takes the form of an argument to the
-.Ic enable
+\f\*[B-Font]enable\f[]
command described in
-.Sx Miscellaneous Options
+\fIMiscellaneous\f[] \fIOptions\f[]
page and operates as described in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.ti -4
-.IR Cm time2 Ar secs
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]time2\f[] \f\*[I-Font]secs\f[]
Specifies a fixed-point decimal number in seconds, which is
interpreted in a driver-dependent way.
See the descriptions of
specific drivers in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.ti -4
-.IR Cm stratum Ar int
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
This number overrides the default stratum number
ordinarily assigned by the driver itself, usually zero.
-.ti -4
-.IR Cm refid Ar string
+.TP 7
+.NOP \f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]
Specifies an ASCII string of from one to four characters which
defines the reference identifier used by the driver.
This string
overrides the default identifier ordinarily assigned by the driver
itself.
-.ti -4
-.IR Cm mode Ar int
+.TP 7
+.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
Specifies a mode number which is interpreted in a
device-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
drivers.
-.ti -4
-.IR Cm flag1 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag2 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag3 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag4 Cm 0 \&| Cm 1
+.TP 7
+.NOP \f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
These four flags are used for customizing the clock driver.
The
interpretation of these values, and whether they are used at all,
is a function of the particular clock driver.
However, by
convention
-.Cm flag4
+\f\*[B-Font]flag4\f[]
is used to enable recording monitoring
data to the
-.Cm clockstats
+\f\*[B-Font]clockstats\f[]
file configured with the
-.Ic filegen
+\f\*[B-Font]filegen\f[]
command.
Further information on the
-.Ic filegen
+\f\*[B-Font]filegen\f[]
command can be found in
-.Sx Monitoring Options .
-.in -4
+\fIMonitoring\f[] \fIOptions\f[].
+.RE
+.PP
.SH Miscellaneous Options
-.TP
-.BR Ic broadcastdelay Ar seconds
+.TP 7
+.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
to determine the network delay between the local and remote
servers.
number between 0.003 and 0.007 seconds is appropriate.
The default
when this command is not used is 0.004 seconds.
-.TP
-.BR Ic calldelay Ar delay
+.TP 7
+.NOP \f\*[B-Font]calldelay\f[] \f\*[I-Font]delay\f[]
This option controls the delay in seconds between the first and second
packets sent in burst or iburst mode to allow additional time for a modem
or ISDN call to complete.
-.TP
-.BR Ic driftfile Ar driftfile
+.TP 7
+.NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[]
This command specifies the complete path and name of the file used to
record the frequency of the local clock oscillator.
This is the same
operation as the
- f
+\f\*[B-Font]\-f\f[]
command line option.
If the file exists, it is read at
startup in order to set the initial frequency and then updated once per
frequency of zero and creates the file when writing it for the first time.
If this command is not given, the daemon will always start with an initial
frequency of zero.
-.PP
+.sp \n(Ppu
+.ne 2
+
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM).
the current drift value into a temporary file and then renaming
this file to replace the old version.
This implies that
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
must have write permission for the directory the
drift file is located in, and that file system links, symbolic or
otherwise, should be avoided.
-.TP
-.BR Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.TP
-.BR Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
+.TP 7
+.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
Provides a way to enable or disable various server options.
Flags not mentioned are unaffected.
Note that all of these flags
can be controlled remotely using the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility program.
-.in +4
-.ti -4
-.IR Cm auth
+.RS
+.TP 7
+.NOP \f\*[B-Font]auth\f[]
Enables the server to synchronize with unconfigured peers only if the
peer has been correctly authenticated using either public key or
private key cryptography.
The default for this flag is
-.Ic enable .
-.ti -4
-.IR Cm bclient
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]bclient\f[]
Enables the server to listen for a message from a broadcast or
multicast server, as in the
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
command with default
address.
The default for this flag is
-.Ic disable .
-.ti -4
-.IR Cm calibrate
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]calibrate\f[]
Enables the calibrate feature for reference clocks.
The default for
this flag is
-.Ic disable .
-.ti -4
-.IR Cm kernel
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]kernel\f[]
Enables the kernel time discipline, if available.
The default for this
flag is
-.Ic enable
+\f\*[B-Font]enable\f[]
if support is available, otherwise
-.Ic disable .
-.ti -4
-.IR Cm monitor
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]monitor\f[]
Enables the monitoring facility.
See the
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
program
and the
-.Ic monlist
+\f\*[B-Font]monlist\f[]
command or further information.
The
default for this flag is
-.Ic enable .
-.ti -4
-.IR Cm ntp
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]ntp\f[]
Enables time and frequency discipline.
In effect, this switch opens and
closes the feedback loop, which is useful for testing.
The default for
this flag is
-.Ic enable .
-.ti -4
-.IR Cm pps
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]pps\f[]
Enables the pulse-per-second (PPS) signal when frequency and time is
disciplined by the precision time kernel modifications.
See the
-.Qq A Kernel Model for Precision Timekeeping
+"A Kernel Model for Precision Timekeeping"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page for further information.
The default for this flag is
-.Ic disable .
-.ti -4
-.IR Cm stats
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]stats\f[]
Enables the statistics facility.
See the
-.Sx Monitoring Options
+\fIMonitoring\f[] \fIOptions\f[]
section for further information.
The default for this flag is
-.Ic disable .
-.in -4
-.TP
-.BR Ic includefile Ar includefile
+\f\*[B-Font]disable\f[].
+.RE
+.TP 7
+.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
This command allows additional configuration commands
to be included from a separate file.
Include files may
include file, command processing resumes in the previous
configuration file.
This option is useful for sites that run
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
-.TP
-.BR Ic logconfig Ar configkeyword
+.TP 7
+.NOP \f\*[B-Font]logconfig\f[] \f\*[I-Font]configkeyword\f[]
This command controls the amount and type of output written to
the system
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
facility or the alternate
-.Ic logfile
+\f\*[B-Font]logfile\f[]
log file.
By default, all output is turned on.
All
-\fIconfigkeyword\fR
+\f\*[I-Font]configkeyword\f[]
keywords can be prefixed with
-.Ql = ,
-.Ql +
+\[oq]=\[cq],
+\[oq]+\[cq]
and
-.Ql \- ,
+\[oq]\-\[cq],
where
-.Ql =
+\[oq]=\[cq]
sets the
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
priority mask,
-.Ql +
+\[oq]+\[cq]
adds and
-.Ql \-
+\[oq]\-\[cq]
removes
messages.
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
messages can be controlled in four
classes
-.Po
-.Cm clock ,
-.Cm peer ,
-.Cm sys
-and
-.Cm sync
-.Pc .
+(\f\*[B-Font]clock\f[], \f\*[B-Font]peer\f[], \f\*[B-Font]sys\f[] and \f\*[B-Font]sync\f[]).
Within these classes four types of messages can be
controlled: informational messages
-.Po
-.Cm info
-.Pc ,
+(\f\*[B-Font]info\f[]),
event messages
-.Po
-.Cm events
-.Pc ,
+(\f\*[B-Font]events\f[]),
statistics messages
-.Po
-.Cm statistics
-.Pc
+(\f\*[B-Font]statistics\f[])
and
status messages
-.Po
-.Cm status
-.Pc .
-.PP
+(\f\*[B-Font]status\f[]).
+.sp \n(Ppu
+.ne 2
+
Configuration keywords are formed by concatenating the message class with
the event class.
The
-.Cm all
+\f\*[B-Font]all\f[]
prefix can be used instead of a message class.
A
message class may also be followed by the
-.Cm all
+\f\*[B-Font]all\f[]
keyword to enable/disable all
messages of the respective message class.Thus, a minimal log configuration
could look like this:
logconfig =syncstatus +sysevents
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
This would just list the synchronizations state of
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
and the major system events.
For a simple reference server, the
following minimum message configuration could be useful:
logconfig =syncall +clockall
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
This configuration will list all clock information and
synchronization information.
All other events and messages about
peers, system events and so on is suppressed.
-.TP
-.BR Ic logfile Ar logfile
+.TP 7
+.NOP \f\*[B-Font]logfile\f[] \f\*[I-Font]logfile\f[]
This command specifies the location of an alternate log file to
be used instead of the default system
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
facility.
This is the same operation as the \-l command line option.
-.TP
-.BR Ic setvar Ar variable Op Cm default
+.TP 7
+.NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]]
This command adds an additional system variable.
These
variables can be used to distribute additional information such as
the access policy.
If the variable of the form
-.Sm off
-.Va name = Ar value
-.Sm on
+\fIname\f[]\fI=\f[]\f\*[I-Font]value\f[]
is followed by the
-.Cm default
+\f\*[B-Font]default\f[]
keyword, the
variable will be listed as part of the default system variables
-.Po
-.Xr ntpq 1ntpqmdoc
-.Ic rv
-command
-.Pc ) .
+(\fCntpq\fR(1ntpqmdoc)\f[] \f\*[B-Font]rv\f[] command)).
These additional variables serve
informational purposes only.
They are not related to the protocol
other that they can be listed.
The known protocol variables will
always override any variables defined via the
-.Ic setvar
+\f\*[B-Font]setvar\f[]
mechanism.
There are three special variables that contain the names
of all variable of the same group.
The
-.Va sys_var_list
+\fIsys_var_list\f[]
holds
the names of all system variables.
The
-.Va peer_var_list
+\fIpeer_var_list\f[]
holds
the names of all peer variables and the
-.Va clock_var_list
+\fIclock_var_list\f[]
holds the names of the reference clock variables.
-.TP
-.BR Xo Ic tinker
-.Oo
-.Cm allan Ar allan |
-.Cm dispersion Ar dispersion |
-.Cm freq Ar freq |
-.Cm huffpuff Ar huffpuff |
-.Cm panic Ar panic |
-.Cm step Ar srep |
-.Cm stepout Ar stepout
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]srep\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]]
This command can be used to alter several system variables in
very exceptional circumstances.
It should occur in the
for them.
Emphasis added: twisters are on their own and can expect
no help from the support group.
-.PP
+.sp \n(Ppu
+.ne 2
+
The variables operate as follows:
-.in +4
-.ti -4
-.IR Cm allan Ar allan
+.RS
+.TP 7
+.NOP \f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[]
The argument becomes the new value for the minimum Allan
intercept, which is a parameter of the PLL/FLL clock discipline
algorithm.
The value in log2 seconds defaults to 7 (1024 s), which is also the lower
limit.
-.ti -4
-.IR Cm dispersion Ar dispersion
+.TP 7
+.NOP \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[]
The argument becomes the new value for the dispersion increase rate,
normally .000015 s/s.
-.ti -4
-.IR Cm freq Ar freq
+.TP 7
+.NOP \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[]
The argument becomes the initial value of the frequency offset in
parts-per-million.
This overrides the value in the frequency file, if
present, and avoids the initial training state if it is not.
-.ti -4
-.IR Cm huffpuff Ar huffpuff
+.TP 7
+.NOP \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[]
The argument becomes the new value for the experimental
huff-n'-puff filter span, which determines the most recent interval
the algorithm will search for a minimum delay.
There
is no default, since the filter is not enabled unless this command
is given.
-.ti -4
-.IR Cm panic Ar panic
+.TP 7
+.NOP \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[]
The argument is the panic threshold, normally 1000 s.
If set to zero,
the panic sanity check is disabled and a clock offset of any value will
be accepted.
-.ti -4
-.IR Cm step Ar step
+.TP 7
+.NOP \f\*[B-Font]step\f[] \f\*[I-Font]step\f[]
The argument is the step threshold, which by default is 0.128 s.
It can
be set to any positive number in seconds.
Note: The kernel time discipline is
disabled if the step threshold is set to zero or greater than the
default.
-.ti -4
-.IR Cm stepout Ar stepout
+.TP 7
+.NOP \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]
The argument is the stepout timeout, which by default is 900 s.
It can
be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
-.in -4
-.TP
-.BR Xo Ic rlimit
-.Oo
-.Cm memlock Ar Nmegabytes |
-.Cm stacksize Ar N4kPages
-.Cm filenum Ar Nfiledescriptors
-.Oc
-.Xc
-.in +4
-.ti -4
-.IR Cm memlock Ar Nmegabytes
+.RE
+.TP 7
+.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
+.RS
+.TP 7
+.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
when dropping root (the
- i
+\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
-.ti -4
-.IR Cm stacksize Ar N4kPages
+.TP 7
+.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
-.ti -4
-.IR Cm filenum Ar Nfiledescriptors
+.TP 7
+.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
-.Fn mlockall
+\fBmlockall\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
-.in -4
-.TP
-.BR Xo Ic trap Ar host_address
-[ "\fIport\fR" "\fIport_number\fR" ]
-[ "\fIinterface\fR" "\fIinterface_address\fR" ]
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
-.PP
+.sp \n(Ppu
+.ne 2
+
The trap receiver will generally log event messages and other
information from the server in a log file.
While such monitor
programs may also request their own trap dynamically, configuring a
trap receiver will ensure that no messages are lost when the server
is started.
-.TP
-.BR Cm hop Ar ...
+.TP 7
+.NOP \f\*[B-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing order, up to 8
values can be specified.
In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
+.PP
.SH "OPTIONS"
.TP
-.BR \-\-help
+.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-\-more-help
+.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
\fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
.fi
.ad
+.TH ntp.conf 5man "22 Dec 2013" "4.2.7p402" "File Formats"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tgaa3K/ag-ihaa2K)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:06:59 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp.conf.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntp.conf\fP ntp.conf
+\- Network Time Protocol (NTP) daemon configuration file format
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
-.TP
-.BR Pa /etc/ntp.conf
+.TP 15
+.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
-.TP
-.BR Pa ntp.keys
+.br
+.ns
+.TP 15
+.NOP \fIntp.keys\f[]
private MD5 keys
-.TP
-.BR Pa ntpkey
+.br
+.ns
+.TP 15
+.NOP \fIntpkey\f[]
RSA private key
-.TP
-.BR Pa ntpkey_ Ns Ar host
+.br
+.ns
+.TP 15
+.NOP \fIntpkey_\f[]\f\*[I-Font]host\f[]
RSA public key
-.TP
-.BR Pa ntp_dh
+.br
+.ns
+.TP 15
+.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
+.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
-.SH "SEE ALSO"
-.Xr ntpd 1ntpdmdoc ,
-.Xr ntpdc 1ntpdcmdoc ,
-.Xr ntpq 1ntpqmdoc
.PP
+.SH "SEE ALSO"
+\fCntpd\fR(1ntpdmdoc)\f[],
+\fCntpdc\fR(1ntpdcmdoc)\f[],
+\fCntpq\fR(1ntpqmdoc)\f[]
+.sp \n(Ppu
+.ne 2
+
In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 4)
-.%O RFC5905
-.Re
+\fI/usr/share/doc/ntp\f[].
+David L. Mills,
+\fINetwork Time Protocol (Version 4)\fR,
+RFC5905
+.PP
+
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
The syntax checking is not picky; some combinations of
ridiculous and even hilarious options and modes may not be
detected.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Pa ntpkey_ Ns Ar host
+\fIntpkey_\f[]\f\*[I-Font]host\f[]
files are really digital
certificates.
These should be obtained via secure directory
services when they become universally available.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_CONF 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:13 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:20 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-\-help
+.It Fl \-help
Display usage information and exit.
-.It \-\-more\-help
+.It Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p401 of <code>ntp.conf</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntp.conf</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntp_002econf-Description">ntp.conf Description</a>
-.TH ntp.conf 5 "30 Nov 2013" "4.2.7p401" "File Formats"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntp.conf 5 "22 Dec 2013" "4.2.7p402" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntp.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:30:49 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntp.conf.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tgaa3K/ag-ihaa2K)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:06:59 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp.conf.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntp.conf \- Network Time Protocol (NTP) daemon configuration file format
+\f\*[B-Font]ntp.conf\fP
+\- Network Time Protocol (NTP) daemon configuration file format
.SH SYNOPSIS
-.B ntp.conf
-.\" Long options only
-.RB [ \-\-\fIopt\-name\fP [ = "| ] \fIvalue\fP]]..."
-.PP
+\f\*[B-Font]ntp.conf\fP
+[\f\*[B-Font]\-\-option-name\f[]]
+[\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntp.conf\fP
configuration file is read at initial startup by the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
daemon in order to specify the synchronization sources,
modes and other related information.
Usually, it is installed in the
-.Pa /etc
+\fI/etc\f[]
directory,
but could be installed elsewhere
(see the daemon's
- c
+\f\*[B-Font]\-c\f[]
command line option).
-.PP
+.sp \n(Ppu
+.ne 2
+
The file format is similar to other
-.Ux
+UNIX
configuration files.
Comments begin with a
-.Ql #
+\[oq]#\[cq]
character and extend to the end of the line;
blank lines are ignored.
Configuration commands consist of an initial keyword
host addresses written in numeric, dotted-quad form,
integers, floating point numbers (when specifying times in seconds)
and text strings.
-.PP
+.sp \n(Ppu
+.ne 2
+
The rest of this page describes the configuration and control options.
The
-.Qq Notes on Configuring NTP and Setting up an NTP Subnet
+"Notes on Configuring NTP and Setting up an NTP Subnet"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
contains an extended discussion of these options.
In addition to the discussion of general
-.Sx Configuration Options ,
+\fIConfiguration\f[] \fIOptions\f[],
there are sections describing the following supported functionality
and the options used to control it:
-.in +4
-.ti -4
-\fB*\fP
-
-.Sx Authentication Support
-.ti -4
-\fB*\fP
-
-.Sx Monitoring Support
-.ti -4
-\fB*\fP
-
-.Sx Access Control Support
-.ti -4
-\fB*\fP
+.IP \fB\(bu\fP 2
+\fIAuthentication\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIMonitoring\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIAccess\f[] \fIControl\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
+.IP \fB\(bu\fP 2
+\fIReference\f[] \fIClock\f[] \fISupport\f[]
+.IP \fB\(bu\fP 2
+\fIMiscellaneous\f[] \fIOptions\f[]
+.PP
+.sp \n(Ppu
+.ne 2
-.Sx Automatic NTP Configuration Options
-.ti -4
-\fB*\fP
-
-.Sx Reference Clock Support
-.ti -4
-\fB*\fP
-
-.Sx Miscellaneous Options
-.in -4
-.PP
Following these is a section describing
-.Sx Miscellaneous Options .
+\fIMiscellaneous\f[] \fIOptions\f[].
While there is a rich set of options available,
the only required option is one or more
-.Ic pool ,
-.Ic server ,
-.Ic peer ,
-.Ic broadcast
+\f\*[B-Font]pool\f[],
+\f\*[B-Font]server\f[],
+\f\*[B-Font]peer\f[],
+\f\*[B-Font]broadcast\f[]
or
-.Ic manycastclient
+\f\*[B-Font]manycastclient\f[]
commands.
.SH Configuration Support
Following is a description of the configuration commands in
Use
of options not listed may not be caught as an error, but may result
in some weird and even destructive behavior.
-.PP
+.sp \n(Ppu
+.ne 2
+
If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
is detected, support for the IPv6 address family is generated
in addition to the default support of the IPv4 address family.
In a few cases, including the reslist billboard generated
by ntpdc, IPv6 addresses are automatically generated.
IPv6 addresses can be identified by the presence of colons
-.Dq \&:
+\*[Lq]\&:\*[Rq]
in the address field.
IPv6 addresses can be used almost everywhere where
IPv4 addresses can be used,
with the exception of reference clock addresses,
which are always IPv4.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that in contexts where a host name is expected, a
- 4
+\f\*[B-Font]\-4\f[]
qualifier preceding
the host name forces DNS resolution to the IPv4 namespace,
while a
- 6
+\f\*[B-Font]\-6\f[]
qualifier forces DNS resolution to the IPv6 namespace.
See IPv6 references for the
equivalent classes for that address family.
-.TP
-.BR Xo Ic pool Ar address
-[ "\fIburst\fR" ]
-[ "\fIiburst\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic server Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIburst\fR" ]
-[ "\fIiburst\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic peer Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-.Xc
-.TP
-.BR Xo Ic broadcast Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fIttl\fR" "\fIttl\fR" ]
-.Xc
-.TP
-.BR Xo Ic manycastclient Ar address
-[ "\fIkey\fR" "\fIkey\fR" \&| "\fIautokey\fR" ]
-[ "\fIversion\fR" "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-[ "\fIminpoll\fR" "\fIminpoll\fR" ]
-[ "\fImaxpoll\fR" "\fImaxpoll\fR" ]
-[ "\fIttl\fR" "\fIttl\fR" ]
-.Xc
-.PP
+.TP 7
+.NOP \f\*[B-Font]pool\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]server\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]peer\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]]
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]]
+.TP 7
+.NOP \f\*[B-Font]manycastclient\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]]
+.PP
+.sp \n(Ppu
+.ne 2
+
These five commands specify the time server name or address to
be used and the mode in which to operate.
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
can be
either a DNS name or an IP address in dotted-quad notation.
Additional information on association behavior can be found in the
-.Qq Association Management
+"Association Management"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.TP
-.BR Ic pool
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]pool\f[]
For type s addresses, this command mobilizes a persistent
client mode association with a number of remote servers.
In this mode the local clock can synchronized to the
remote server, but the remote server can never be synchronized to
the local clock.
-.TP
-.BR Ic server
+.TP 7
+.NOP \f\*[B-Font]server\f[]
For type s and r addresses, this command mobilizes a persistent
client mode association with the specified remote server or local
radio clock.
remote server, but the remote server can never be synchronized to
the local clock.
This command should
-.I not
+\fInot\f[]
be used for type
b or m addresses.
-.TP
-.BR Ic peer
+.TP 7
+.NOP \f\*[B-Font]peer\f[]
For type s addresses (only), this command mobilizes a
persistent symmetric-active mode association with the specified
remote peer.
the better source of time.
This command should NOT be used for type
b, m or r addresses.
-.TP
-.BR Ic broadcast
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[]
For type b and m addresses (only), this
command mobilizes a persistent broadcast mode association.
Multiple
subnet specified, but multicast messages go to all interfaces.
In broadcast mode the local server sends periodic broadcast
messages to a client population at the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
specified, which is usually the broadcast address on (one of) the
local network(s) or a multicast address assigned to NTP.
The IANA
Ordinarily, this
specification applies only to the local server operating as a
sender; for operation as a broadcast client, see the
-.Ic broadcastclient
+\f\*[B-Font]broadcastclient\f[]
or
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
commands
below.
-.TP
-.BR Ic manycastclient
+.TP 7
+.NOP \f\*[B-Font]manycastclient\f[]
For type m addresses (only), this command mobilizes a
manycast client mode association for the multicast address
specified.
In this case a specific address must be supplied which
matches the address used on the
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command for
the designated manycast servers.
The NTP multicast address
these messages and causing a possibly massive implosion of replies
at the sender.
The
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command specifies that the local server
is to operate in client mode with the remote servers that are
discovered as the result of broadcast/multicast messages.
The
client broadcasts a request message to the group address associated
with the specified
-\fIaddress\fR
+\f\*[I-Font]address\f[]
and specifically enabled
servers respond to these messages.
The client selects the servers
providing the best time and continues as with the
-.Ic server
+\f\*[B-Font]server\f[]
command.
The remaining servers are discarded as if never
heard.
.PP
+.sp \n(Ppu
+.ne 2
+
Options:
-.TP
-.BR Cm autokey
+.TP 7
+.NOP \f\*[B-Font]autokey\f[]
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the autokey scheme
described in
-.Sx Authentication Options .
-.TP
-.BR Cm burst
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]burst\f[]
when the server is reachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
additional time for a modem or ISDN call to complete.
This is designed to improve timekeeping quality
with the
-.Ic server
+\f\*[B-Font]server\f[]
command and s addresses.
-.TP
-.BR Cm iburst
+.TP 7
+.NOP \f\*[B-Font]iburst\f[]
When the server is unreachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
additional time for a modem or ISDN call to complete.
This is designed to speed the initial synchronization
acquisition with the
-.Ic server
+\f\*[B-Font]server\f[]
command and s addresses and when
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
is started with the
- q
+\f\*[B-Font]\-q\f[]
option.
-.TP
-.BR Cm key Ar key
+.TP 7
+.NOP \f\*[B-Font]key\f[] \f\*[I-Font]key\f[]
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
-\fIkey\fR
+\f\*[I-Font]key\f[]
identifier with values from 1 to 65534, inclusive.
The
default is to include no encryption field.
-.TP
-.BR Cm minpoll Ar minpoll
-.TP
-.BR Cm maxpoll Ar maxpoll
+.TP 7
+.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]
+.TP 7
+.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]
These options specify the minimum and maximum poll intervals
for NTP messages, as a power of 2 in seconds
The maximum poll
interval defaults to 10 (1,024 s), but can be increased by the
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
option to an upper limit of 17 (36.4 h).
The
minimum poll interval defaults to 6 (64 s), but can be decreased by
the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
option to a lower limit of 4 (16 s).
-.TP
-.BR Cm noselect
+.TP 7
+.NOP \f\*[B-Font]noselect\f[]
Marks the server as unused, except for display purposes.
The server is discarded by the selection algroithm.
-.TP
-.BR Cm prefer
+.TP 7
+.NOP \f\*[B-Font]prefer\f[]
Marks the server as preferred.
All other things being equal,
this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
for further information.
-.TP
-.BR Cm ttl Ar ttl
+.TP 7
+.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]
This option is used only with broadcast server and manycast
client modes.
It specifies the time-to-live
-\fIttl\fR
+\f\*[I-Font]ttl\f[]
to
use on broadcast server and multicast server and the maximum
-\fIttl\fR
+\f\*[I-Font]ttl\f[]
for the expanding ring search with manycast
client packets.
Selection of the proper value, which defaults to
127, is something of a black art and should be coordinated with the
network administrator.
-.TP
-.BR Cm version Ar version
+.TP 7
+.NOP \f\*[B-Font]version\f[] \f\*[I-Font]version\f[]
Specifies the version number to be used for outgoing NTP
packets.
Versions 1-4 are the choices, with version 4 the
default.
+.PP
.SS Auxiliary Commands
-.TP
-.BR Ic broadcastclient
+.TP 7
+.NOP \f\*[B-Font]broadcastclient\f[]
This command enables reception of broadcast server messages to
any local interface (type b) address.
Upon receiving a message for
to avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric-key or public-key
authentication as described in
-.Sx Authentication Options .
-.TP
-.BR Ic manycastserver Ar address ...
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]manycastserver\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
This command enables reception of manycast client messages to
the multicast group address(es) (type m) specified.
At least one
accidental or malicious disruption in this mode, both the server
and client should operate using symmetric-key or public-key
authentication as described in
-.Sx Authentication Options .
-.TP
-.BR Ic multicastclient Ar address ...
+\fIAuthentication\f[] \fIOptions\f[].
+.TP 7
+.NOP \f\*[B-Font]multicastclient\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[]
This command enables reception of multicast server messages to
the multicast group address(es) (type m) specified.
Upon receiving
in order to avoid accidental or malicious disruption in this mode,
both the server and client should operate using symmetric-key or
public-key authentication as described in
-.Sx Authentication Options .
+\fIAuthentication\f[] \fIOptions\f[].
+.PP
.SH Authentication Support
Authentication support allows the NTP client to verify that the
server is in fact known and trusted and not an intruder intending
Either algorithm computes a message digest, or one-way hash, which
can be used to verify the server has the correct private key and
key identifier.
-.PP
+.sp \n(Ppu
+.ne 2
+
NTPv4 retains the NTPv3 scheme, properly described as symmetric key
cryptography and, in addition, provides a new Autokey scheme
based on public key cryptography.
which can be provided by commercial services or
produced by utility programs in the OpenSSL software library
or the NTPv4 distribution.
-.PP
+.sp \n(Ppu
+.ne 2
+
While the algorithms for symmetric key cryptography are
included in the NTPv4 distribution, public key cryptography
requires the OpenSSL software library to be installed
before building the NTP distribution.
Directions for doing that
are on the Building and Installing the Distribution page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authentication is configured separately for each association
using the
-.Cm key
+\f\*[B-Font]key\f[]
or
-.Cm autokey
+\f\*[B-Font]autokey\f[]
subcommand on the
-.Ic peer ,
-.Ic server ,
-.Ic broadcast
+\f\*[B-Font]peer\f[],
+\f\*[B-Font]server\f[],
+\f\*[B-Font]broadcast\f[]
and
-.Ic manycastclient
+\f\*[B-Font]manycastclient\f[]
configuration commands as described in
-.Sx Configuration Options
+\fIConfiguration\f[] \fIOptions\f[]
page.
The authentication
options described below specify the locations of the key files,
if other than default, which symmetric keys are trusted
and the interval between various operations, if other than default.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authentication is always enabled,
although ineffective if not configured as
described below.
preliminary protocol exchange to obtain
the server certificate, verify its
credentials and initialize the protocol
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Cm auth
+\f\*[B-Font]auth\f[]
flag controls whether new associations or
remote configuration commands require cryptographic authentication.
This flag can be set or reset by the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
commands and also by remote
configuration commands sent by a
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
program running in
another machine.
If this flag is enabled, which is the default
authenticated.
It should be understood
that operating with the
-.Ic auth
+\f\*[B-Font]auth\f[]
flag disabled invites a significant vulnerability
where a rogue hacker can
masquerade as a falseticker and seriously
and remote configuration commands and, in particular,
the flag has no effect on
the authentication process itself.
-.PP
+.sp \n(Ppu
+.ne 2
+
An attractive alternative where multicast support is available
is manycast mode, in which clients periodically troll
for servers as described in the
-.Sx Automatic NTP Configuration Options
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
page.
Either symmetric key or public key
cryptographic authentication can be used in this mode.
since the client finds them during regular operation,
and the configuration
files for all clients can be identical.
-.PP
+.sp \n(Ppu
+.ne 2
+
The security model and protocol schemes for
both symmetric key and public key
cryptography are summarized below;
further details are in the briefings, papers
and reports at the NTP project page linked from
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
.SS Symmetric-Key Cryptography
The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
Keys and
related information are specified in a key
file, usually called
-.Pa ntp.keys ,
+\fIntp.keys\f[],
which must be distributed and stored using
secure means beyond the scope of the NTP protocol itself.
Besides the keys used
for ordinary NTP associations,
additional keys can be used as passwords for the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
When
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
is first started, it reads the key file specified in the
-.Ic keys
+\f\*[B-Font]keys\f[]
configuration command and installs the keys
in the key cache.
However,
individual keys must be activated with the
-.Ic trusted
+\f\*[B-Font]trusted\f[]
command before use.
This
allows, for instance, the installation of possibly
several batches of keys and
then activating or deactivating each batch
remotely using
-.Xr ntpdc @NTPDC_MS@ .
+\fCntpdc\fR(@NTPDC_MS@)\f[].
This also provides a revocation capability that can be used
if a key becomes compromised.
The
-.Ic requestkey
+\f\*[B-Font]requestkey\f[]
command selects the key used as the password for the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility, while the
-.Ic controlkey
+\f\*[B-Font]controlkey\f[]
command selects the key used as the password for the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
utility.
.SS Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
.\" the configure and build
.\" process automatically detects the library and links
.\" the library routines required.
-.PP
+.sp \n(Ppu
+.ne 2
+
The Autokey protocol has several modes of operation
corresponding to the various NTP modes supported.
Most modes use a special cookie which can be
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
-.Sx Autonomous Authentication
+\fIAutonomous\f[] \fIAuthentication\f[]
page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The specific cryptographic environment used by Autokey servers
and clients is determined by a set of files
and soft links generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
program.
This includes a required host key file,
required certificate file and optional sign key file,
There are several schemes
available in the OpenSSL software library, each identified
by a specific string such as
-.Cm md5WithRSAEncryption ,
+\f\*[B-Font]md5WithRSAEncryption\f[],
which stands for the MD5 message digest with RSA
encryption scheme.
The current NTP distribution supports
all the schemes in the OpenSSL library, including
those based on RSA and DSA digital signatures.
-.PP
+.sp \n(Ppu
+.ne 2
+
NTP secure groups can be used to define cryptographic compartments
and security hierarchies.
It is important that every host
The name appears in the host certificate in either or both
the subject and issuer fields, so protection against
DNS compromise is essential.
-.PP
+.sp \n(Ppu
+.ne 2
+
By convention, the name of an Autokey host is the name returned
by the Unix
-.Xr gethostname 2
+\fCgethostname\fR(2)\f[]
system call or equivalent in other systems.
By the system design
model, there are no provisions to allow alternate names or aliases.
However, this is not to say that DNS aliases, different names
for each interface, etc., are constrained in any way.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is also important to note that Autokey verifies authenticity
using the host name, network address and public keys,
all of which are bound together by the protocol specifically
Note however that some cryptotype
combinations may successfully interoperate with each other,
but may not represent good security practice.
-.PP
+.sp \n(Ppu
+.ne 2
+
The cryptotype of an association is determined at the time
of mobilization, either at configuration time or some time
later when a message of appropriate cryptotype arrives.
When mobilized by a
-.Ic server
+\f\*[B-Font]server\f[]
or
-.Ic peer
+\f\*[B-Font]peer\f[]
configuration command and no
-.Ic key
+\f\*[B-Font]key\f[]
or
-.Ic autokey
+\f\*[B-Font]autokey\f[]
subcommands are present, the association is not
authenticated; if the
-.Ic key
+\f\*[B-Font]key\f[]
subcommand is present, the association is authenticated
using the symmetric key ID specified; if the
-.Ic autokey
+\f\*[B-Font]autokey\f[]
subcommand is present, the association is authenticated
using Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
When multiple identity schemes are supported in the Autokey
protocol, the first message exchange determines which one is used.
The client request message contains bits corresponding
contains bits corresponding to which schemes it has available.
Both server and client match the received bits with their own
and select a common scheme.
-.PP
+.sp \n(Ppu
+.ne 2
+
Following the principle that time is a public value,
a server responds to any client packet that matches
its cryptotype capabilities.
with the first packet received.
By default, unauthenticated associations will not be mobilized
unless overridden in a decidedly dangerous way.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some examples may help to reduce confusion.
Client Alice has no specific cryptotype selected.
Server Bob has both a symmetric key file and minimal Autokey files.
Bob sends Cathy a thing called a crypto-NAK, which tells her
something broke.
She can see the evidence using the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
program.
-.PP
+.sp \n(Ppu
+.ne 2
+
Denise has rolled her own host key and certificate.
She also uses one of the identity schemes as Bob.
She sends the first Autokey message to Bob and they
both dance the protocol authentication and identity steps.
If all comes out okay, Denise and Bob continue as described above.
-.PP
+.sp \n(Ppu
+.ne 2
+
It should be clear from the above that Bob can support
all the girls at the same time, as long as he has compatible
authentication and identity credentials.
.SS Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+\fCntp-keygen\fR(1ntpkeygenmdoc)\f[]
utility program, including symmetric key, host key and
public certificate files, as well as sign key, identity parameters
and leapseconds files.
and certificates can be imported from public certificate
authorities.
Note that symmetric keys are necessary for the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility programs.
The remaining files are necessary only for the
Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Certificates imported from OpenSSL or public certificate
authorities have certian limitations.
The certificate should be in ASN.1 syntax, X.509 Version 3
a subject key identifier or a issuer key identifier field;
however, an extended key usage field for a trusted host must
contain the value
-.Cm trustRoot ; .
+\f\*[B-Font]trustRoot\f[];.
Other extension fields are ignored.
.SS Authentication Commands
-.TP
-.BR Ic autokey Op Ar logsec
+.TP 7
+.NOP \f\*[B-Font]autokey\f[] [\f\*[I-Font]logsec\f[]]
Specifies the interval between regenerations of the session key
list used with the Autokey protocol.
Note that the size of the key
For poll intervals above the specified interval, a session key list
with a single entry will be regenerated for every message
sent.
-.TP
-.BR Ic controlkey Ar key
+.TP 7
+.NOP \f\*[B-Font]controlkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
utility, which uses the standard
protocol defined in RFC-1305.
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
-.TP
-.BR Xo Ic crypto
-[ "\fIcert\fR" "\fIfile\fR" ]
-[ "\fIleap\fR" "\fIfile\fR" ]
-[ "\fIrandfile\fR" "\fIfile\fR" ]
-[ "\fIhost\fR" "\fIfile\fR" ]
-[ "\fIsign\fR" "\fIfile\fR" ]
-[ "\fIgq\fR" "\fIfile\fR" ]
-[ "\fIgqpar\fR" "\fIfile\fR" ]
-[ "\fIiffpar\fR" "\fIfile\fR" ]
-[ "\fImvpar\fR" "\fIfile\fR" ]
-[ "\fIpw\fR" "\fIpassword\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
This command requires the OpenSSL library.
It activates public key
cryptography, selects the message digest and signature
Unless the complete path and name of the file are specified, the
location of a file is relative to the keys directory specified
in the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command or default
-.Pa /usr/local/etc .
+\fI/usr/local/etc\f[].
Following are the subcommands:
-.in +4
-.ti -4
-.IR Cm cert Ar file
+.RS
+.TP 7
+.NOP \f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]
Specifies the location of the required host public certificate file.
This overrides the link
-.Pa ntpkey_cert_ Ns Ar hostname
+\fIntpkey_cert_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm gqpar Ar file
+.TP 7
+.NOP \f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional GQ parameters file.
This
overrides the link
-.Pa ntpkey_gq_ Ns Ar hostname
+\fIntpkey_gq_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm host Ar file
+.TP 7
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]file\f[]
Specifies the location of the required host key file.
This overrides
the link
-.Pa ntpkey_key_ Ns Ar hostname
+\fIntpkey_key_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm iffpar Ar file
+.TP 7
+.NOP \f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional IFF parameters file.This
overrides the link
-.Pa ntpkey_iff_ Ns Ar hostname
+\fIntpkey_iff_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm leap Ar file
+.TP 7
+.NOP \f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional leapsecond file.
This overrides the link
-.Pa ntpkey_leap
+\fIntpkey_leap\f[]
in the keys directory.
-.ti -4
-.IR Cm mvpar Ar file
+.TP 7
+.NOP \f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional MV parameters file.
This
overrides the link
-.Pa ntpkey_mv_ Ns Ar hostname
+\fIntpkey_mv_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
-.ti -4
-.IR Cm pw Ar password
+.TP 7
+.NOP \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]
Specifies the password to decrypt files containing private keys and
identity parameters.
This is required only if these files have been
encrypted.
-.ti -4
-.IR Cm randfile Ar file
+.TP 7
+.NOP \f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]
Specifies the location of the random seed file used by the OpenSSL
library.
The defaults are described in the main text above.
-.ti -4
-.IR Cm sign Ar file
+.TP 7
+.NOP \f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]
Specifies the location of the optional sign key file.
This overrides
the link
-.Pa ntpkey_sign_ Ns Ar hostname
+\fIntpkey_sign_\f[]\f\*[I-Font]hostname\f[]
in the keys directory.
If this file is
not found, the host key is also the sign key.
-.in -4
-.TP
-.BR Ic keys Ar keyfile
+.RE
+.TP 7
+.NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[]
Specifies the complete path and location of the MD5 key file
containing the keys and key identifiers used by
-.Xr ntpd @NTPD_MS@ ,
-.Xr ntpq @NTPQ_MS@
+\fCntpd\fR(@NTPD_MS@)\f[],
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
when operating with symmetric key cryptography.
This is the same operation as the
- k
+\f\*[B-Font]\-k\f[]
command line option.
-.TP
-.BR Ic keysdir Ar path
+.TP 7
+.NOP \f\*[B-Font]keysdir\f[] \f\*[I-Font]path\f[]
This command specifies the default directory path for
cryptographic keys, parameters and certificates.
The default is
-.Pa /usr/local/etc/ .
-.TP
-.BR Ic requestkey Ar key
+\fI/usr/local/etc/\f[].
+.TP 7
+.NOP \f\*[B-Font]requestkey\f[] \f\*[I-Font]key\f[]
Specifies the key identifier to use with the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility program, which uses a
proprietary protocol specific to this implementation of
-.Xr ntpd @NTPD_MS@ .
+\fCntpd\fR(@NTPD_MS@)\f[].
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
-.TP
-.BR Ic revoke Ar logsec
+.TP 7
+.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
Specifies the interval between re-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
seconds.
For poll
intervals above the specified interval, the values will be updated
for every message sent.
-.TP
-.BR Ic trustedkey Ar key ...
+.TP 7
+.NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]key\f[] \f\*[I-Font]...\f[]
Specifies the key identifiers which are trusted for the
purposes of authenticating peers with symmetric key cryptography,
as well as keys used by the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
programs.
The authentication procedures require that both the local
and remote servers share the same key and key identifier for this
purpose, although different keys can be used with different
servers.
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
arguments are 32-bit unsigned
integers with values from 1 to 65,534.
+.PP
.SS Error Codes
The following error codes are reported via the NTP control
and monitoring protocol trap mechanism.
-.TP
-.BR 101
-.Pq bad field format or length
+.TP 7
+.NOP 101
+(bad field format or length)
The packet has invalid version, length or format.
-.TP
-.BR 102
-.Pq bad timestamp
+.TP 7
+.NOP 102
+(bad timestamp)
The packet timestamp is the same or older than the most recent received.
This could be due to a replay or a server clock time step.
-.TP
-.BR 103
-.Pq bad filestamp
+.TP 7
+.NOP 103
+(bad filestamp)
The packet filestamp is the same or older than the most recent received.
This could be due to a replay or a key file generation error.
-.TP
-.BR 104
-.Pq bad or missing public key
+.TP 7
+.NOP 104
+(bad or missing public key)
The public key is missing, has incorrect format or is an unsupported type.
-.TP
-.BR 105
-.Pq unsupported digest type
+.TP 7
+.NOP 105
+(unsupported digest type)
The server requires an unsupported digest/signature scheme.
-.TP
-.BR 106
-.Pq mismatched digest types
+.TP 7
+.NOP 106
+(mismatched digest types)
Not used.
-.TP
-.BR 107
-.Pq bad signature length
+.TP 7
+.NOP 107
+(bad signature length)
The signature length does not match the current public key.
-.TP
-.BR 108
-.Pq signature not verified
+.TP 7
+.NOP 108
+(signature not verified)
The message fails the signature check.
It could be bogus or signed by a
different private key.
-.TP
-.BR 109
-.Pq certificate not verified
+.TP 7
+.NOP 109
+(certificate not verified)
The certificate is invalid or signed with the wrong key.
-.TP
-.BR 110
-.Pq certificate not verified
+.TP 7
+.NOP 110
+(certificate not verified)
The certificate is not yet valid or has expired or the signature could not
be verified.
-.TP
-.BR 111
-.Pq bad or missing cookie
+.TP 7
+.NOP 111
+(bad or missing cookie)
The cookie is missing, corrupted or bogus.
-.TP
-.BR 112
-.Pq bad or missing leapseconds table
+.TP 7
+.NOP 112
+(bad or missing leapseconds table)
The leapseconds table is missing, corrupted or bogus.
-.TP
-.BR 113
-.Pq bad or missing certificate
+.TP 7
+.NOP 113
+(bad or missing certificate)
The certificate is missing, corrupted or bogus.
-.TP
-.BR 114
-.Pq bad or missing identity
+.TP 7
+.NOP 114
+(bad or missing identity)
The identity key is missing, corrupt or bogus.
+.PP
.SH Monitoring Support
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
includes a comprehensive monitoring facility suitable
for continuous, long term recording of server and client
timekeeping performance.
See the
-.Ic statistics
+\f\*[B-Font]statistics\f[]
command below
for a listing and example of each type of statistics currently
supported.
Statistic files are managed using file generation sets
and scripts in the
-.Pa ./scripts
+\fI./scripts\f[]
directory of this distribution.
Using
these facilities and
-.Ux
-.Xr cron 8
+UNIX
+\fCcron\fR(8)\f[]
jobs, the data can be
automatically summarized and archived for retrospective analysis.
.SS Monitoring Commands
-.TP
-.BR Ic statistics Ar name ...
+.TP 7
+.NOP \f\*[B-Font]statistics\f[] \f\*[I-Font]name\f[] \f\*[I-Font]...\f[]
Enables writing of statistics records.
Currently, four kinds of
-\fIname\fR
+\f\*[I-Font]name\f[]
statistics are supported.
-.in +4
-.ti -4
-.IR Cm clockstats
+.RS
+.TP 7
+.NOP \f\*[B-Font]clockstats\f[]
Enables recording of clock driver statistics information.
Each update
received from a clock driver appends a line of the following form to
the file generation set named
-.Cm clockstats :
+\f\*[B-Font]clockstats\f[]:
.br
.in +4
.nf
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the
can be gathered and displayed as well.
See information specific to each
clock for further details.
-.ti -4
-.IR Cm cryptostats
+.TP 7
+.NOP \f\*[B-Font]cryptostats\f[]
This option requires the OpenSSL cryptographic software library.
It
enables recording of cryptographic public key protocol information.
Each message received by the protocol module appends a line of the
following form to the file generation set named
-.Cm cryptostats :
+\f\*[B-Font]cryptostats\f[]:
.br
.in +4
.nf
49213 525.624 127.127.4.1 message
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the peer
address in dotted-quad notation, The final message field includes the
message type and certain ancillary information.
See the
-.Sx Authentication Options
+\fIAuthentication\f[] \fIOptions\f[]
section for further information.
-.ti -4
-.IR Cm loopstats
+.TP 7
+.NOP \f\*[B-Font]loopstats\f[]
Enables recording of loop filter statistics information.
Each
update of the local clock outputs a line of the following form to
the file generation set named
-.Cm loopstats :
+\f\*[B-Font]loopstats\f[]:
.br
.in +4
.nf
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
-.ti -4
-.IR Cm peerstats
+.TP 7
+.NOP \f\*[B-Font]peerstats\f[]
Enables recording of peer statistics information.
This includes
statistics records of all peers of a NTP server and of special
Each valid update appends a
line of the following form to the current element of a file
generation set named
-.Cm peerstats :
+\f\*[B-Font]peerstats\f[]:
.br
.in +4
.nf
48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
described in Appendix A of the NTP specification RFC 1305.
The final four fields show the offset,
delay, dispersion and RMS jitter, all in seconds.
-.ti -4
-.IR Cm rawstats
+.TP 7
+.NOP \f\*[B-Font]rawstats\f[]
Enables recording of raw-timestamp statistics information.
This
includes statistics records of all peers of a NTP server and of
Each NTP message
received from a peer or clock driver appends a line of the
following form to the file generation set named
-.Cm rawstats :
+\f\*[B-Font]rawstats\f[]:
.br
.in +4
.nf
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
The timestamp
values are as received and before processing by the various data
smoothing and mitigation algorithms.
-.ti -4
-.IR Cm sysstats
+.TP 7
+.NOP \f\*[B-Font]sysstats\f[]
Enables recording of ntpd statistics counters on a periodic basis.
Each
hour a line of the following form is appended to the file generation
set named
-.Cm sysstats :
+\f\*[B-Font]sysstats\f[]:
.br
.in +4
.nf
50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The remaining ten fields show
the statistics counter values accumulated since the last generated
line.
-.in +4
-.ti -4
-.IR Time since restart Cm 36000
+.RS
+.TP 7
+.NOP Time since restart \f\*[B-Font]36000\f[]
Time in hours since the system was last rebooted.
-.ti -4
-.IR Packets received Cm 81965
+.TP 7
+.NOP Packets received \f\*[B-Font]81965\f[]
Total number of packets received.
-.ti -4
-.IR Packets processed Cm 0
+.TP 7
+.NOP Packets processed \f\*[B-Font]0\f[]
Number of packets received in response to previous packets sent
-.ti -4
-.IR Current version Cm 9546
+.TP 7
+.NOP Current version \f\*[B-Font]9546\f[]
Number of packets matching the current NTP version.
-.ti -4
-.IR Previous version Cm 56
+.TP 7
+.NOP Previous version \f\*[B-Font]56\f[]
Number of packets matching the previous NTP version.
-.ti -4
-.IR Bad version Cm 71793
+.TP 7
+.NOP Bad version \f\*[B-Font]71793\f[]
Number of packets matching neither NTP version.
-.ti -4
-.IR Access denied Cm 512
+.TP 7
+.NOP Access denied \f\*[B-Font]512\f[]
Number of packets denied access for any reason.
-.ti -4
-.IR Bad length or format Cm 540
+.TP 7
+.NOP Bad length or format \f\*[B-Font]540\f[]
Number of packets with invalid length, format or port number.
-.ti -4
-.IR Bad authentication Cm 10
+.TP 7
+.NOP Bad authentication \f\*[B-Font]10\f[]
Number of packets not verified as authentic.
-.ti -4
-.IR Rate exceeded Cm 147
+.TP 7
+.NOP Rate exceeded \f\*[B-Font]147\f[]
Number of packets discarded due to rate limitation.
-.in -4
-.ti -4
-.IR Cm statsdir Ar directory_path
+.RE
+.TP 7
+.NOP \f\*[B-Font]statsdir\f[] \f\*[I-Font]directory_path\f[]
Indicates the full path of a directory where statistics files
should be created (see below).
This keyword allows
the (otherwise constant)
-.Cm filegen
+\f\*[B-Font]filegen\f[]
filename prefix to be modified for file generation sets, which
is useful for handling statistics logs.
-.ti -4
-.IR Cm filegen Ar name Xo
-[ "\fIfile\fR" "\fIfilename\fR" ]
-[ "\fItype\fR" "\fItypename\fR" ]
-[ "\fIlink\fR" | nolink ]
-[ "\fIenable\fR" | disable ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]filegen\f[] \f\*[I-Font]name\f[] [\f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]] [\f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]] [\f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]] [\f\*[B-Font]enable\f[] | \f\*[B-Font]disable\f[]]
Configures setting of generation file set name.
Generation
file sets provide a means for handling files that are
operations without the risk of disturbing the operation of ntpd.
(Most important: they can be removed to free space for new data
produced.)
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that this command can be sent from the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
program running at a remote location.
-.in +4
-.ti -4
-.IR Cm name
+.RS
+.TP 7
+.NOP \f\*[B-Font]name\f[]
This is the type of the statistics records, as shown in the
-.Cm statistics
+\f\*[B-Font]statistics\f[]
command.
-.ti -4
-.IR Cm file Ar filename
+.TP 7
+.NOP \f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]
This is the file name for the statistics records.
Filenames of set
members are built from three concatenated elements
-\fICm prefix ,\fR
-\fICm filename\fR
+\f\*[B-Font]prefix\f[],
+\f\*[B-Font]filename\f[]
and
-\fICm suffix :\fR
-.in +4
-.ti -4
-.IR Cm prefix
+\f\*[B-Font]suffix\f[]:
+.RS
+.TP 7
+.NOP \f\*[B-Font]prefix\f[]
This is a constant filename path.
It is not subject to
modifications via the
-\fIfilegen\fR
+\f\*[I-Font]filegen\f[]
option.
It is defined by the
server, usually specified as a compile-time constant.
however, be configurable for individual file generation sets
via other commands.
For example, the prefix used with
-\fIloopstats\fR
+\f\*[I-Font]loopstats\f[]
and
-\fIpeerstats\fR
+\f\*[I-Font]peerstats\f[]
generation can be configured using the
-\fIstatsdir\fR
+\f\*[I-Font]statsdir\f[]
option explained above.
-.ti -4
-.IR Cm filename
+.TP 7
+.NOP \f\*[B-Font]filename\f[]
This string is directly concatenated to the prefix mentioned
above (no intervening
-.Ql / ) .
+\[oq]/\[cq]).
This can be modified using
the file argument to the
-\fIfilegen\fR
+\f\*[I-Font]filegen\f[]
statement.
No
-.Pa ..
+\fI..\f[]
elements are
allowed in this component to prevent filenames referring to
parts outside the filesystem hierarchy denoted by
-\fIprefix .\fR
-.ti -4
-.IR Cm suffix
+\f\*[I-Font]prefix\f[].
+.TP 7
+.NOP \f\*[B-Font]suffix\f[]
This part is reflects individual elements of a file set.
It is
generated according to the type of a file set.
-.in -4
-.ti -4
-.IR Cm type Ar typename
+.RE
+.TP 7
+.NOP \f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]
A file generation set is characterized by its type.
The following
types are supported:
-.in +4
-.ti -4
-.IR Cm none
+.RS
+.TP 7
+.NOP \f\*[B-Font]none\f[]
The file set is actually a single plain file.
-.ti -4
-.IR Cm pid
+.TP 7
+.NOP \f\*[B-Font]pid\f[]
One element of file set is used per incarnation of a ntpd
server.
This type does not perform any changes to file set
members during runtime, however it provides an easy way of
separating files belonging to different
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
server incarnations.
The set member filename is built by appending a
-.Ql \&.
+\[oq]\&.\[cq]
to concatenated
-\fIprefix\fR
+\f\*[I-Font]prefix\f[]
and
-\fIfilename\fR
+\f\*[I-Font]filename\f[]
strings, and
appending the decimal representation of the process ID of the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
server process.
-.ti -4
-.IR Cm day
+.TP 7
+.NOP \f\*[B-Font]day\f[]
One file generation set element is created per day.
A day is
defined as the period between 00:00 and 24:00 UTC.
The file set
member suffix consists of a
-.Ql \&.
+\[oq]\&.\[cq]
and a day specification in
the form
-.Cm YYYYMMdd .
-.Cm YYYY
+\f\*[B-Font]YYYYMMdd\f[].
+\f\*[B-Font]YYYY\f[]
is a 4-digit year number (e.g., 1992).
-.Cm MM
+\f\*[B-Font]MM\f[]
is a two digit month number.
-.Cm dd
+\f\*[B-Font]dd\f[]
is a two digit day number.
Thus, all information written at 10 December 1992 would end up
in a file named
-\fIprefix\fR
-\fIfilename Ns .19921210 .\fR
-.ti -4
-.IR Cm week
+\f\*[I-Font]prefix\f[]
+\f\*[I-Font]filename\f[].19921210.
+.TP 7
+.NOP \f\*[B-Font]week\f[]
Any file set member contains data related to a certain week of
a year.
The term week is defined by computing day-of-year
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
filename base: A dot, a 4-digit year number, the letter
-.Cm W ,
+\f\*[B-Font]W\f[],
and a 2-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
-.No . Ns Ar 1992W1 .
-.ti -4
-.IR Cm month
+.NOP. \f\*[I-Font]1992W1\f[].
+.TP 7
+.NOP \f\*[B-Font]month\f[]
One generation file set element is generated per month.
The
file name suffix consists of a dot, a 4-digit year number, and
a 2-digit month.
-.ti -4
-.IR Cm year
+.TP 7
+.NOP \f\*[B-Font]year\f[]
One generation file element is generated per year.
The filename
suffix consists of a dot and a 4 digit year number.
-.ti -4
-.IR Cm age
+.TP 7
+.NOP \f\*[B-Font]age\f[]
This type of file generation sets changes to a new element of
the file set every 24 hours of server operation.
The filename
suffix consists of a dot, the letter
-.Cm a ,
+\f\*[B-Font]a\f[],
and an 8-digit number.
This number is taken to be the number of seconds the server is
running at the start of the corresponding 24-hour period.
Information is only written to a file generation by specifying
-.Cm enable ;
+\f\*[B-Font]enable\f[];
output is prevented by specifying
-.Cm disable .
-.in -4
-.ti -4
-.IR Cm link | nolink
+\f\*[B-Font]disable\f[].
+.RE
+.TP 7
+.NOP \f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]
It is convenient to be able to access the current element of a file
generation set by a fixed name.
This feature is enabled by
specifying
-.Cm link
+\f\*[B-Font]link\f[]
and disabled using
-.Cm nolink .
+\f\*[B-Font]nolink\f[].
If link is specified, a
hard link from the current file set element to a file without
suffix is created.
When there is already a file with this name and
the number of links of this file is one, it is renamed appending a
dot, the letter
-.Cm C ,
+\f\*[B-Font]C\f[],
and the pid of the ntpd server process.
When the
number of links is greater than one, the file is unlinked.
This
allows the current file to be accessed by a constant name.
-.ti -4
-.IR Cm enable \&| Cm disable
+.TP 7
+.NOP \f\*[B-Font]enable\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]disable\f[]
Enables or disables the recording function.
-.in -4
-.in -4
+.RE
+.RE
+.PP
.SH Access Control Support
The
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
daemon implements a general purpose address/mask based restriction
list.
The list contains address/match entries sorted first
last match found defining the restriction flags associated
with the entry.
Additional information and examples can be found in the
-.Qq Notes on Configuring NTP and Setting up a NTP Subnet
+"Notes on Configuring NTP and Setting up a NTP Subnet"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.PP
+\fI/usr/share/doc/ntp\f[]).
+.sp \n(Ppu
+.ne 2
+
The restriction facility was implemented in conformance
with the access policies for the original NSFnet backbone
time servers.
an alternative to the NTP authentication facilities.
Source address based restrictions are easily circumvented
by a determined cracker.
-.PP
+.sp \n(Ppu
+.ne 2
+
Clients can be denied service because they are explicitly
included in the restrict list created by the restrict command
or implicitly as the result of cryptographic or rate limit
to zero and the reference identifier field set to a four-byte
ASCII code.
If the
-.Cm noserve
+\f\*[B-Font]noserve\f[]
or
-.Cm notrust
+\f\*[B-Font]notrust\f[]
flag of the matching restrict list entry is set,
the code is "DENY"; if the
-.Cm limited
+\f\*[B-Font]limited\f[]
flag is set and the rate limit
is exceeded, the code is "RATE".
Finally, if a cryptographic violation occurs, the code is "CRYP".
-.PP
+.sp \n(Ppu
+.ne 2
+
A client receiving a KoD performs a set of sanity checks to
minimize security exposure, then updates the stratum and
reference identifier peer variables, sets the access
happens automatically at the client when the association times out.
It will happen at the server only if the server operator cooperates.
.SS Access Control Commands
-.TP
-.BR Xo Ic discard
-[ "\fIaverage\fR" "\fIavg\fR" ]
-[ "\fIminimum\fR" "\fImin\fR" ]
-[ "\fImonitor\fR" "\fIprob\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]discard\f[] [\f\*[B-Font]average\f[] \f\*[I-Font]avg\f[]] [\f\*[B-Font]minimum\f[] \f\*[I-Font]min\f[]] [\f\*[B-Font]monitor\f[] \f\*[I-Font]prob\f[]]
Set the parameters of the
-.Cm limited
+\f\*[B-Font]limited\f[]
facility which protects the server from
client abuse.
The
-.Cm average
+\f\*[B-Font]average\f[]
subcommand specifies the minimum average packet
spacing, while the
-.Cm minimum
+\f\*[B-Font]minimum\f[]
subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
and a kiss-o'-death packet returned if enabled.
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
for packets that overflow the rate-control window.
-.TP
-.BR Xo Ic restrict address
-[ "\fImask\fR" "\fImask\fR" ]
-[ "\fIflag\fR" ... ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument expressed in
dotted-quad form is the address of a host or network.
Alternatively, the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument can be a valid host DNS name.
The
-\fImask\fR
+\f\*[I-Font]mask\f[]
argument expressed in dotted-quad form defaults to
-.Cm 255.255.255.255 ,
+\f\*[B-Font]255.255.255.255\f[],
meaning that the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
is treated as the address of an individual host.
A default entry (address
-.Cm 0.0.0.0 ,
+\f\*[B-Font]0.0.0.0\f[],
mask
-.Cm 0.0.0.0 )
+\f\*[B-Font]0.0.0.0\f[])
is always included and is always the first entry in the list.
Note that text string
-.Cm default ,
+\f\*[B-Font]default\f[],
with no mask option, may
be used to indicate the default entry.
In the current implementation,
-.Cm flag
+\f\*[B-Font]flag\f[]
always
restricts access, i.e., an entry with no flags indicates that free
access to the server is to be given.
reconfiguration of the server.
One or more of the following flags
may be specified:
-.in +4
-.ti -4
-.IR Cm ignore
+.RS
+.TP 7
+.NOP \f\*[B-Font]ignore\f[]
Deny packets of all kinds, including
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
queries.
-.ti -4
-.IR Cm kod
+.TP 7
+.NOP \f\*[B-Font]kod\f[]
If this flag is set when an access violation occurs, a kiss-o'-death
(KoD) packet is sent.
KoD packets are rate limited to no more than one
per second.
If another KoD packet occurs within one second after the
last one, the packet is dropped.
-.ti -4
-.IR Cm limited
+.TP 7
+.NOP \f\*[B-Font]limited\f[]
Deny service if the packet spacing violates the lower limits specified
in the discard command.
A history of clients is kept using the
monitoring capability of
-.Xr ntpd @NTPD_MS@ .
+\fCntpd\fR(@NTPD_MS@)\f[].
Thus, monitoring is always active as
long as there is a restriction entry with the
-.Cm limited
+\f\*[B-Font]limited\f[]
flag.
-.ti -4
-.IR Cm lowpriotrap
+.TP 7
+.NOP \f\*[B-Font]lowpriotrap\f[]
Declare traps set by matching hosts to be low priority.
The
number of traps a server can maintain is limited (the current limit
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
-.ti -4
-.IR Cm nomodify
+.TP 7
+.NOP \f\*[B-Font]nomodify\f[]
Deny
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
queries which attempt to modify the state of the
server (i.e., run time reconfiguration).
Queries which return
information are permitted.
-.ti -4
-.IR Cm noquery
+.TP 7
+.NOP \f\*[B-Font]noquery\f[]
Deny
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
queries.
Time service is not affected.
-.ti -4
-.IR Cm nopeer
+.TP 7
+.NOP \f\*[B-Font]nopeer\f[]
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
-.ti -4
-.IR Cm noserve
+.TP 7
+.NOP \f\*[B-Font]noserve\f[]
Deny all packets except
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
queries.
-.ti -4
-.IR Cm notrap
+.TP 7
+.NOP \f\*[B-Font]notrap\f[]
Decline to provide mode 6 control message trap service to matching
hosts.
The trap service is a subsystem of the ntpdq control message
protocol which is intended for use by remote event logging programs.
-.ti -4
-.IR Cm notrust
+.TP 7
+.NOP \f\*[B-Font]notrust\f[]
Deny service unless the packet is cryptographically authenticated.
-.ti -4
-.IR Cm ntpport
+.TP 7
+.NOP \f\*[B-Font]ntpport\f[]
This is actually a match algorithm modifier, rather than a
restriction flag.
Its presence causes the restriction entry to be
matched only if the source port in the packet is the standard NTP
UDP port (123).
Both
-.Cm ntpport
+\f\*[B-Font]ntpport\f[]
and
-.Cm non-ntpport
+\f\*[B-Font]non-ntpport\f[]
may
be specified.
The
-.Cm ntpport
+\f\*[B-Font]ntpport\f[]
is considered more specific and
is sorted later in the list.
-.ti -4
-.IR Cm version
+.TP 7
+.NOP \f\*[B-Font]version\f[]
Deny packets that do not match the current NTP version.
-.in -4
-.PP
+.RE
+.sp \n(Ppu
+.ne 2
+
Default restriction list entries with the flags ignore, interface,
ntpport, for each of the local host's interface addresses are
inserted into the table at startup to prevent the server
otherwise unconfigured; no flags are associated
with the default entry (i.e., everything besides your own
NTP server is unrestricted).
+.PP
.SH Automatic NTP Configuration Options
.SS Manycasting
Manycasting is a automatic discovery and configuration paradigm
client associations with some number of the "best"
of the nearby manycast servers, yet automatically reconfigures
to sustain this number of servers should one or another fail.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that the manycasting paradigm does not coincide
with the anycast paradigm described in RFC-1546,
which is designed to find a single server from a clique
of servers providing the same service.
The manycast paradigm is designed to find a plurality
of redundant servers satisfying defined optimality criteria.
-.PP
+.sp \n(Ppu
+.ne 2
+
Manycasting can be used with either symmetric key
or public key cryptography.
The public key infrastructure (PKI)
large key sizes.
It is implemented using the Autokey protocol and
the OpenSSL cryptographic library available from
-.Li http://www.openssl.org/ .
+\f[C]http://www.openssl.org/\f[].
The library can also be used with other NTPv4 modes
as well and is highly recommended, especially for broadcast modes.
-.PP
+.sp \n(Ppu
+.ne 2
+
A persistent manycast client association is configured
using the manycastclient command, which is similar to the
server command but with a multicast (IPv4 class
-.Cm D
+\f\*[B-Font]D\f[]
or IPv6 prefix
-.Cm FF )
+\f\*[B-Font]FF\f[])
group address.
The IANA has designated IPv4 address 224.1.1.1
and IPv6 address FF05::101 (site local) for NTP.
There can be as many manycast client associations
as different group address, each one serving as a template
for a future ephemeral unicast client/server association.
-.PP
+.sp \n(Ppu
+.ne 2
+
Manycast servers configured with the
-.Ic manycastserver
+\f\*[B-Font]manycastserver\f[]
command listen on the specified group address for manycast
client messages.
Note the distinction between manycast client,
to a valid source and operating at a stratum level equal
to or lower than the manycast client, it replies to the
manycast client message with an ordinary unicast server message.
-.PP
+.sp \n(Ppu
+.ne 2
+
The manycast client receiving this message mobilizes
an ephemeral client/server association according to the
matching manycast client template, but only if cryptographically
distance.
The surviving associations then continue
in ordinary client/server mode.
-.PP
+.sp \n(Ppu
+.ne 2
+
The manycast client polling strategy is designed to reduce
as much as possible the volume of manycast client messages
and the effects of implosion due to near-simultaneous
arrival of manycast server messages.
The strategy is determined by the
-.Ic manycastclient ,
-.Ic tos
+\f\*[B-Font]manycastclient\f[],
+\f\*[B-Font]tos\f[]
and
-.Ic ttl
+\f\*[B-Font]ttl\f[]
configuration commands.
The manycast poll interval is
normally eight times the system poll interval,
which starts out at the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
value specified in the
-.Ic manycastclient ,
+\f\*[B-Font]manycastclient\f[],
command and, under normal circumstances, increments to the
-.Cm maxpolll
+\f\*[B-Font]maxpolll\f[]
value specified in this command.
Initially, the TTL is
set at the minimum hops specified by the ttl command.
the maximum hops specified by this command or a sufficient
number client associations have been found.
Further retransmissions use the same TTL.
-.PP
+.sp \n(Ppu
+.ne 2
+
The quality and reliability of the suite of associations
discovered by the manycast client is determined by the NTP
mitigation algorithms and the
-.Cm minclock
+\f\*[B-Font]minclock\f[]
and
-.Cm minsane
+\f\*[B-Font]minsane\f[]
values specified in the
-.Ic tos
+\f\*[B-Font]tos\f[]
configuration command.
At least
-.Cm minsane
+\f\*[B-Font]minsane\f[]
candidate servers must be available and the mitigation
algorithms produce at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
survivors in order to synchronize the clock.
Byzantine agreement principles require at least four
candidates in order to correctly discard a single falseticker.
For legacy purposes,
-.Cm minsane
+\f\*[B-Font]minsane\f[]
defaults to 1 and
-.Cm minclock
+\f\*[B-Font]minclock\f[]
defaults to 3.
For manycast service
-.Cm minsane
+\f\*[B-Font]minsane\f[]
should be explicitly set to 4, assuming at least that
number of servers are available.
-.PP
+.sp \n(Ppu
+.ne 2
+
If at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
servers are found, the manycast poll interval is immediately
set to eight times
-.Cm maxpoll .
+\f\*[B-Font]maxpoll\f[].
If less than
-.Cm minclock
+\f\*[B-Font]minclock\f[]
servers are found when the TTL has reached the maximum hops,
the manycast poll interval is doubled.
For each transmission
after that, the poll interval is doubled again until
reaching the maximum of eight times
-.Cm maxpoll .
+\f\*[B-Font]maxpoll\f[].
Further transmissions use the same poll interval and
TTL values.
Note that while all this is going on,
each client/server association found is operating normally
it the system poll interval.
-.PP
+.sp \n(Ppu
+.ne 2
+
Administratively scoped multicast boundaries are normally
specified by the network router configuration and,
in the case of IPv6, the link/site scope prefix.
By default, the increment for TTL hops is 32 starting
from 31; however, the
-.Ic ttl
+\f\*[B-Font]ttl\f[]
configuration command can be
used to modify the values to match the scope rules.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is often useful to narrow the range of acceptable
servers which can be found by manycast client associations.
Because manycast servers respond only when the client
in TTL range, which is probably not the most common
objective in large networks.
The
-.Ic tos
+\f\*[B-Font]tos\f[]
command can be used to modify this behavior.
Servers with stratum below
-.Cm floor
+\f\*[B-Font]floor\f[]
or above
-.Cm ceiling
+\f\*[B-Font]ceiling\f[]
specified in the
-.Ic tos
+\f\*[B-Font]tos\f[]
command are strongly discouraged during the selection
process; however, these servers may be temporally
accepted if the number of servers within TTL range is
less than
-.Cm minclock .
-.PP
+\f\*[B-Font]minclock\f[].
+.sp \n(Ppu
+.ne 2
+
The above actions occur for each manycast client message,
which repeats at the designated poll interval.
However, once the ephemeral client association is mobilized,
since that would result in a duplicate association.
If during a poll interval the number of client associations
falls below
-.Cm minclock ,
+\f\*[B-Font]minclock\f[],
all manycast client prototype associations are reset
to the initial poll interval and TTL hops and operation
resumes from the beginning.
The result could well be an implosion, either minor or major,
depending on the number of servers in range.
The recommended value for
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
is 12 (4,096 s).
-.PP
+.sp \n(Ppu
+.ne 2
+
It is possible and frequently useful to configure a host
as both manycast client and manycast server.
A number of hosts configured this way and sharing a common
dependent clients.
With two exceptions, all servers
and clients have identical configuration files including both
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
and
-.Ic multicastserver
+\f\*[B-Font]multicastserver\f[]
commands using, for instance, multicast group address
239.1.1.1.
The only exception is that each primary server
configuration file must include commands for the primary
reference source such as a GPS receiver.
-.PP
+.sp \n(Ppu
+.ne 2
+
The remaining configuration files for all secondary
servers and clients have the same contents, except for the
-.Ic tos
+\f\*[B-Font]tos\f[]
command, which is specific for each stratum level.
For stratum 1 and stratum 2 servers, that command is
not necessary.
For stratum 3 and above servers the
-.Cm floor
+\f\*[B-Font]floor\f[]
value is set to the intended stratum number.
Thus, all stratum 3 configuration files are identical,
all stratum 4 files are identical and so forth.
-.PP
+.sp \n(Ppu
+.ne 2
+
Once operations have stabilized in this scenario,
the primary servers will find the primary reference source
and each other, since they both operate at the same
it will continue to operate as a client and other clients
will time out the corresponding association and
re-associate accordingly.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some administrators prefer to avoid running
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
continuously and run either
-.Xr ntpdate 8
+\fCntpdate\fR(8)\f[]
or
-.Xr ntpd @NTPD_MS@
- q
+\fCntpd\fR(@NTPD_MS@)\f[]
+\f\*[B-Font]\-q\f[]
as a cron job.
In either case the servers must be
configured in advance and the program fails if none are
available when the cron job runs.
A really slick
application of manycast is with
-.Xr ntpd @NTPD_MS@
- q .
+\fCntpd\fR(@NTPD_MS@)\f[]
+\f\*[B-Font]\-q\f[].
The program wakes up, scans the local landscape looking
for the usual suspects, selects the best from among
the rascals, sets the clock and then departs.
but the certificates remain in the local cache.
It often happens that several complete signing trails
from the client to the primary servers are collected in this way.
-.PP
+.sp \n(Ppu
+.ne 2
+
About once an hour or less often if the poll interval
exceeds this, the client regenerates the Autokey key list.
This is in general transparent in client/server mode.
the expanding ring shrinks to the minimum and increments
from there while collecting all servers in scope.
.SS Manycast Options
-.TP
-.BR Xo Ic tos
-.Oo
-.Cm ceiling Ar ceiling |
-.Cm cohort { 0 | 1 } |
-.Cm floor Ar floor |
-.Cm minclock Ar minclock |
-.Cm minsane Ar minsane
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
and is most useful in manycast mode.
The variables operate
as follows:
-.in +4
-.ti -4
-.IR Cm ceiling Ar ceiling
+.RS
+.TP 7
+.NOP \f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[]
Peers with strata above
-.Cm ceiling
+\f\*[B-Font]ceiling\f[]
will be discarded if there are at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
peers remaining.
This value defaults to 15, but can be changed
to any number from 1 to 15.
-.ti -4
-.IR Cm cohort Bro 0 | 1 Brc
+.TP 7
+.NOP \f\*[B-Font]cohort\f[] {0 | 1 }
This is a binary flag which enables (0) or disables (1)
manycast server replies to manycast clients with the same
stratum level.
large numbers of clients with the same stratum level
are present.
The default is to enable these replies.
-.ti -4
-.IR Cm floor Ar floor
+.TP 7
+.NOP \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[]
Peers with strata below
-.Cm floor
+\f\*[B-Font]floor\f[]
will be discarded if there are at least
-.Cm minclock
+\f\*[B-Font]minclock\f[]
peers remaining.
This value defaults to 1, but can be changed
to any number from 1 to 15.
-.ti -4
-.IR Cm minclock Ar minclock
+.TP 7
+.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
The clustering algorithm repeatedly casts out outlyer
associations until no more than
-.Cm minclock
+\f\*[B-Font]minclock\f[]
associations remain.
This value defaults to 3,
but can be changed to any number from 1 to the number of
configured sources.
-.ti -4
-.IR Cm minsane Ar minsane
+.TP 7
+.NOP \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]
This is the minimum number of candidates available
to the clock selection algorithm in order to produce
one or more truechimers for the clustering algorithm.
for legacy purposes.
However, according to principles of
Byzantine agreement,
-.Cm minsane
+\f\*[B-Font]minsane\f[]
should be at least 4 in order to detect and discard
a single falseticker.
-.in -4
-.TP
-.BR Cm ttl Ar hop ...
+.RE
+.TP 7
+.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
+.PP
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
Additional information can be found in the pages linked
there, including the
-.Qq Debugging Hints for Reference Clock Drivers
+"Debugging Hints for Reference Clock Drivers"
and
-.Qq How To Write a Reference Clock Driver
+"How To Write a Reference Clock Driver"
pages
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
In addition, support for a PPS
signal is available as described in the
-.Qq Pulse-per-second (PPS) Signal Interfacing
+"Pulse-per-second (PPS) Signal Interfacing"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
Many
drivers support special line discipline/streams modules which can
significantly improve the accuracy using the driver.
These are
described in the
-.Qq Line Disciplines and Streams Drivers
+"Line Disciplines and Streams Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.PP
+\fI/usr/share/doc/ntp\f[]).
+.sp \n(Ppu
+.ne 2
+
A reference clock will generally (though not always) be a radio
timecode receiver which is synchronized to a source of standard
time such as the services offered by the NRC in Canada and NIST and
or the hardware port has not been appropriately configured results
in a scalding remark to the system log file, but is otherwise non
hazardous.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the purposes of configuration,
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
treats
reference clocks in a manner analogous to normal NTP peers as much
as possible.
correct but invalid IP address, in order to distinguish them from
normal NTP peers.
Reference clock addresses are of the form
-.Sm off
-.Li 127.127. Ar t . Ar u ,
-.Sm on
+\f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[],
where
-\fIt\fR
+\f\*[I-Font]t\f[]
is an integer
denoting the clock type and
-\fIu\fR
+\f\*[I-Font]u\f[]
indicates the unit
number in the range 0-3.
While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Ic server
+\f\*[B-Font]server\f[]
command is used to configure a reference
clock, where the
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument in that command
is the clock address.
The
-.Cm key ,
-.Cm version
+\f\*[B-Font]key\f[],
+\f\*[B-Font]version\f[]
and
-.Cm ttl
+\f\*[B-Font]ttl\f[]
options are not used for reference clock support.
The
-.Cm mode
+\f\*[B-Font]mode\f[]
option is added for reference clock support, as
described below.
The
-.Cm prefer
+\f\*[B-Font]prefer\f[]
option can be useful to
persuade the server to cherish a reference clock with somewhat more
enthusiasm than other reference clocks or peers.
Further
information on this option can be found in the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page.
The
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
options have
meaning only for selected clock drivers.
See the individual clock
driver document pages for additional information.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Ic fudge
+\f\*[B-Font]fudge\f[]
command is used to provide additional
information for individual clock drivers and normally follows
immediately after the
-.Ic server
+\f\*[B-Font]server\f[]
command.
The
-\fIaddress\fR
+\f\*[I-Font]address\f[]
argument specifies the clock address.
The
-.Cm refid
+\f\*[B-Font]refid\f[]
and
-.Cm stratum
+\f\*[B-Font]stratum\f[]
options can be used to
override the defaults for the device.
There are two optional
device-dependent time offsets and four flags that can be included
in the
-.Ic fudge
+\f\*[B-Font]fudge\f[]
command as well.
-.PP
+.sp \n(Ppu
+.ne 2
+
The stratum number of a reference clock is by default zero.
Since the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
daemon adds one to the stratum of each
peer, a primary server ordinarily displays an external stratum of
one.
In order to provide engineered backups, it is often useful to
specify the reference clock stratum as greater than zero.
The
-.Cm stratum
+\f\*[B-Font]stratum\f[]
option is used for this purpose.
Also, in cases
involving both a reference clock and a pulse-per-second (PPS)
discipline signal, it is useful to specify the reference clock
identifier as other than the default, depending on the driver.
The
-.Cm refid
+\f\*[B-Font]refid\f[]
option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
-.TP
-.BR Xo Ic server
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-[ "\fIprefer\fR" ]
-[ "\fImode\fR" "\fIint\fR" ]
-[ "\fIminpoll\fR" "\fIint\fR" ]
-[ "\fImaxpoll\fR" "\fIint\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
-.in +4
-.ti -4
-.IR Cm prefer
+.RS
+.TP 7
+.NOP \f\*[B-Font]prefer\f[]
Marks the reference clock as preferred.
All other things being
equal, this host will be chosen for synchronization among a set of
correctly operating hosts.
See the
-.Qq Mitigation Rules and the prefer Keyword
+"Mitigation Rules and the prefer Keyword"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
for further information.
-.ti -4
-.IR Cm mode Ar int
+.TP 7
+.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
Specifies a mode number which is interpreted in a
device-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
drivers.
-.ti -4
-.IR Cm minpoll Ar int
-.ti -4
-.IR Cm maxpoll Ar int
+.TP 7
+.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]
+.TP 7
+.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]
These options specify the minimum and maximum polling interval
for reference clock messages, as a power of 2 in seconds
For
most directly connected reference clocks, both
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
default to 6 (64 s).
For modem reference clocks,
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
defaults to 10 (17.1 m) and
-.Cm maxpoll
+\f\*[B-Font]maxpoll\f[]
defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
-.in -4
-.TP
-.BR Xo Ic fudge
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-[ "\fItime1\fR" "\fIsec\fR" ]
-[ "\fItime2\fR" "\fIsec\fR" ]
-[ "\fIstratum\fR" "\fIint\fR" ]
-[ "\fIrefid\fR" "\fIstring\fR" ]
-[ "\fImode\fR" "\fIint\fR" ]
-[ "\fIflag1\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag2\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag3\fR" "\fI0\fR" \&| "\fI1\fR" ]
-[ "\fIflag4\fR" "\fI0\fR" \&| "\fI1\fR" ]
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]fudge\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]time2\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]]
This command can be used to configure reference clocks in
special ways.
It must immediately follow the
-.Ic server
+\f\*[B-Font]server\f[]
command which configures the driver.
Note that the same capability
is possible at run time using the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
program.
The options are interpreted as
follows:
-.in +4
-.ti -4
-.IR Cm time1 Ar sec
+.RS
+.TP 7
+.NOP \f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]
Specifies a constant to be added to the time offset produced by
the driver, a fixed-point decimal number in seconds.
This is used
radio clock or PPS signal is supported, a special calibration
feature is available.
It takes the form of an argument to the
-.Ic enable
+\f\*[B-Font]enable\f[]
command described in
-.Sx Miscellaneous Options
+\fIMiscellaneous\f[] \fIOptions\f[]
page and operates as described in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.ti -4
-.IR Cm time2 Ar secs
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]time2\f[] \f\*[I-Font]secs\f[]
Specifies a fixed-point decimal number in seconds, which is
interpreted in a driver-dependent way.
See the descriptions of
specific drivers in the
-.Qq Reference Clock Drivers
+"Reference Clock Drivers"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
-.ti -4
-.IR Cm stratum Ar int
+\fI/usr/share/doc/ntp\f[]).
+.TP 7
+.NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
This number overrides the default stratum number
ordinarily assigned by the driver itself, usually zero.
-.ti -4
-.IR Cm refid Ar string
+.TP 7
+.NOP \f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]
Specifies an ASCII string of from one to four characters which
defines the reference identifier used by the driver.
This string
overrides the default identifier ordinarily assigned by the driver
itself.
-.ti -4
-.IR Cm mode Ar int
+.TP 7
+.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]
Specifies a mode number which is interpreted in a
device-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
drivers.
-.ti -4
-.IR Cm flag1 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag2 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag3 Cm 0 \&| Cm 1
-.ti -4
-.IR Cm flag4 Cm 0 \&| Cm 1
+.TP 7
+.NOP \f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
+.TP 7
+.NOP \f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]
These four flags are used for customizing the clock driver.
The
interpretation of these values, and whether they are used at all,
is a function of the particular clock driver.
However, by
convention
-.Cm flag4
+\f\*[B-Font]flag4\f[]
is used to enable recording monitoring
data to the
-.Cm clockstats
+\f\*[B-Font]clockstats\f[]
file configured with the
-.Ic filegen
+\f\*[B-Font]filegen\f[]
command.
Further information on the
-.Ic filegen
+\f\*[B-Font]filegen\f[]
command can be found in
-.Sx Monitoring Options .
-.in -4
+\fIMonitoring\f[] \fIOptions\f[].
+.RE
+.PP
.SH Miscellaneous Options
-.TP
-.BR Ic broadcastdelay Ar seconds
+.TP 7
+.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
to determine the network delay between the local and remote
servers.
number between 0.003 and 0.007 seconds is appropriate.
The default
when this command is not used is 0.004 seconds.
-.TP
-.BR Ic calldelay Ar delay
+.TP 7
+.NOP \f\*[B-Font]calldelay\f[] \f\*[I-Font]delay\f[]
This option controls the delay in seconds between the first and second
packets sent in burst or iburst mode to allow additional time for a modem
or ISDN call to complete.
-.TP
-.BR Ic driftfile Ar driftfile
+.TP 7
+.NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[]
This command specifies the complete path and name of the file used to
record the frequency of the local clock oscillator.
This is the same
operation as the
- f
+\f\*[B-Font]\-f\f[]
command line option.
If the file exists, it is read at
startup in order to set the initial frequency and then updated once per
frequency of zero and creates the file when writing it for the first time.
If this command is not given, the daemon will always start with an initial
frequency of zero.
-.PP
+.sp \n(Ppu
+.ne 2
+
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM).
the current drift value into a temporary file and then renaming
this file to replace the old version.
This implies that
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
must have write permission for the directory the
drift file is located in, and that file system links, symbolic or
otherwise, should be avoided.
-.TP
-.BR Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.TP
-.BR Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
+.TP 7
+.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
Provides a way to enable or disable various server options.
Flags not mentioned are unaffected.
Note that all of these flags
can be controlled remotely using the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility program.
-.in +4
-.ti -4
-.IR Cm auth
+.RS
+.TP 7
+.NOP \f\*[B-Font]auth\f[]
Enables the server to synchronize with unconfigured peers only if the
peer has been correctly authenticated using either public key or
private key cryptography.
The default for this flag is
-.Ic enable .
-.ti -4
-.IR Cm bclient
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]bclient\f[]
Enables the server to listen for a message from a broadcast or
multicast server, as in the
-.Ic multicastclient
+\f\*[B-Font]multicastclient\f[]
command with default
address.
The default for this flag is
-.Ic disable .
-.ti -4
-.IR Cm calibrate
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]calibrate\f[]
Enables the calibrate feature for reference clocks.
The default for
this flag is
-.Ic disable .
-.ti -4
-.IR Cm kernel
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]kernel\f[]
Enables the kernel time discipline, if available.
The default for this
flag is
-.Ic enable
+\f\*[B-Font]enable\f[]
if support is available, otherwise
-.Ic disable .
-.ti -4
-.IR Cm monitor
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]monitor\f[]
Enables the monitoring facility.
See the
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
program
and the
-.Ic monlist
+\f\*[B-Font]monlist\f[]
command or further information.
The
default for this flag is
-.Ic enable .
-.ti -4
-.IR Cm ntp
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]ntp\f[]
Enables time and frequency discipline.
In effect, this switch opens and
closes the feedback loop, which is useful for testing.
The default for
this flag is
-.Ic enable .
-.ti -4
-.IR Cm pps
+\f\*[B-Font]enable\f[].
+.TP 7
+.NOP \f\*[B-Font]pps\f[]
Enables the pulse-per-second (PPS) signal when frequency and time is
disciplined by the precision time kernel modifications.
See the
-.Qq A Kernel Model for Precision Timekeeping
+"A Kernel Model for Precision Timekeeping"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page for further information.
The default for this flag is
-.Ic disable .
-.ti -4
-.IR Cm stats
+\f\*[B-Font]disable\f[].
+.TP 7
+.NOP \f\*[B-Font]stats\f[]
Enables the statistics facility.
See the
-.Sx Monitoring Options
+\fIMonitoring\f[] \fIOptions\f[]
section for further information.
The default for this flag is
-.Ic disable .
-.in -4
-.TP
-.BR Ic includefile Ar includefile
+\f\*[B-Font]disable\f[].
+.RE
+.TP 7
+.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
This command allows additional configuration commands
to be included from a separate file.
Include files may
include file, command processing resumes in the previous
configuration file.
This option is useful for sites that run
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
-.TP
-.BR Ic logconfig Ar configkeyword
+.TP 7
+.NOP \f\*[B-Font]logconfig\f[] \f\*[I-Font]configkeyword\f[]
This command controls the amount and type of output written to
the system
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
facility or the alternate
-.Ic logfile
+\f\*[B-Font]logfile\f[]
log file.
By default, all output is turned on.
All
-\fIconfigkeyword\fR
+\f\*[I-Font]configkeyword\f[]
keywords can be prefixed with
-.Ql = ,
-.Ql +
+\[oq]=\[cq],
+\[oq]+\[cq]
and
-.Ql \- ,
+\[oq]\-\[cq],
where
-.Ql =
+\[oq]=\[cq]
sets the
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
priority mask,
-.Ql +
+\[oq]+\[cq]
adds and
-.Ql \-
+\[oq]\-\[cq]
removes
messages.
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
messages can be controlled in four
classes
-.Po
-.Cm clock ,
-.Cm peer ,
-.Cm sys
-and
-.Cm sync
-.Pc .
+(\f\*[B-Font]clock\f[], \f\*[B-Font]peer\f[], \f\*[B-Font]sys\f[] and \f\*[B-Font]sync\f[]).
Within these classes four types of messages can be
controlled: informational messages
-.Po
-.Cm info
-.Pc ,
+(\f\*[B-Font]info\f[]),
event messages
-.Po
-.Cm events
-.Pc ,
+(\f\*[B-Font]events\f[]),
statistics messages
-.Po
-.Cm statistics
-.Pc
+(\f\*[B-Font]statistics\f[])
and
status messages
-.Po
-.Cm status
-.Pc .
-.PP
+(\f\*[B-Font]status\f[]).
+.sp \n(Ppu
+.ne 2
+
Configuration keywords are formed by concatenating the message class with
the event class.
The
-.Cm all
+\f\*[B-Font]all\f[]
prefix can be used instead of a message class.
A
message class may also be followed by the
-.Cm all
+\f\*[B-Font]all\f[]
keyword to enable/disable all
messages of the respective message class.Thus, a minimal log configuration
could look like this:
logconfig =syncstatus +sysevents
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
This would just list the synchronizations state of
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
and the major system events.
For a simple reference server, the
following minimum message configuration could be useful:
logconfig =syncall +clockall
.in -4
.fi
-.PP
+.sp \n(Ppu
+.ne 2
+
This configuration will list all clock information and
synchronization information.
All other events and messages about
peers, system events and so on is suppressed.
-.TP
-.BR Ic logfile Ar logfile
+.TP 7
+.NOP \f\*[B-Font]logfile\f[] \f\*[I-Font]logfile\f[]
This command specifies the location of an alternate log file to
be used instead of the default system
-.Xr syslog 3
+\fCsyslog\fR(3)\f[]
facility.
This is the same operation as the \-l command line option.
-.TP
-.BR Ic setvar Ar variable Op Cm default
+.TP 7
+.NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]]
This command adds an additional system variable.
These
variables can be used to distribute additional information such as
the access policy.
If the variable of the form
-.Sm off
-.Va name = Ar value
-.Sm on
+\fIname\f[]\fI=\f[]\f\*[I-Font]value\f[]
is followed by the
-.Cm default
+\f\*[B-Font]default\f[]
keyword, the
variable will be listed as part of the default system variables
-.Po
-.Xr ntpq @NTPQ_MS@
-.Ic rv
-command
-.Pc ) .
+(\fCntpq\fR(@NTPQ_MS@)\f[] \f\*[B-Font]rv\f[] command)).
These additional variables serve
informational purposes only.
They are not related to the protocol
other that they can be listed.
The known protocol variables will
always override any variables defined via the
-.Ic setvar
+\f\*[B-Font]setvar\f[]
mechanism.
There are three special variables that contain the names
of all variable of the same group.
The
-.Va sys_var_list
+\fIsys_var_list\f[]
holds
the names of all system variables.
The
-.Va peer_var_list
+\fIpeer_var_list\f[]
holds
the names of all peer variables and the
-.Va clock_var_list
+\fIclock_var_list\f[]
holds the names of the reference clock variables.
-.TP
-.BR Xo Ic tinker
-.Oo
-.Cm allan Ar allan |
-.Cm dispersion Ar dispersion |
-.Cm freq Ar freq |
-.Cm huffpuff Ar huffpuff |
-.Cm panic Ar panic |
-.Cm step Ar srep |
-.Cm stepout Ar stepout
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]srep\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]]
This command can be used to alter several system variables in
very exceptional circumstances.
It should occur in the
for them.
Emphasis added: twisters are on their own and can expect
no help from the support group.
-.PP
+.sp \n(Ppu
+.ne 2
+
The variables operate as follows:
-.in +4
-.ti -4
-.IR Cm allan Ar allan
+.RS
+.TP 7
+.NOP \f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[]
The argument becomes the new value for the minimum Allan
intercept, which is a parameter of the PLL/FLL clock discipline
algorithm.
The value in log2 seconds defaults to 7 (1024 s), which is also the lower
limit.
-.ti -4
-.IR Cm dispersion Ar dispersion
+.TP 7
+.NOP \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[]
The argument becomes the new value for the dispersion increase rate,
normally .000015 s/s.
-.ti -4
-.IR Cm freq Ar freq
+.TP 7
+.NOP \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[]
The argument becomes the initial value of the frequency offset in
parts-per-million.
This overrides the value in the frequency file, if
present, and avoids the initial training state if it is not.
-.ti -4
-.IR Cm huffpuff Ar huffpuff
+.TP 7
+.NOP \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[]
The argument becomes the new value for the experimental
huff-n'-puff filter span, which determines the most recent interval
the algorithm will search for a minimum delay.
There
is no default, since the filter is not enabled unless this command
is given.
-.ti -4
-.IR Cm panic Ar panic
+.TP 7
+.NOP \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[]
The argument is the panic threshold, normally 1000 s.
If set to zero,
the panic sanity check is disabled and a clock offset of any value will
be accepted.
-.ti -4
-.IR Cm step Ar step
+.TP 7
+.NOP \f\*[B-Font]step\f[] \f\*[I-Font]step\f[]
The argument is the step threshold, which by default is 0.128 s.
It can
be set to any positive number in seconds.
Note: The kernel time discipline is
disabled if the step threshold is set to zero or greater than the
default.
-.ti -4
-.IR Cm stepout Ar stepout
+.TP 7
+.NOP \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]
The argument is the stepout timeout, which by default is 900 s.
It can
be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
-.in -4
-.TP
-.BR Xo Ic rlimit
-.Oo
-.Cm memlock Ar Nmegabytes |
-.Cm stacksize Ar N4kPages
-.Cm filenum Ar Nfiledescriptors
-.Oc
-.Xc
-.in +4
-.ti -4
-.IR Cm memlock Ar Nmegabytes
+.RE
+.TP 7
+.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
+.RS
+.TP 7
+.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that can be allocated.
Probably only available under Linux, this option is useful
when dropping root (the
- i
+\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
-.ti -4
-.IR Cm stacksize Ar N4kPages
+.TP 7
+.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
-.ti -4
-.IR Cm filenum Ar Nfiledescriptors
+.TP 7
+.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
-.Fn mlockall
+\fBmlockall\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
-.in -4
-.TP
-.BR Xo Ic trap Ar host_address
-[ "\fIport\fR" "\fIport_number\fR" ]
-[ "\fIinterface\fR" "\fIinterface_address\fR" ]
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
-.PP
+.sp \n(Ppu
+.ne 2
+
The trap receiver will generally log event messages and other
information from the server in a log file.
While such monitor
programs may also request their own trap dynamically, configuring a
trap receiver will ensure that no messages are lost when the server
is started.
-.TP
-.BR Cm hop Ar ...
+.TP 7
+.NOP \f\*[B-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing order, up to 8
values can be specified.
In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
+.PP
.SH "OPTIONS"
.TP
-.BR \-\-help
+.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-\-more-help
+.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
\fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
.fi
.ad
+.TH ntp.conf 5 "22 Dec 2013" "4.2.7p402" "File Formats"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tgaa3K/ag-ihaa2K)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:06:59 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp.conf.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntp.conf\fP ntp.conf
+\- Network Time Protocol (NTP) daemon configuration file format
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
-.TP
-.BR Pa /etc/ntp.conf
+.TP 15
+.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
-.TP
-.BR Pa ntp.keys
+.br
+.ns
+.TP 15
+.NOP \fIntp.keys\f[]
private MD5 keys
-.TP
-.BR Pa ntpkey
+.br
+.ns
+.TP 15
+.NOP \fIntpkey\f[]
RSA private key
-.TP
-.BR Pa ntpkey_ Ns Ar host
+.br
+.ns
+.TP 15
+.NOP \fIntpkey_\f[]\f\*[I-Font]host\f[]
RSA public key
-.TP
-.BR Pa ntp_dh
+.br
+.ns
+.TP 15
+.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
+.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
-.SH "SEE ALSO"
-.Xr ntpd @NTPD_MS@ ,
-.Xr ntpdc @NTPDC_MS@ ,
-.Xr ntpq @NTPQ_MS@
.PP
+.SH "SEE ALSO"
+\fCntpd\fR(@NTPD_MS@)\f[],
+\fCntpdc\fR(@NTPDC_MS@)\f[],
+\fCntpq\fR(@NTPQ_MS@)\f[]
+.sp \n(Ppu
+.ne 2
+
In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 4)
-.%O RFC5905
-.Re
+\fI/usr/share/doc/ntp\f[].
+David L. Mills,
+\fINetwork Time Protocol (Version 4)\fR,
+RFC5905
+.PP
+
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
The syntax checking is not picky; some combinations of
ridiculous and even hilarious options and modes may not be
detected.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Pa ntpkey_ Ns Ar host
+\fIntpkey_\f[]\f\*[I-Font]host\f[]
files are really digital
certificates.
These should be obtained via secure directory
services when they become universally available.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_CONF 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:13 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:20 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-\-help
+.It Fl \-help
Display usage information and exit.
-.It \-\-more\-help
+.It Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP
-.TH ntp.keys 5man "30 Nov 2013" "4.2.7p401" "File Formats"
+.TH ntp.keys 5man "22 Dec 2013" "4.2.7p402" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:30:56 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:05 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP symmetric key file format
+
.\"
.SH NAME
ntp.keys \- NTP symmetric key file format configuration file
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
.SH SYNOPSIS
.B /etc/ntp.keys
.PP
.SH DESCRIPTION
This document describes the format of an NTP symmetric key file.
For a description of the use of this type of file, see the
-.Qq Authentication Support
+"Authentication Support"
section of the
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
page.
-.PP
-.Xr ntpd 8
+.sp \n(Ppu
+.ne 2
+
+\fCntpd\fR(8)\f[]
reads its keys from a file specified using the
- k
+\f\*[B-Font]\-k\f[]
command line option or the
-.Ic keys
+\f\*[B-Font]keys\f[]
statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
may be arbitrarily set in the keys file.
-.PP
+.sp \n(Ppu
+.ne 2
+
The key file uses the same comment conventions
as the configuration file.
Key entries use a fixed format of the form
-.PP
-.D1 Ar keyno type key
-.PP
+.sp \n(Ppu
+.ne 2
+
+.in +4
+\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
+.in -4
+.sp \n(Ppu
+.ne 2
+
where
-\fIkeyno\fR
+\f\*[I-Font]keyno\f[]
is a positive integer (between 1 and 65534),
-\fItype\fR
+\f\*[I-Font]type\f[]
is the message digest algorithm,
and
-\fIkey\fR
+\f\*[I-Font]key\f[]
is the key itself.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
may be given in a format
controlled by the
-\fItype\fR
+\f\*[I-Font]type\f[]
field.
The
-\fItype\fR
-.Li MD5
+\f\*[I-Font]type\f[]
+\f[C]MD5\f[]
is always supported.
If
-.Li ntpd
+\f[C]ntpd\f[]
was built with the OpenSSL library
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
-\fItype\fR
+\f\*[I-Font]type\f[]
must be either
-.Li SHA
+\f[C]SHA\f[]
or
-.Li SHA1 .
-.PP
+\f[C]SHA1\f[].
+.sp \n(Ppu
+.ne 2
+
What follows are some key types, and corresponding formats:
-.PP
-.TP
-.BR Li MD5
+.sp \n(Ppu
+.ne 2
+
+.TP 7
+.NOP \f[C]MD5\f[]
The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
-.Li #
+\f[C]#\f[]
(which is the "start of comment" character).
-.PP
-.TP
-.BR Li SHA
-.TP
-.BR Li SHA1
-.TP
-.BR Li RMD160
+.sp \n(Ppu
+.ne 2
+
+.br
+.ns
+.TP 7
+.NOP \f[C]SHA\f[]
+.br
+.ns
+.TP 7
+.NOP \f[C]SHA1\f[]
+.br
+.ns
+.TP 7
+.NOP \f[C]RMD160\f[]
The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
.PP
+.sp \n(Ppu
+.ne 2
+
Note that the keys used by the
-.Xr ntpq 8
+\fCntpq\fR(8)\f[]
and
-.Xr ntpdc 8
+\fCntpdc\fR(8)\f[]
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH FILES
-.TP
-.BR Pa /etc/ntp.keys
+.TP 14
+.NOP \fI/etc/ntp.keys\f[]
the default name of the configuration file
+.PP
.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpd 1ntpdmdoc ,
-.Xr ntpdate 1ntpdatemdoc ,
-.Xr ntpdc 1ntpdcmdoc ,
-.Xr sntp 1sntpmdoc
+\fCntp.conf\fR(5)\f[],
+\fCntpd\fR(1ntpdmdoc)\f[],
+\fCntpdate\fR(1ntpdatemdoc)\f[],
+\fCntpdc\fR(1ntpdcmdoc)\f[],
+\fCsntp\fR(1sntpmdoc)\f[]
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:17 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:24 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP symmetric key file format
+
.Sh NAME
.Nm ntp.keys
.Nd NTP symmetric key file format
so it is generally appropriate to specify these keys in ASCII format.
.Sh "OPTIONS"
.Bl -tag
-.It \-\-help
+.It Fl \-help
Display usage information and exit.
-.It \-\-more\-help
+.It Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p401 of <code>ntp.keys</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
-.TH ntp.keys 5 "30 Nov 2013" "4.2.7p401" "File Formats"
+.TH ntp.keys 5 "22 Dec 2013" "4.2.7p402" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:30:56 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:05 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP symmetric key file format
+
.\"
.SH NAME
ntp.keys \- NTP symmetric key file format configuration file
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
.SH SYNOPSIS
.B /etc/ntp.keys
.PP
.SH DESCRIPTION
This document describes the format of an NTP symmetric key file.
For a description of the use of this type of file, see the
-.Qq Authentication Support
+"Authentication Support"
section of the
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
page.
-.PP
-.Xr ntpd 8
+.sp \n(Ppu
+.ne 2
+
+\fCntpd\fR(8)\f[]
reads its keys from a file specified using the
- k
+\f\*[B-Font]\-k\f[]
command line option or the
-.Ic keys
+\f\*[B-Font]keys\f[]
statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65534
may be arbitrarily set in the keys file.
-.PP
+.sp \n(Ppu
+.ne 2
+
The key file uses the same comment conventions
as the configuration file.
Key entries use a fixed format of the form
-.PP
-.D1 Ar keyno type key
-.PP
+.sp \n(Ppu
+.ne 2
+
+.in +4
+\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
+.in -4
+.sp \n(Ppu
+.ne 2
+
where
-\fIkeyno\fR
+\f\*[I-Font]keyno\f[]
is a positive integer (between 1 and 65534),
-\fItype\fR
+\f\*[I-Font]type\f[]
is the message digest algorithm,
and
-\fIkey\fR
+\f\*[I-Font]key\f[]
is the key itself.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-\fIkey\fR
+\f\*[I-Font]key\f[]
may be given in a format
controlled by the
-\fItype\fR
+\f\*[I-Font]type\f[]
field.
The
-\fItype\fR
-.Li MD5
+\f\*[I-Font]type\f[]
+\f[C]MD5\f[]
is always supported.
If
-.Li ntpd
+\f[C]ntpd\f[]
was built with the OpenSSL library
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
-\fItype\fR
+\f\*[I-Font]type\f[]
must be either
-.Li SHA
+\f[C]SHA\f[]
or
-.Li SHA1 .
-.PP
+\f[C]SHA1\f[].
+.sp \n(Ppu
+.ne 2
+
What follows are some key types, and corresponding formats:
-.PP
-.TP
-.BR Li MD5
+.sp \n(Ppu
+.ne 2
+
+.TP 7
+.NOP \f[C]MD5\f[]
The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
-.Li #
+\f[C]#\f[]
(which is the "start of comment" character).
-.PP
-.TP
-.BR Li SHA
-.TP
-.BR Li SHA1
-.TP
-.BR Li RMD160
+.sp \n(Ppu
+.ne 2
+
+.br
+.ns
+.TP 7
+.NOP \f[C]SHA\f[]
+.br
+.ns
+.TP 7
+.NOP \f[C]SHA1\f[]
+.br
+.ns
+.TP 7
+.NOP \f[C]RMD160\f[]
The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
.PP
+.sp \n(Ppu
+.ne 2
+
Note that the keys used by the
-.Xr ntpq 8
+\fCntpq\fR(8)\f[]
and
-.Xr ntpdc 8
+\fCntpdc\fR(8)\f[]
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH FILES
-.TP
-.BR Pa /etc/ntp.keys
+.TP 14
+.NOP \fI/etc/ntp.keys\f[]
the default name of the configuration file
+.PP
.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpd @NTPD_MS@ ,
-.Xr ntpdate @NTPDATE_MS@ ,
-.Xr ntpdc @NTPDC_MS@ ,
-.Xr sntp @SNTP_MS@
+\fCntp.conf\fR(5)\f[],
+\fCntpd\fR(@NTPD_MS@)\f[],
+\fCntpdate\fR(@NTPDATE_MS@)\f[],
+\fCntpdc\fR(@NTPDC_MS@)\f[],
+\fCsntp\fR(@SNTP_MS@)\f[]
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:17 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:24 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP symmetric key file format
+
.Sh NAME
.Nm ntp.keys
.Nd NTP symmetric key file format
so it is generally appropriate to specify these keys in ASCII format.
.Sh "OPTIONS"
.Bl -tag
-.It \-\-help
+.It Fl \-help
Display usage information and exit.
-.It \-\-more\-help
+.It Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
This document was derived from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:28:21 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:04:55 PM by AutoGen 5.18.3pre5
* From the definitions ntpd-opts.def
* and the template file options
*
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3011] =
-/* 0 */ "ntpd 4.2.7p401\n"
+/* 0 */ "ntpd 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2778 */ "output version information and exit\0"
/* 2814 */ "version\0"
/* 2822 */ "NTPD\0"
-/* 2827 */ "ntpd - NTP daemon program - Ver. 4.2.7p401\n"
+/* 2827 */ "ntpd - NTP daemon program - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 2960 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2994 */ "\n\0"
-/* 2996 */ "ntpd 4.2.7p401";
+/* 2996 */ "ntpd 4.2.7p402";
/**
* ipv4 option description with
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
- puts(_("ntpd 4.2.7p401\n\
+ puts(_("ntpd 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
- puts(_("ntpd - NTP daemon program - Ver. 4.2.7p401\n\
+ puts(_("ntpd - NTP daemon program - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
- puts(_("ntpd 4.2.7p401"));
+ puts(_("ntpd 4.2.7p402"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:28:19 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:04:53 PM by AutoGen 5.18.3pre5
* From the definitions ntpd-opts.def
* and the template file options
*
/** count of all options for ntpd */
#define OPTION_CT 37
/** ntpd version */
-#define NTPD_VERSION "4.2.7p401"
+#define NTPD_VERSION "4.2.7p402"
/** Full ntpd version text */
-#define NTPD_FULL_VERSION "ntpd 4.2.7p401"
+#define NTPD_FULL_VERSION "ntpd 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpd 1ntpdman "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpd 1ntpdman "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:00 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpd-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IraWmM/ag-VraWlM)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:08 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpd-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpd \- NTP daemon program
+\f\*[B-Font]ntpd\fP
+\- NTP daemon program
.SH SYNOPSIS
-.B ntpd
+\f\*[B-Font]ntpd\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ <server1> ... <serverN> ]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ <server1> ... <serverN> ]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntpd\fP
utility is an operating system daemon which sets
and maintains the system time of day in synchronism with Internet
standard time servers.
but also retains compatibility with
version 3, as defined by RFC-1305, and versions 1
and 2, as defined by RFC-1059 and RFC-1119, respectively.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntpd\fP
utility does most computations in 64-bit floating point
arithmetic and does relatively clumsy 64-bit fixed point operations
only when necessary to preserve the ultimate precision, about 232
While the ultimate precision is not achievable with
ordinary workstations and networks of today, it may be required
with future gigahertz CPU clocks and gigabit LANs.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily,
-.B
+\f\*[B-Font]ntpd\fP
reads the
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
configuration file at startup time in order to determine the
synchronization sources and operating modes.
It is also possible to
be particularly useful when the local host is to be configured as a
broadcast/multicast client, with all peers being determined by
listening to broadcasts at run time.
-.PP
+.sp \n(Ppu
+.ne 2
+
If NetInfo support is built into
-.B ,
+\f\*[B-Font]ntpd\fP,
then
-.B
+\f\*[B-Font]ntpd\fP
will attempt to read its configuration from the
NetInfo if the default
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
file cannot be read and no file is
specified by the
- c
+\f\*[B-Font]\-c\f[]
option.
-.PP
+.sp \n(Ppu
+.ne 2
+
Various internal
-.B
+\f\*[B-Font]ntpd\fP
variables can be displayed and
configuration options altered while the
-.B
+\f\*[B-Font]ntpd\fP
is running
using the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
When
-.B
+\f\*[B-Font]ntpd\fP
starts it looks at the value of
-.Xr umask 2 ,
+\fCumask\fR(2)\f[],
and if zero
-.B
+\f\*[B-Font]ntpd\fP
will set the
-.Xr umask 2
+\fCumask\fR(2)\f[]
to 022.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a ", " \-\-authreq
+.NOP \f\*[B-Font]\-a\f[], \f\*[B-Font]\-\-authreq\f[]
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
multicast client and symmetric passive associations.
This is the default.
.TP
-.BR \-A ", " \-\-authnoreq
+.NOP \f\*[B-Font]\-A\f[], \f\*[B-Font]\-\-authnoreq\f[]
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
multicast client and symmetric passive associations.
This is almost never a good idea.
.TP
-.BR \-b ", " \-\-bcastsync
+.NOP \f\*[B-Font]\-b\f[], \f\*[B-Font]\-\-bcastsync\f[]
Allow us to sync to broadcast servers.
.sp
.TP
-.BR \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-configfile\f[]=\f\*[I-Font]string\f[]
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-f\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-driftfile\f[]=\f\*[I-Font]string\f[]
frequency drift file name.
.sp
The name and path of the frequency file,
\fI/etc/ntp.conf\fP
file.
.TP
-.BR \-g ", " \-\-panicgate
+.NOP \f\*[B-Font]\-g\f[], \f\*[B-Font]\-\-panicgate\f[]
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
\fBtinker\fP
configuration file directive for other options.
.TP
-.BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-jaildir\f[]=\f\*[I-Font]string\f[]
Jail directory.
.sp
Chroot the server to the directory
\fB--enable-clockctl\fP) or Linux (configure with
\fB--enable-linuxcaps\fP) or Solaris (configure with \fB--enable-solarisprivs\fP).
.TP
-.BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
+.NOP \f\*[B-Font]\-I\f[] \f\*[I-Font]iface\f[], \f\*[B-Font]\-\-interface\f[]=\f\*[I-Font]iface\f[]
Listen on an interface name or address.
This option may appear an unlimited number of times.
.sp
This option is deprecated. Please consider using the configuration file
\fBinterface\fP command, which is more versatile.
.TP
-.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-k\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-keyfile\f[]=\f\*[I-Font]string\f[]
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.TP
-.BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-logfile\f[]=\f\*[I-Font]string\f[]
path to the log file.
.sp
Specify the name and path of the log file.
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
-.BR \-L ", " \-\-novirtualips
+.NOP \f\*[B-Font]\-L\f[], \f\*[B-Font]\-\-novirtualips\f[]
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
-.BR \-M ", " \-\-modifymmtimer
+.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-modifymmtimer\f[]
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
.TP
-.BR \-n ", " \-\-nofork
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-nofork\f[]
Do not fork.
This option must not appear in combination with any of the following options:
wait-sync.
.sp
.TP
-.BR \-N ", " \-\-nice
+.NOP \f\*[B-Font]\-N\f[], \f\*[B-Font]\-\-nice\f[]
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBntpd\fP
at the highest priority.
.TP
-.BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-pidfile\f[]=\f\*[I-Font]string\f[]
path to the PID file.
.sp
Specify the name and path of the file used to record
\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.TP
-.BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
+.NOP \f\*[B-Font]\-P\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-priority\f[]=\f\*[I-Font]number\f[]
Process priority.
This option takes an integer number as its argument.
.sp
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
-.BR \-q ", " \-\-quit
+.NOP \f\*[B-Font]\-q\f[], \f\*[B-Font]\-\-quit\f[]
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.TP
-.BR \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
+.NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-propagationdelay\f[]=\f\*[I-Font]string\f[]
Broadcast/propagation delay.
.sp
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
.TP
-.BR \-\-saveconfigquit "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-saveconfigquit\f[]=\f\*[I-Font]string\f[]
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
quit, wait-sync.
equivalent to the given filename and exit. This option was
designed for automated testing.
.TP
-.BR \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-statsdir\f[]=\f\*[I-Font]string\f[]
Statistics file location.
.sp
Specify the directory path for files created by the statistics facility.
\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.TP
-.BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
+.NOP \f\*[B-Font]\-t\f[] \f\*[I-Font]tkey\f[], \f\*[B-Font]\-\-trustedkey\f[]=\f\*[I-Font]tkey\f[]
Trusted key number.
This option may appear an unlimited number of times.
.sp
Add the specified key number to the trusted key list.
.TP
-.BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
+.NOP \f\*[B-Font]\-u\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-user\f[]=\f\*[I-Font]string\f[]
Run as userid (or userid:groupid).
.sp
Specify a user, and optionally a group, to switch to.
\fB--enable-clockctl\fP) or Linux (configure with
\fB--enable-linuxcaps\fP) or Solaris (configure with \fB--enable-solarisprivs\fP).
.TP
-.BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
+.NOP \f\*[B-Font]\-U\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-updateinterval\f[]=\f\*[I-Font]number\f[]
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
.sp
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
.TP
-.BR \-\-var "=\fInvar\fP"
+.NOP \f\*[B-Font]\-\-var\f[]=\f\*[I-Font]nvar\f[]
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-\-dvar "=\fIndvar\fP"
+.NOP \f\*[B-Font]\-\-dvar\f[]=\f\*[I-Font]ndvar\f[]
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
+.NOP \f\*[B-Font]\-w\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-wait\-sync\f[]=\f\*[I-Font]number\f[]
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
nofork, quit, saveconfigquit.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
-.BR \-x ", " \-\-slew
+.NOP \f\*[B-Font]\-x\f[], \f\*[B-Font]\-\-slew\f[]
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.TP
-.BR \-\-usepcc
+.NOP \f\*[B-Font]\-\-usepcc\f[]
Use CPU cycle counter (Windows only).
.sp
Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.TP
-.BR \-\-pccfreq "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-pccfreq\f[]=\f\*[I-Font]string\f[]
Force CPU cycle counter use (Windows only).
.sp
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.BR \-m ", " \-\-mdns
+.NOP \f\*[B-Font]\-m\f[], \f\*[B-Font]\-\-mdns\f[]
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
\fBNTPD_<option-name>\fP or \fBNTPD\fP
.fi
.ad
+.TH ntpd 1ntpdman "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IraWmM/ag-VraWlM)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:08 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpd-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpd\fP ntpd
+\- NTP daemon program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH USAGE
.SS "How NTP Operates"
The
-.B
+\f\*[B-Font]ntpd\fP
utility operates by exchanging messages with
one or more configured servers over a range of designated poll intervals.
When
set.
This initial delay to set the clock
can be safely and dramatically reduced using the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
keyword with the
-.Ic server
+\f\*[B-Font]server\f[]
configuration
command, as described in
-.Xr ntp.conf 5 .
-.PP
+\fCntp.conf\fR(5)\f[].
+.sp \n(Ppu
+.ne 2
+
Most operating systems and hardware of today incorporate a
time-of-year (TOY) chip to maintain the time during periods when
the power is off.
synchronized to a NTP server, the operating system corrects the
chip from time to time.
In the default case, if
-.B
+\f\*[B-Font]ntpd\fP
detects that the time on the host
is more than 1000s from the server time,
-.B
+\f\*[B-Font]ntpd\fP
assumes something must be terribly wrong and the only
reliable action is for the operator to intervene and set the clock
by hand.
(Reasons for this include there is no TOY chip,
or its battery is dead, or that the TOY chip is just of poor quality.)
This causes
-.B
+\f\*[B-Font]ntpd\fP
to exit with a panic message to
the system log.
The
- g
+\f\*[B-Font]\-g\f[]
option overrides this check and the
clock will be set to the server time regardless of the chip time
(up to 68 years in the past or future \(em
However, and to protect against broken hardware, such as when the
CMOS battery fails or the clock counter becomes defective, once the
clock has been set an error greater than 1000s will cause
-.B
+\f\*[B-Font]ntpd\fP
to exit anyway.
-.PP
+.sp \n(Ppu
+.ne 2
+
Under ordinary conditions,
-.B
+\f\*[B-Font]ntpd\fP
adjusts the clock in
small steps so that the timescale is effectively continuous and
without discontinuities.
the synchronization distance, which is equal to one-half the
roundtrip delay plus error budget terms, can become very large.
The
-.B
+\f\*[B-Font]ntpd\fP
algorithms discard sample offsets exceeding 128 ms,
unless the interval during which no sample offset is less than 128
ms exceeds 900s.
In practice this
reduces the false alarm rate where the clock is stepped in error to
a vanishingly low incidence.
-.PP
+.sp \n(Ppu
+.ne 2
+
As the result of this behavior, once the clock has been set it
very rarely strays more than 128 ms even under extreme cases of
network path congestion and jitter.
Sometimes, in particular when
-.B
+\f\*[B-Font]ntpd\fP
is first started without a valid drift file
on a system with a large intrinsic drift
the error might grow to exceed 128 ms,
In some applications, this behavior may be unacceptable.
There are several solutions, however.
If the
- x
+\f\*[B-Font]\-x\f[]
option is included on the command line, the clock will
never be stepped and only slew corrections will be used.
But this choice comes with a cost that
should be carefully explored before deciding to use
the
- x
+\f\*[B-Font]\-x\f[]
option.
The maximum slew rate possible is limited
to 500 parts-per-million (PPM) as a consequence of the correctness
local clock will not be consistent with any other network clock and
the system cannot be used for distributed applications that require
correctly synchronized network time.
-.PP
+.sp \n(Ppu
+.ne 2
+
In spite of the above precautions, sometimes when large
frequency errors are present the resulting time offsets stray
outside the 128-ms range and an eventual step or slew time
If following such a correction the
frequency error is so large that the first sample is outside the
acceptable range,
-.B
+\f\*[B-Font]ntpd\fP
enters the same state as when the
-.Pa ntp.drift
+\fIntp.drift\f[]
file is not present.
The intent of this behavior
is to quickly correct the frequency and restore operation to the
normal tracking mode.
In the most extreme cases
(the host
-.Cm time.ien.it
+\f\*[B-Font]time.ien.it\f[]
comes to mind), there may be occasional
step/slew corrections and subsequent frequency corrections.
It
helps in these cases to use the
-.Cm burst
+\f\*[B-Font]burst\f[]
keyword when
configuring the server, but
ONLY
when you have permission to do so from the owner of the target host.
-.PP
+.sp \n(Ppu
+.ne 2
+
Finally,
in the past many startup scripts would run
-.Xr ntpdate 1ntpdatemdoc
+\fCntpdate\fR(1ntpdatemdoc)\f[]
to get the system clock close to correct before starting
-.Xr ntpd 1ntpdmdoc ,
+\fCntpd\fR(1ntpdmdoc)\f[],
but this was never more than a mediocre hack and is no longer needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
There is a way to start
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
that often addresses all of the problems mentioned above.
.SS "Starting NTP (Best Current Practice)"
First, use the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
option on your
-.Cm server
+\f\*[B-Font]server\f[]
entries.
-.PP
+.sp \n(Ppu
+.ne 2
+
If you can also keep a good
-.Pa ntp.drift
+\fIntp.drift\f[]
file then
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
will effectively "warm-start" and your system's clock will
be stable in under 11 seconds' time.
-.PP
+.sp \n(Ppu
+.ne 2
+
As soon as possible in the startup sequence, start
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
with at least the
- g
+\f\*[B-Font]\-g\f[]
and perhaps the
- N
+\f\*[B-Font]\-N\f[]
options.
Then,
start the rest of your "normal" processes.
This will give
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
as much time as possible to get the system's clock synchronized and stable.
-.PP
+.sp \n(Ppu
+.ne 2
+
Finally,
if you have processes like
-.Cm dovecot
+\f\*[B-Font]dovecot\f[]
or database servers
that require
monotonically-increasing time,
run
-.Xr ntp-wait 1ntp-waitmdoc
+\fCntp-wait\fR(1ntp-waitmdoc)\f[]
as late as possible in the boot sequence
(perhaps with the
- v
+\f\*[B-Font]\-v\f[]
flag)
and after
-.Xr ntp-wait 1ntp-waitmdoc
+\fCntp-wait\fR(1ntp-waitmdoc)\f[]
exits successfully
it is as safe as it will ever be to start any process that require
stable time.
.SS "Frequency Discipline"
The
-.B
+\f\*[B-Font]ntpd\fP
behavior at startup depends on whether the
frequency file, usually
-.Pa ntp.drift ,
+\fIntp.drift\f[],
exists.
This file
contains the latest estimate of clock frequency error.
When the
-.B
+\f\*[B-Font]ntpd\fP
is started and the file does not exist, the
-.B
+\f\*[B-Font]ntpd\fP
enters a special mode designed to quickly adapt to
the particular system clock oscillator time and frequency error.
This takes approximately 15 minutes, after which the time and
frequency are set to nominal values and the
-.B
+\f\*[B-Font]ntpd\fP
enters
normal mode, where the time and frequency are continuously tracked
relative to the server.
After one hour the frequency file is
created and the current frequency offset written to it.
When the
-.B
+\f\*[B-Font]ntpd\fP
is started and the file does exist, the
-.B
+\f\*[B-Font]ntpd\fP
frequency is initialized from the file and enters normal mode
immediately.
After that the current frequency offset is written to
the file at hourly intervals.
.SS "Operating Modes"
The
-.B
+\f\*[B-Font]ntpd\fP
utility can operate in any of several modes, including
symmetric active/passive, client/server broadcast/multicast and
manycast, as described in the
-.Qq Association Management
+"Association Management"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
It normally operates continuously while
monitoring for small changes in frequency and trimming the clock
for the ultimate precision.
This makes it possible to deploy a
fleet of workstations without specifying configuration details
specific to the local environment.
-.PP
+.sp \n(Ppu
+.ne 2
+
By default,
-.B
+\f\*[B-Font]ntpd\fP
runs in continuous mode where each of
possibly several external servers is polled at intervals determined
by an intricate state machine.
In addition, should a server become
unreachable for some time, the poll interval is increased in steps
to 1024s in order to reduce network overhead.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some cases it may not be practical for
-.B
+\f\*[B-Font]ntpd\fP
to run
continuously.
A common workaround has been to run the
-.Xr ntpdate 1ntpdatemdoc
+\fCntpdate\fR(1ntpdatemdoc)\f[]
program from a
-.Xr cron 8
+\fCcron\fR(8)\f[]
job at designated
times.
However, this program does not have the crafted signal
processing, error checking and mitigation algorithms of
-.B .
+\f\*[B-Font]ntpd\fP.
The
- q
+\f\*[B-Font]\-q\f[]
option is intended for this purpose.
Setting this option will cause
-.B
+\f\*[B-Font]ntpd\fP
to exit just after
setting the clock for the first time.
The procedure for initially
setting the clock is the same as in continuous mode; most
applications will probably want to specify the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
keyword with the
-.Ic server
+\f\*[B-Font]server\f[]
configuration command.
With this
keyword a volley of messages are exchanged to groom the data and
couple of minutes, the daemon times out and exits.
After a suitable
period of mourning, the
-.Xr ntpdate 1ntpdatemdoc
+\fCntpdate\fR(1ntpdatemdoc)\f[]
program may be
retired.
-.PP
+.sp \n(Ppu
+.ne 2
+
When kernel support is available to discipline the clock
frequency, which is the case for stock Solaris, Tru64, Linux and
-.Fx ,
+FreeBSD,
a useful feature is available to discipline the clock
frequency.
First,
-.B
+\f\*[B-Font]ntpd\fP
is run in continuous mode with
selected servers in order to measure and record the intrinsic clock
frequency offset in the frequency file.
It may take some hours for
the frequency and offset to settle down.
Then the
-.B
+\f\*[B-Font]ntpd\fP
is
stopped and run in one-time mode as required.
At each startup, the
default minimum of 64 s to the default maximum of 1,024 s.
The
default minimum can be changed with the
-.Ic tinker
-.Cm minpoll
+\f\*[B-Font]tinker\f[]
+\f\*[B-Font]minpoll\f[]
command to a value not less than 16 s.
This value is used for all
configured associations, unless overridden by the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
option on the configuration command.
Note that most device drivers
will not operate properly if the poll interval is less than 64 s
and that the broadcast server and manycast client associations will
also use the default, unless overridden.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some cases involving dial up or toll services, it may be
useful to increase the minimum interval to a few tens of minutes
and maximum interval to a day or so.
s, for example, the capture range is only 31 PPM.
If the intrinsic
error is greater than this, the drift file
-.Pa ntp.drift
+\fIntp.drift\f[]
will
have to be specially tailored to reduce the residual error below
this limit.
many cases the apparent time errors are so large as to exceed the
step threshold and a step correction can occur during and after the
data transfer is in progress.
-.PP
+.sp \n(Ppu
+.ne 2
+
The huff-n'-puff filter is designed to correct the apparent time
offset in these cases.
It depends on knowledge of the propagation
The name of the filter reflects the negative (huff)
and positive (puff) correction, which depends on the sign of the
offset.
-.PP
+.sp \n(Ppu
+.ne 2
+
The filter is activated by the
-.Ic tinker
+\f\*[B-Font]tinker\f[]
command and
-.Cm huffpuff
+\f\*[B-Font]huffpuff\f[]
keyword, as described in
-.Xr ntp.conf 5 .
+\fCntp.conf\fR(5)\f[].
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
-.TP
-.BR Pa /etc/ntp.conf
+.TP 15
+.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
-.TP
-.BR Pa /etc/ntp.drift
+.br
+.ns
+.TP 15
+.NOP \fI/etc/ntp.drift\f[]
the default name of the drift file
-.TP
-.BR Pa /etc/ntp.keys
+.br
+.ns
+.TP 15
+.NOP \fI/etc/ntp.keys\f[]
the default name of the key file
+.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
-.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpdate 1ntpdatemdoc ,
-.Xr ntpdc 1ntpdcmdoc ,
-.Xr ntpq 1ntpqmdoc
.PP
+.SH "SEE ALSO"
+\fCntp.conf\fR(5)\f[],
+\fCntpdate\fR(1ntpdatemdoc)\f[],
+\fCntpdc\fR(1ntpdcmdoc)\f[],
+\fCntpq\fR(1ntpqmdoc)\f[]
+.sp \n(Ppu
+.ne 2
+
In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 1)
-.%O RFC1059
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 2)
-.%O RFC1119
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Rs
-.%A David L. Mills
-.%A J. Martin, Ed.
-.%A J. Burbank
-.%A W. Kasch
-.%T Network Time Protocol Version 4: Protocol and Algorithms Specification
-.%O RFC5905
-.Re
-.Rs
-.%A David L. Mills
-.%A B. Haberman, Ed.
-.%T Network Time Protocol Version 4: Autokey Specification
-.%O RFC5906
-.Re
-.Rs
-.%A H. Gerstung
-.%A C. Elliott
-.%A B. Haberman, Ed.
-.%T Definitions of Managed Objects for Network Time Protocol Version 4: (NTPv4)
-.%O RFC5907
-.Re
-.Rs
-.%A R. Gayraud
-.%A B. Lourdelet
-.%T Network Time Protocol (NTP) Server Option for DHCPv6
-.%O RFC5908
-.Re
+\fI/usr/share/doc/ntp\f[].
+David L. Mills,
+\fINetwork Time Protocol (Version 1)\fR,
+RFC1059
+.PP
+
+David L. Mills,
+\fINetwork Time Protocol (Version 2)\fR,
+RFC1119
+.PP
+
+David L. Mills,
+\fINetwork Time Protocol (Version 3)\fR,
+RFC1305
+.PP
+
+David L. Mills and J. Martin, Ed. and J. Burbank and W. Kasch,
+\fINetwork Time Protocol Version 4: Protocol and Algorithms Specification\fR,
+RFC5905
+.PP
+
+David L. Mills and B. Haberman, Ed.,
+\fINetwork Time Protocol Version 4: Autokey Specification\fR,
+RFC5906
+.PP
+
+H. Gerstung and C. Elliott and B. Haberman, Ed.,
+\fIDefinitions of Managed Objects for Network Time Protocol Version 4: (NTPv4)\fR,
+RFC5907
+.PP
+
+R. Gayraud and B. Lourdelet,
+\fINetwork Time Protocol (NTP) Server Option for DHCPv6\fR,
+RFC5908
+.PP
+
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS
The
-.B
+\f\*[B-Font]ntpd\fP
utility has gotten rather fat.
While not huge, it has gotten
larger than might be desirable for an elevated-priority
-.B
+\f\*[B-Font]ntpd\fP
running on a workstation, particularly since many of
the fancy features which consume the space were designed more with
a busy primary server, rather than a high stratum workstation in
mind.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPD 1ntpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:19 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:25 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ <server1> ... <serverN> ]
.Pp
.Sh DESCRIPTION
to 022.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-a ", " \-\-authreq
+.It Fl a , Fl \-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
Require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is the default.
-.It \-A ", " \-\-authnoreq
+.It Fl A , Fl \-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
Do not require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is almost never a good idea.
-.It \-b ", " \-\-bcastsync
+.It Fl b , Fl \-bcastsync
Allow us to sync to broadcast servers.
.sp
-.It \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
+.It Fl c Ar string , Fl \-configfile Ns = Ns Ar string
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
+.It Fl f Ar string , Fl \-driftfile Ns = Ns Ar string
frequency drift file name.
.sp
The name and path of the frequency file,
configuration specification in the
\fI/etc/ntp.conf\fP
file.
-.It \-g ", " \-\-panicgate
+.It Fl g , Fl \-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
See the
\fBtinker\fP
configuration file directive for other options.
-.It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
+.It Fl i Ar string , Fl \-jaildir Ns = Ns Ar string
Jail directory.
.sp
Chroot the server to the directory
This option is supported under NetBSD (configure with
\fB\-\-enable\-clockctl\fP) or Linux (configure with
\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP).
-.It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
+.It Fl I Ar iface , Fl \-interface Ns = Ns Ar iface
Listen on an interface name or address.
This option may appear an unlimited number of times.
.sp
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
\fBinterface\fP command, which is more versatile.
-.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
+.It Fl k Ar string , Fl \-keyfile Ns = Ns Ar string
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
This is the same operation as the
\fBkeys\fP \fIkeyfile\fP
configuration file directive.
-.It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
+.It Fl l Ar string , Fl \-logfile Ns = Ns Ar string
path to the log file.
.sp
Specify the name and path of the log file.
This is the same operation as the
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
-.It \-L ", " \-\-novirtualips
+.It Fl L , Fl \-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
consider using the configuration file \fBinterface\fP command, which
is more versatile.
-.It \-M ", " \-\-modifymmtimer
+.It Fl M , Fl \-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
-.It \-n ", " \-\-nofork
+.It Fl n , Fl \-nofork
Do not fork.
This option must not appear in combination with any of the following options:
wait\-sync.
.sp
-.It \-N ", " \-\-nice
+.It Fl N , Fl \-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBntpd\fP
at the highest priority.
-.It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
+.It Fl p Ar string , Fl \-pidfile Ns = Ns Ar string
path to the PID file.
.sp
Specify the name and path of the file used to record
This is the same operation as the
\fBpidfile\fP \fIpidfile\fP
configuration file directive.
-.It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
+.It Fl P Ar number , Fl \-priority Ns = Ns Ar number
Process priority.
This option takes an integer number as its argument.
.sp
at the specified
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
-.It \-q ", " \-\-quit
+.It Fl q , Fl \-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait\-sync.
\fB\-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
-.It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
+.It Fl r Ar string , Fl \-propagationdelay Ns = Ns Ar string
Broadcast/propagation delay.
.sp
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
-.It \-\-saveconfigquit "=\fIstring\fP"
+.It Fl \-saveconfigquit Ns = Ns Ar string
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
quit, wait\-sync.
Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
-.It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
+.It Fl s Ar string , Fl \-statsdir Ns = Ns Ar string
Statistics file location.
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
-.It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
+.It Fl t Ar tkey , Fl \-trustedkey Ns = Ns Ar tkey
Trusted key number.
This option may appear an unlimited number of times.
.sp
Add the specified key number to the trusted key list.
-.It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
+.It Fl u Ar string , Fl \-user Ns = Ns Ar string
Run as userid (or userid:groupid).
.sp
Specify a user, and optionally a group, to switch to.
This option is supported under NetBSD (configure with
\fB\-\-enable\-clockctl\fP) or Linux (configure with
\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP).
-.It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
+.It Fl U Ar number , Fl \-updateinterval Ns = Ns Ar number
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
.sp
For systems with routing socket support the scans will be performed shortly after the interface change
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
-.It \-\-var "=\fInvar\fP"
+.It Fl \-var Ns = Ns Ar nvar
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
-.It \-\-dvar "=\fIndvar\fP"
+.It Fl \-dvar Ns = Ns Ar ndvar
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
-.It \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
+.It Fl w Ar number , Fl \-wait\-sync Ns = Ns Ar number
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
nofork, quit, saveconfigquit.
otherwise it is \fBETIMEDOUT\fP.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
-.It \-x ", " \-\-slew
+.It Fl x , Fl \-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
-.It \-\-usepcc
+.It Fl \-usepcc
Use CPU cycle counter (Windows only).
.sp
Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
-.It \-\-pccfreq "=\fIstring\fP"
+.It Fl \-pccfreq Ns = Ns Ar string
Force CPU cycle counter use (Windows only).
.sp
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
-.It \-m ", " \-\-mdns
+.It Fl m , Fl \-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntpd\fP
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
- <p>This document applies to version 4.2.7p401 of <code>ntpd</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p400
+<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p401
Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
-.TH ntpd @NTPD_MS@ "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpd @NTPD_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:00 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpd-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IraWmM/ag-VraWlM)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:08 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpd-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpd \- NTP daemon program
+\f\*[B-Font]ntpd\fP
+\- NTP daemon program
.SH SYNOPSIS
-.B ntpd
+\f\*[B-Font]ntpd\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ <server1> ... <serverN> ]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ <server1> ... <serverN> ]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntpd\fP
utility is an operating system daemon which sets
and maintains the system time of day in synchronism with Internet
standard time servers.
but also retains compatibility with
version 3, as defined by RFC-1305, and versions 1
and 2, as defined by RFC-1059 and RFC-1119, respectively.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntpd\fP
utility does most computations in 64-bit floating point
arithmetic and does relatively clumsy 64-bit fixed point operations
only when necessary to preserve the ultimate precision, about 232
While the ultimate precision is not achievable with
ordinary workstations and networks of today, it may be required
with future gigahertz CPU clocks and gigabit LANs.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily,
-.B
+\f\*[B-Font]ntpd\fP
reads the
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
configuration file at startup time in order to determine the
synchronization sources and operating modes.
It is also possible to
be particularly useful when the local host is to be configured as a
broadcast/multicast client, with all peers being determined by
listening to broadcasts at run time.
-.PP
+.sp \n(Ppu
+.ne 2
+
If NetInfo support is built into
-.B ,
+\f\*[B-Font]ntpd\fP,
then
-.B
+\f\*[B-Font]ntpd\fP
will attempt to read its configuration from the
NetInfo if the default
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
file cannot be read and no file is
specified by the
- c
+\f\*[B-Font]\-c\f[]
option.
-.PP
+.sp \n(Ppu
+.ne 2
+
Various internal
-.B
+\f\*[B-Font]ntpd\fP
variables can be displayed and
configuration options altered while the
-.B
+\f\*[B-Font]ntpd\fP
is running
using the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
When
-.B
+\f\*[B-Font]ntpd\fP
starts it looks at the value of
-.Xr umask 2 ,
+\fCumask\fR(2)\f[],
and if zero
-.B
+\f\*[B-Font]ntpd\fP
will set the
-.Xr umask 2
+\fCumask\fR(2)\f[]
to 022.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a ", " \-\-authreq
+.NOP \f\*[B-Font]\-a\f[], \f\*[B-Font]\-\-authreq\f[]
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
multicast client and symmetric passive associations.
This is the default.
.TP
-.BR \-A ", " \-\-authnoreq
+.NOP \f\*[B-Font]\-A\f[], \f\*[B-Font]\-\-authnoreq\f[]
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
multicast client and symmetric passive associations.
This is almost never a good idea.
.TP
-.BR \-b ", " \-\-bcastsync
+.NOP \f\*[B-Font]\-b\f[], \f\*[B-Font]\-\-bcastsync\f[]
Allow us to sync to broadcast servers.
.sp
.TP
-.BR \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-configfile\f[]=\f\*[I-Font]string\f[]
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-f\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-driftfile\f[]=\f\*[I-Font]string\f[]
frequency drift file name.
.sp
The name and path of the frequency file,
\fI/etc/ntp.conf\fP
file.
.TP
-.BR \-g ", " \-\-panicgate
+.NOP \f\*[B-Font]\-g\f[], \f\*[B-Font]\-\-panicgate\f[]
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
\fBtinker\fP
configuration file directive for other options.
.TP
-.BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-jaildir\f[]=\f\*[I-Font]string\f[]
Jail directory.
.sp
Chroot the server to the directory
\fB--enable-clockctl\fP) or Linux (configure with
\fB--enable-linuxcaps\fP) or Solaris (configure with \fB--enable-solarisprivs\fP).
.TP
-.BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
+.NOP \f\*[B-Font]\-I\f[] \f\*[I-Font]iface\f[], \f\*[B-Font]\-\-interface\f[]=\f\*[I-Font]iface\f[]
Listen on an interface name or address.
This option may appear an unlimited number of times.
.sp
This option is deprecated. Please consider using the configuration file
\fBinterface\fP command, which is more versatile.
.TP
-.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-k\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-keyfile\f[]=\f\*[I-Font]string\f[]
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
\fBkeys\fP \fIkeyfile\fP
configuration file directive.
.TP
-.BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-logfile\f[]=\f\*[I-Font]string\f[]
path to the log file.
.sp
Specify the name and path of the log file.
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
-.BR \-L ", " \-\-novirtualips
+.NOP \f\*[B-Font]\-L\f[], \f\*[B-Font]\-\-novirtualips\f[]
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
-.BR \-M ", " \-\-modifymmtimer
+.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-modifymmtimer\f[]
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
.TP
-.BR \-n ", " \-\-nofork
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-nofork\f[]
Do not fork.
This option must not appear in combination with any of the following options:
wait-sync.
.sp
.TP
-.BR \-N ", " \-\-nice
+.NOP \f\*[B-Font]\-N\f[], \f\*[B-Font]\-\-nice\f[]
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBntpd\fP
at the highest priority.
.TP
-.BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-pidfile\f[]=\f\*[I-Font]string\f[]
path to the PID file.
.sp
Specify the name and path of the file used to record
\fBpidfile\fP \fIpidfile\fP
configuration file directive.
.TP
-.BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
+.NOP \f\*[B-Font]\-P\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-priority\f[]=\f\*[I-Font]number\f[]
Process priority.
This option takes an integer number as its argument.
.sp
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
-.BR \-q ", " \-\-quit
+.NOP \f\*[B-Font]\-q\f[], \f\*[B-Font]\-\-quit\f[]
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
.TP
-.BR \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
+.NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-propagationdelay\f[]=\f\*[I-Font]string\f[]
Broadcast/propagation delay.
.sp
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
.TP
-.BR \-\-saveconfigquit "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-saveconfigquit\f[]=\f\*[I-Font]string\f[]
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
quit, wait-sync.
equivalent to the given filename and exit. This option was
designed for automated testing.
.TP
-.BR \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-statsdir\f[]=\f\*[I-Font]string\f[]
Statistics file location.
.sp
Specify the directory path for files created by the statistics facility.
\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
.TP
-.BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
+.NOP \f\*[B-Font]\-t\f[] \f\*[I-Font]tkey\f[], \f\*[B-Font]\-\-trustedkey\f[]=\f\*[I-Font]tkey\f[]
Trusted key number.
This option may appear an unlimited number of times.
.sp
Add the specified key number to the trusted key list.
.TP
-.BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
+.NOP \f\*[B-Font]\-u\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-user\f[]=\f\*[I-Font]string\f[]
Run as userid (or userid:groupid).
.sp
Specify a user, and optionally a group, to switch to.
\fB--enable-clockctl\fP) or Linux (configure with
\fB--enable-linuxcaps\fP) or Solaris (configure with \fB--enable-solarisprivs\fP).
.TP
-.BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
+.NOP \f\*[B-Font]\-U\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-updateinterval\f[]=\f\*[I-Font]number\f[]
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
.sp
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
.TP
-.BR \-\-var "=\fInvar\fP"
+.NOP \f\*[B-Font]\-\-var\f[]=\f\*[I-Font]nvar\f[]
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-\-dvar "=\fIndvar\fP"
+.NOP \f\*[B-Font]\-\-dvar\f[]=\f\*[I-Font]ndvar\f[]
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
+.NOP \f\*[B-Font]\-w\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-wait\-sync\f[]=\f\*[I-Font]number\f[]
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
nofork, quit, saveconfigquit.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
-.BR \-x ", " \-\-slew
+.NOP \f\*[B-Font]\-x\f[], \f\*[B-Font]\-\-slew\f[]
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
.TP
-.BR \-\-usepcc
+.NOP \f\*[B-Font]\-\-usepcc\f[]
Use CPU cycle counter (Windows only).
.sp
Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
.TP
-.BR \-\-pccfreq "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-pccfreq\f[]=\f\*[I-Font]string\f[]
Force CPU cycle counter use (Windows only).
.sp
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.BR \-m ", " \-\-mdns
+.NOP \f\*[B-Font]\-m\f[], \f\*[B-Font]\-\-mdns\f[]
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
\fBNTPD_<option-name>\fP or \fBNTPD\fP
.fi
.ad
+.TH ntpd @NTPD_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-IraWmM/ag-VraWlM)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:08 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpd-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpd\fP ntpd
+\- NTP daemon program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH USAGE
.SS "How NTP Operates"
The
-.B
+\f\*[B-Font]ntpd\fP
utility operates by exchanging messages with
one or more configured servers over a range of designated poll intervals.
When
set.
This initial delay to set the clock
can be safely and dramatically reduced using the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
keyword with the
-.Ic server
+\f\*[B-Font]server\f[]
configuration
command, as described in
-.Xr ntp.conf 5 .
-.PP
+\fCntp.conf\fR(5)\f[].
+.sp \n(Ppu
+.ne 2
+
Most operating systems and hardware of today incorporate a
time-of-year (TOY) chip to maintain the time during periods when
the power is off.
synchronized to a NTP server, the operating system corrects the
chip from time to time.
In the default case, if
-.B
+\f\*[B-Font]ntpd\fP
detects that the time on the host
is more than 1000s from the server time,
-.B
+\f\*[B-Font]ntpd\fP
assumes something must be terribly wrong and the only
reliable action is for the operator to intervene and set the clock
by hand.
(Reasons for this include there is no TOY chip,
or its battery is dead, or that the TOY chip is just of poor quality.)
This causes
-.B
+\f\*[B-Font]ntpd\fP
to exit with a panic message to
the system log.
The
- g
+\f\*[B-Font]\-g\f[]
option overrides this check and the
clock will be set to the server time regardless of the chip time
(up to 68 years in the past or future \(em
However, and to protect against broken hardware, such as when the
CMOS battery fails or the clock counter becomes defective, once the
clock has been set an error greater than 1000s will cause
-.B
+\f\*[B-Font]ntpd\fP
to exit anyway.
-.PP
+.sp \n(Ppu
+.ne 2
+
Under ordinary conditions,
-.B
+\f\*[B-Font]ntpd\fP
adjusts the clock in
small steps so that the timescale is effectively continuous and
without discontinuities.
the synchronization distance, which is equal to one-half the
roundtrip delay plus error budget terms, can become very large.
The
-.B
+\f\*[B-Font]ntpd\fP
algorithms discard sample offsets exceeding 128 ms,
unless the interval during which no sample offset is less than 128
ms exceeds 900s.
In practice this
reduces the false alarm rate where the clock is stepped in error to
a vanishingly low incidence.
-.PP
+.sp \n(Ppu
+.ne 2
+
As the result of this behavior, once the clock has been set it
very rarely strays more than 128 ms even under extreme cases of
network path congestion and jitter.
Sometimes, in particular when
-.B
+\f\*[B-Font]ntpd\fP
is first started without a valid drift file
on a system with a large intrinsic drift
the error might grow to exceed 128 ms,
In some applications, this behavior may be unacceptable.
There are several solutions, however.
If the
- x
+\f\*[B-Font]\-x\f[]
option is included on the command line, the clock will
never be stepped and only slew corrections will be used.
But this choice comes with a cost that
should be carefully explored before deciding to use
the
- x
+\f\*[B-Font]\-x\f[]
option.
The maximum slew rate possible is limited
to 500 parts-per-million (PPM) as a consequence of the correctness
local clock will not be consistent with any other network clock and
the system cannot be used for distributed applications that require
correctly synchronized network time.
-.PP
+.sp \n(Ppu
+.ne 2
+
In spite of the above precautions, sometimes when large
frequency errors are present the resulting time offsets stray
outside the 128-ms range and an eventual step or slew time
If following such a correction the
frequency error is so large that the first sample is outside the
acceptable range,
-.B
+\f\*[B-Font]ntpd\fP
enters the same state as when the
-.Pa ntp.drift
+\fIntp.drift\f[]
file is not present.
The intent of this behavior
is to quickly correct the frequency and restore operation to the
normal tracking mode.
In the most extreme cases
(the host
-.Cm time.ien.it
+\f\*[B-Font]time.ien.it\f[]
comes to mind), there may be occasional
step/slew corrections and subsequent frequency corrections.
It
helps in these cases to use the
-.Cm burst
+\f\*[B-Font]burst\f[]
keyword when
configuring the server, but
ONLY
when you have permission to do so from the owner of the target host.
-.PP
+.sp \n(Ppu
+.ne 2
+
Finally,
in the past many startup scripts would run
-.Xr ntpdate @NTPDATE_MS@
+\fCntpdate\fR(@NTPDATE_MS@)\f[]
to get the system clock close to correct before starting
-.Xr ntpd @NTPD_MS@ ,
+\fCntpd\fR(@NTPD_MS@)\f[],
but this was never more than a mediocre hack and is no longer needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
There is a way to start
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
that often addresses all of the problems mentioned above.
.SS "Starting NTP (Best Current Practice)"
First, use the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
option on your
-.Cm server
+\f\*[B-Font]server\f[]
entries.
-.PP
+.sp \n(Ppu
+.ne 2
+
If you can also keep a good
-.Pa ntp.drift
+\fIntp.drift\f[]
file then
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
will effectively "warm-start" and your system's clock will
be stable in under 11 seconds' time.
-.PP
+.sp \n(Ppu
+.ne 2
+
As soon as possible in the startup sequence, start
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
with at least the
- g
+\f\*[B-Font]\-g\f[]
and perhaps the
- N
+\f\*[B-Font]\-N\f[]
options.
Then,
start the rest of your "normal" processes.
This will give
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
as much time as possible to get the system's clock synchronized and stable.
-.PP
+.sp \n(Ppu
+.ne 2
+
Finally,
if you have processes like
-.Cm dovecot
+\f\*[B-Font]dovecot\f[]
or database servers
that require
monotonically-increasing time,
run
-.Xr ntp-wait @NTP_WAIT_MS@
+\fCntp-wait\fR(@NTP_WAIT_MS@)\f[]
as late as possible in the boot sequence
(perhaps with the
- v
+\f\*[B-Font]\-v\f[]
flag)
and after
-.Xr ntp-wait @NTP_WAIT_MS@
+\fCntp-wait\fR(@NTP_WAIT_MS@)\f[]
exits successfully
it is as safe as it will ever be to start any process that require
stable time.
.SS "Frequency Discipline"
The
-.B
+\f\*[B-Font]ntpd\fP
behavior at startup depends on whether the
frequency file, usually
-.Pa ntp.drift ,
+\fIntp.drift\f[],
exists.
This file
contains the latest estimate of clock frequency error.
When the
-.B
+\f\*[B-Font]ntpd\fP
is started and the file does not exist, the
-.B
+\f\*[B-Font]ntpd\fP
enters a special mode designed to quickly adapt to
the particular system clock oscillator time and frequency error.
This takes approximately 15 minutes, after which the time and
frequency are set to nominal values and the
-.B
+\f\*[B-Font]ntpd\fP
enters
normal mode, where the time and frequency are continuously tracked
relative to the server.
After one hour the frequency file is
created and the current frequency offset written to it.
When the
-.B
+\f\*[B-Font]ntpd\fP
is started and the file does exist, the
-.B
+\f\*[B-Font]ntpd\fP
frequency is initialized from the file and enters normal mode
immediately.
After that the current frequency offset is written to
the file at hourly intervals.
.SS "Operating Modes"
The
-.B
+\f\*[B-Font]ntpd\fP
utility can operate in any of several modes, including
symmetric active/passive, client/server broadcast/multicast and
manycast, as described in the
-.Qq Association Management
+"Association Management"
page
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp ) .
+\fI/usr/share/doc/ntp\f[]).
It normally operates continuously while
monitoring for small changes in frequency and trimming the clock
for the ultimate precision.
This makes it possible to deploy a
fleet of workstations without specifying configuration details
specific to the local environment.
-.PP
+.sp \n(Ppu
+.ne 2
+
By default,
-.B
+\f\*[B-Font]ntpd\fP
runs in continuous mode where each of
possibly several external servers is polled at intervals determined
by an intricate state machine.
In addition, should a server become
unreachable for some time, the poll interval is increased in steps
to 1024s in order to reduce network overhead.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some cases it may not be practical for
-.B
+\f\*[B-Font]ntpd\fP
to run
continuously.
A common workaround has been to run the
-.Xr ntpdate @NTPDATE_MS@
+\fCntpdate\fR(@NTPDATE_MS@)\f[]
program from a
-.Xr cron 8
+\fCcron\fR(8)\f[]
job at designated
times.
However, this program does not have the crafted signal
processing, error checking and mitigation algorithms of
-.B .
+\f\*[B-Font]ntpd\fP.
The
- q
+\f\*[B-Font]\-q\f[]
option is intended for this purpose.
Setting this option will cause
-.B
+\f\*[B-Font]ntpd\fP
to exit just after
setting the clock for the first time.
The procedure for initially
setting the clock is the same as in continuous mode; most
applications will probably want to specify the
-.Cm iburst
+\f\*[B-Font]iburst\f[]
keyword with the
-.Ic server
+\f\*[B-Font]server\f[]
configuration command.
With this
keyword a volley of messages are exchanged to groom the data and
couple of minutes, the daemon times out and exits.
After a suitable
period of mourning, the
-.Xr ntpdate @NTPDATE_MS@
+\fCntpdate\fR(@NTPDATE_MS@)\f[]
program may be
retired.
-.PP
+.sp \n(Ppu
+.ne 2
+
When kernel support is available to discipline the clock
frequency, which is the case for stock Solaris, Tru64, Linux and
-.Fx ,
+FreeBSD,
a useful feature is available to discipline the clock
frequency.
First,
-.B
+\f\*[B-Font]ntpd\fP
is run in continuous mode with
selected servers in order to measure and record the intrinsic clock
frequency offset in the frequency file.
It may take some hours for
the frequency and offset to settle down.
Then the
-.B
+\f\*[B-Font]ntpd\fP
is
stopped and run in one-time mode as required.
At each startup, the
default minimum of 64 s to the default maximum of 1,024 s.
The
default minimum can be changed with the
-.Ic tinker
-.Cm minpoll
+\f\*[B-Font]tinker\f[]
+\f\*[B-Font]minpoll\f[]
command to a value not less than 16 s.
This value is used for all
configured associations, unless overridden by the
-.Cm minpoll
+\f\*[B-Font]minpoll\f[]
option on the configuration command.
Note that most device drivers
will not operate properly if the poll interval is less than 64 s
and that the broadcast server and manycast client associations will
also use the default, unless overridden.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some cases involving dial up or toll services, it may be
useful to increase the minimum interval to a few tens of minutes
and maximum interval to a day or so.
s, for example, the capture range is only 31 PPM.
If the intrinsic
error is greater than this, the drift file
-.Pa ntp.drift
+\fIntp.drift\f[]
will
have to be specially tailored to reduce the residual error below
this limit.
many cases the apparent time errors are so large as to exceed the
step threshold and a step correction can occur during and after the
data transfer is in progress.
-.PP
+.sp \n(Ppu
+.ne 2
+
The huff-n'-puff filter is designed to correct the apparent time
offset in these cases.
It depends on knowledge of the propagation
The name of the filter reflects the negative (huff)
and positive (puff) correction, which depends on the sign of the
offset.
-.PP
+.sp \n(Ppu
+.ne 2
+
The filter is activated by the
-.Ic tinker
+\f\*[B-Font]tinker\f[]
command and
-.Cm huffpuff
+\f\*[B-Font]huffpuff\f[]
keyword, as described in
-.Xr ntp.conf 5 .
+\fCntp.conf\fR(5)\f[].
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
-.TP
-.BR Pa /etc/ntp.conf
+.TP 15
+.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
-.TP
-.BR Pa /etc/ntp.drift
+.br
+.ns
+.TP 15
+.NOP \fI/etc/ntp.drift\f[]
the default name of the drift file
-.TP
-.BR Pa /etc/ntp.keys
+.br
+.ns
+.TP 15
+.NOP \fI/etc/ntp.keys\f[]
the default name of the key file
+.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
-.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpdate @NTPDATE_MS@ ,
-.Xr ntpdc @NTPDC_MS@ ,
-.Xr ntpq @NTPQ_MS@
.PP
+.SH "SEE ALSO"
+\fCntp.conf\fR(5)\f[],
+\fCntpdate\fR(@NTPDATE_MS@)\f[],
+\fCntpdc\fR(@NTPDC_MS@)\f[],
+\fCntpq\fR(@NTPQ_MS@)\f[]
+.sp \n(Ppu
+.ne 2
+
In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
-.Li http://www.ntp.org/ .
+\f[C]http://www.ntp.org/\f[].
A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 1)
-.%O RFC1059
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 2)
-.%O RFC1119
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Rs
-.%A David L. Mills
-.%A J. Martin, Ed.
-.%A J. Burbank
-.%A W. Kasch
-.%T Network Time Protocol Version 4: Protocol and Algorithms Specification
-.%O RFC5905
-.Re
-.Rs
-.%A David L. Mills
-.%A B. Haberman, Ed.
-.%T Network Time Protocol Version 4: Autokey Specification
-.%O RFC5906
-.Re
-.Rs
-.%A H. Gerstung
-.%A C. Elliott
-.%A B. Haberman, Ed.
-.%T Definitions of Managed Objects for Network Time Protocol Version 4: (NTPv4)
-.%O RFC5907
-.Re
-.Rs
-.%A R. Gayraud
-.%A B. Lourdelet
-.%T Network Time Protocol (NTP) Server Option for DHCPv6
-.%O RFC5908
-.Re
+\fI/usr/share/doc/ntp\f[].
+David L. Mills,
+\fINetwork Time Protocol (Version 1)\fR,
+RFC1059
+.PP
+
+David L. Mills,
+\fINetwork Time Protocol (Version 2)\fR,
+RFC1119
+.PP
+
+David L. Mills,
+\fINetwork Time Protocol (Version 3)\fR,
+RFC1305
+.PP
+
+David L. Mills and J. Martin, Ed. and J. Burbank and W. Kasch,
+\fINetwork Time Protocol Version 4: Protocol and Algorithms Specification\fR,
+RFC5905
+.PP
+
+David L. Mills and B. Haberman, Ed.,
+\fINetwork Time Protocol Version 4: Autokey Specification\fR,
+RFC5906
+.PP
+
+H. Gerstung and C. Elliott and B. Haberman, Ed.,
+\fIDefinitions of Managed Objects for Network Time Protocol Version 4: (NTPv4)\fR,
+RFC5907
+.PP
+
+R. Gayraud and B. Lourdelet,
+\fINetwork Time Protocol (NTP) Server Option for DHCPv6\fR,
+RFC5908
+.PP
+
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS
The
-.B
+\f\*[B-Font]ntpd\fP
utility has gotten rather fat.
While not huge, it has gotten
larger than might be desirable for an elevated-priority
-.B
+\f\*[B-Font]ntpd\fP
running on a workstation, particularly since many of
the fancy features which consume the space were designed more with
a busy primary server, rather than a high stratum workstation in
mind.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPD @NTPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:19 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:25 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ <server1> ... <serverN> ]
.Pp
.Sh DESCRIPTION
to 022.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-a ", " \-\-authreq
+.It Fl a , Fl \-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
Require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is the default.
-.It \-A ", " \-\-authnoreq
+.It Fl A , Fl \-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
Do not require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is almost never a good idea.
-.It \-b ", " \-\-bcastsync
+.It Fl b , Fl \-bcastsync
Allow us to sync to broadcast servers.
.sp
-.It \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
+.It Fl c Ar string , Fl \-configfile Ns = Ns Ar string
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
+.It Fl f Ar string , Fl \-driftfile Ns = Ns Ar string
frequency drift file name.
.sp
The name and path of the frequency file,
configuration specification in the
\fI/etc/ntp.conf\fP
file.
-.It \-g ", " \-\-panicgate
+.It Fl g , Fl \-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
See the
\fBtinker\fP
configuration file directive for other options.
-.It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP
+.It Fl i Ar string , Fl \-jaildir Ns = Ns Ar string
Jail directory.
.sp
Chroot the server to the directory
This option is supported under NetBSD (configure with
\fB\-\-enable\-clockctl\fP) or Linux (configure with
\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP).
-.It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP
+.It Fl I Ar iface , Fl \-interface Ns = Ns Ar iface
Listen on an interface name or address.
This option may appear an unlimited number of times.
.sp
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
\fBinterface\fP command, which is more versatile.
-.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
+.It Fl k Ar string , Fl \-keyfile Ns = Ns Ar string
path to symmetric keys.
.sp
Specify the name and path of the symmetric key file.
This is the same operation as the
\fBkeys\fP \fIkeyfile\fP
configuration file directive.
-.It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP
+.It Fl l Ar string , Fl \-logfile Ns = Ns Ar string
path to the log file.
.sp
Specify the name and path of the log file.
This is the same operation as the
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
-.It \-L ", " \-\-novirtualips
+.It Fl L , Fl \-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
consider using the configuration file \fBinterface\fP command, which
is more versatile.
-.It \-M ", " \-\-modifymmtimer
+.It Fl M , Fl \-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
-.It \-n ", " \-\-nofork
+.It Fl n , Fl \-nofork
Do not fork.
This option must not appear in combination with any of the following options:
wait\-sync.
.sp
-.It \-N ", " \-\-nice
+.It Fl N , Fl \-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBntpd\fP
at the highest priority.
-.It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP
+.It Fl p Ar string , Fl \-pidfile Ns = Ns Ar string
path to the PID file.
.sp
Specify the name and path of the file used to record
This is the same operation as the
\fBpidfile\fP \fIpidfile\fP
configuration file directive.
-.It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP
+.It Fl P Ar number , Fl \-priority Ns = Ns Ar number
Process priority.
This option takes an integer number as its argument.
.sp
at the specified
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
-.It \-q ", " \-\-quit
+.It Fl q , Fl \-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait\-sync.
\fB\-x\fP
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
-.It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP
+.It Fl r Ar string , Fl \-propagationdelay Ns = Ns Ar string
Broadcast/propagation delay.
.sp
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
-.It \-\-saveconfigquit "=\fIstring\fP"
+.It Fl \-saveconfigquit Ns = Ns Ar string
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
quit, wait\-sync.
Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
designed for automated testing.
-.It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP
+.It Fl s Ar string , Fl \-statsdir Ns = Ns Ar string
Statistics file location.
.sp
Specify the directory path for files created by the statistics facility.
This is the same operation as the
\fBstatsdir\fP \fIstatsdir\fP
configuration file directive.
-.It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP
+.It Fl t Ar tkey , Fl \-trustedkey Ns = Ns Ar tkey
Trusted key number.
This option may appear an unlimited number of times.
.sp
Add the specified key number to the trusted key list.
-.It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP
+.It Fl u Ar string , Fl \-user Ns = Ns Ar string
Run as userid (or userid:groupid).
.sp
Specify a user, and optionally a group, to switch to.
This option is supported under NetBSD (configure with
\fB\-\-enable\-clockctl\fP) or Linux (configure with
\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP).
-.It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP
+.It Fl U Ar number , Fl \-updateinterval Ns = Ns Ar number
interval in seconds between scans for new or dropped interfaces.
This option takes an integer number as its argument.
.sp
For systems with routing socket support the scans will be performed shortly after the interface change
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
-.It \-\-var "=\fInvar\fP"
+.It Fl \-var Ns = Ns Ar nvar
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
-.It \-\-dvar "=\fIndvar\fP"
+.It Fl \-dvar Ns = Ns Ar ndvar
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
-.It \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
+.It Fl w Ar number , Fl \-wait\-sync Ns = Ns Ar number
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
nofork, quit, saveconfigquit.
otherwise it is \fBETIMEDOUT\fP.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
-.It \-x ", " \-\-slew
+.It Fl x , Fl \-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
\fBtinker\fP
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
-.It \-\-usepcc
+.It Fl \-usepcc
Use CPU cycle counter (Windows only).
.sp
Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
-.It \-\-pccfreq "=\fIstring\fP"
+.It Fl \-pccfreq Ns = Ns Ar string
Force CPU cycle counter use (Windows only).
.sp
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
-.It \-m ", " \-\-mdns
+.It Fl m , Fl \-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntpd\fP
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:31:46 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:07:53 PM by AutoGen 5.18.3pre5
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
In addition, nearly all the
configuration options which can be specified at startup using
ntpd's configuration file may also be specified at run time using
-@code{ntpdc}.
+@code{ntpdc}
This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpdc} program.
@exampleindent 0
@example
-ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p401
+ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p402
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:31:34 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:07:38 PM by AutoGen 5.18.3pre5
* From the definitions ntpdc-opts.def
* and the template file options
*
* static const strings for ntpdc options
*/
static char const ntpdc_opt_strs[1861] =
-/* 0 */ "ntpdc 4.2.7p401\n"
+/* 0 */ "ntpdc 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1640 */ "no-load-opts\0"
/* 1653 */ "no\0"
/* 1656 */ "NTPDC\0"
-/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p401\n"
+/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1794 */ "$HOME\0"
/* 1800 */ ".\0"
/* 1802 */ ".ntprc\0"
/* 1809 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1843 */ "\n\0"
-/* 1845 */ "ntpdc 4.2.7p401";
+/* 1845 */ "ntpdc 4.2.7p402";
/**
* ipv4 option description with
translate option names.
*/
/* referenced via ntpdcOptions.pzCopyright */
- puts(_("ntpdc 4.2.7p401\n\
+ puts(_("ntpdc 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */
- puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p401\n\
+ puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */
- puts(_("ntpdc 4.2.7p401"));
+ puts(_("ntpdc 4.2.7p402"));
/* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:31:33 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:07:37 PM by AutoGen 5.18.3pre5
* From the definitions ntpdc-opts.def
* and the template file options
*
/** count of all options for ntpdc */
#define OPTION_CT 15
/** ntpdc version */
-#define NTPDC_VERSION "4.2.7p401"
+#define NTPDC_VERSION "4.2.7p402"
/** Full ntpdc version text */
-#define NTPDC_FULL_VERSION "ntpdc 4.2.7p401"
+#define NTPDC_FULL_VERSION "ntpdc 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpdc 1ntpdcman "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpdc 1ntpdcman "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:42 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpdc-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4naGjO/ag-foaGiO)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:49 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpdc-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpdc \- vendor-specific NTPD control program
+\f\*[B-Font]ntpdc\fP
+\- vendor-specific NTPD control program
.SH SYNOPSIS
-.B ntpdc
+\f\*[B-Font]ntpdc\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ host ...]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ host ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]ntpdc\fP
is a utility program used to query
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
about its
current state and to request changes in that state.
It uses NTP mode 7 control message formats described in the source code.
arguments.
Extensive state and statistics information is available
through the
-.B
+\f\*[B-Font]ntpdc\fP
interface.
In addition, nearly all the
configuration options which can be specified at startup using
ntpd's configuration file may also be specified at run time using
-.B .
+\f\*[B-Font]ntpdc\fP.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]cmd\f[], \f\*[B-Font]\-\-command\f[]=\f\*[I-Font]cmd\f[]
run a command and exit.
This option may appear an unlimited number of times.
.sp
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-i ", " \-\-interactive
+.NOP \f\*[B-Font]\-i\f[], \f\*[B-Font]\-\-interactive\f[]
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-l ", " \-\-listpeers
+.NOP \f\*[B-Font]\-l\f[], \f\*[B-Font]\-\-listpeers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
.TP
-.BR \-n ", " \-\-numeric
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-numeric\f[]
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
.TP
-.BR \-p ", " \-\-peers
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-peers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-s ", " \-\-showpeers
+.NOP \f\*[B-Font]\-s\f[], \f\*[B-Font]\-\-showpeers\f[]
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'dmpeers' interactive command.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntpdc 1ntpdcman "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4naGjO/ag-foaGiO)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:49 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpdc-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpdc\fP ntpdc
+\- vendor-specific NTPD control program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH USAGE
If one or more request options are included on the command line
when
-.B
+\f\*[B-Font]ntpdc\fP
is executed, each of the requests will be sent
to the NTP servers running on each of the hosts given as command
line arguments, or on localhost by default.
If no request options
are given,
-.B
+\f\*[B-Font]ntpdc\fP
will attempt to read commands from the
standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost
when no other host is specified.
The
-.B
+\f\*[B-Font]ntpdc\fP
utility will prompt for
commands if the standard input is a terminal device.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntpdc\fP
utility uses NTP mode 7 packets to communicate with the
NTP server, and hence can be used to query any compatible server on
the network which permits it.
this communication will be somewhat unreliable, especially over
large distances in terms of network topology.
The
-.B
+\f\*[B-Font]ntpdc\fP
utility makes
no attempt to retransmit requests, and will time requests out if
the remote host is not heard from within a suitable timeout
time.
-.PP
+.sp \n(Ppu
+.ne 2
+
The operation of
-.B
+\f\*[B-Font]ntpdc\fP
are specific to the particular
implementation of the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
daemon and can be expected to
work only with this and maybe some previous versions of the daemon.
Requests from a remote
-.B
+\f\*[B-Font]ntpdc\fP
utility which affect the
state of the local server must be authenticated, which requires
both the remote program and local server share a common key and key
identifier.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that in contexts where a host name is expected, a
- 4
+\f\*[B-Font]\-4\f[]
qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
while a
- 6
+\f\*[B-Font]\-6\f[]
qualifier forces DNS resolution to the IPv6 namespace.
Specifying a command line option other than
- i
+\f\*[B-Font]\-i\f[]
or
- n
+\f\*[B-Font]\-n\f[]
will cause the specified query (queries) to be sent to
the indicated host(s) immediately.
Otherwise,
-.B
+\f\*[B-Font]ntpdc\fP
will
attempt to read interactive format commands from the standard
input.
The output of a
command is normally sent to the standard output, but optionally the
output of individual commands may be sent to a file by appending a
-.Ql \&> ,
+\[oq]\&>\[cq],
followed by a file name, to the command line.
-.PP
+.sp \n(Ppu
+.ne 2
+
A number of interactive format commands are executed entirely
within the
-.B
+\f\*[B-Font]ntpdc\fP
utility itself and do not result in NTP
mode 7 requests being sent to a server.
These are described
following.
-.TP
-.BR Ic \&? Ar command_keyword
-.TP
-.BR Ic help Ar command_keyword
+.TP 7
+.NOP \f\*[B-Font]\&?\f[] \f\*[I-Font]command_keyword\f[]
+.TP 7
+.NOP \f\*[B-Font]help\f[] \f\*[I-Font]command_keyword\f[]
A
-.Sq Ic \&?
+\[oq]\f\*[B-Font]\&?\f[]\[cq]
will print a list of all the command
keywords known to this incarnation of
-.Nm .
+\f\*[B-Font]ntpdc\fP.
A
-.Sq Ic \&?
+\[oq]\f\*[B-Font]\&?\f[]\[cq]
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
source of information about
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
than this manual
page.
-.TP
-.BR Ic delay Ar milliseconds
+.TP 7
+.NOP \f\*[B-Font]delay\f[] \f\*[I-Font]milliseconds\f[]
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-.TP
-.BR Ic host Ar hostname
+.TP 7
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]hostname\f[]
Set the host to which future queries will be sent.
Hostname may
be either a host name or a numeric address.
-.TP
-.BR Ic hostnames Op Cm yes | Cm no
+.TP 7
+.NOP \f\*[B-Font]hostnames\f[] [\f\*[B-Font]yes\f[] | \f\*[B-Font]no\f[]]
If
-.Cm yes
+\f\*[B-Font]yes\f[]
is specified, host names are printed in
information displays.
If
-.Cm no
+\f\*[B-Font]no\f[]
is specified, numeric
addresses are printed instead.
The default is
-.Cm yes ,
+\f\*[B-Font]yes\f[],
unless
modified using the command line
- n
+\f\*[B-Font]\-n\f[]
switch.
-.TP
-.BR Ic keyid Ar keyid
+.TP 7
+.NOP \f\*[B-Font]keyid\f[] \f\*[I-Font]keyid\f[]
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-.TP
-.BR Ic quit
+.TP 7
+.NOP \f\*[B-Font]quit\f[]
Exit
-.Nm .
-.TP
-.BR Ic passwd
+\f\*[B-Font]ntpdc\fP.
+.TP 7
+.NOP \f\*[B-Font]passwd\f[]
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-.TP
-.BR Ic timeout Ar milliseconds
+.TP 7
+.NOP \f\*[B-Font]timeout\f[] \f\*[I-Font]milliseconds\f[]
Specify a timeout period for responses to server queries.
The
default is about 8000 milliseconds.
Note that since
-.Nm
+\f\*[B-Font]ntpdc\fP
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
+.PP
.SS "Control Message Commands"
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
These are read-only commands
in that they make no modification of the server configuration
state.
-.TP
-.BR Ic listpeers
+.TP 7
+.NOP \f\*[B-Font]listpeers\f[]
Obtains and prints a brief list of the peers for which the
server is maintaining state.
These should include all configured
peer associations as well as those peers whose stratum is such that
they are considered by the server to be possible future
synchronization candidates.
-.TP
-.BR Ic peers
+.TP 7
+.NOP \f\*[B-Font]peers\f[]
Obtains a list of peers for which the server is maintaining
state, along with a summary of that state.
Summary information
peer is unsynchronized), the polling interval, in seconds, the
reachability register, in octal, and the current estimated delay,
offset and dispersion of the peer, all in seconds.
-.PP
+.sp \n(Ppu
+.ne 2
+
The character in the left margin indicates the mode this peer
entry is operating in.
A
-.Ql \&+
+\[oq]\&+\[cq]
denotes symmetric active, a
-.Ql \&-
+\[oq]\&-\[cq]
indicates symmetric passive, a
-.Ql \&=
+\[oq]\&=\[cq]
means the
remote server is being polled in client mode, a
-.Ql \&^
+\[oq]\&^\[cq]
indicates that the server is broadcasting to this address, a
-.Ql \&~
+\[oq]\&~\[cq]
denotes that the remote peer is sending broadcasts and a
-.Ql \&~
+\[oq]\&~\[cq]
denotes that the remote peer is sending broadcasts and a
-.Ql \&*
+\[oq]\&*\[cq]
marks the peer the server is currently synchronizing
to.
-.PP
+.sp \n(Ppu
+.ne 2
+
The contents of the host field may be one of four forms.
It may
be a host name, an IP address, a reference clock implementation
name with its parameter or
-.Fn REFCLK "implementation_number" "parameter" .
+\fBREFCLK\fR()\f[]
On
-.Ic hostnames
-.Cm no
+\f\*[B-Font]hostnames\f[]
+\f\*[B-Font]no\f[]
only IP-addresses
will be displayed.
-.TP
-.BR Ic dmpeers
+.TP 7
+.NOP \f\*[B-Font]dmpeers\f[]
A slightly different peer summary list.
Identical to the output
of the
-.Ic peers
+\f\*[B-Font]peers\f[]
command, except for the character in the
leftmost column.
Characters only appear beside peers which were
included in the final stage of the clock selection algorithm.
A
-.Ql \&.
+\[oq]\&.\[cq]
indicates that this peer was cast off in the falseticker
detection, while a
-.Ql \&+
+\[oq]\&+\[cq]
indicates that the peer made it
through.
A
-.Ql \&*
+\[oq]\&*\[cq]
denotes the peer the server is currently
synchronizing with.
-.TP
-.BR Ic showpeer Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]showpeer\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
Shows a detailed display of the current peer variables for one
or more peers.
Most of these values are described in the NTP
Version 2 specification.
-.TP
-.BR Ic pstats Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]pstats\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
Show per-peer statistic counters associated with the specified
peer(s).
-.TP
-.BR Ic clockinfo Ar clock_peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]clockinfo\f[] \f\*[I-Font]clock_peer_address\f[] [\f\*[I-Font]...\f[]]
Obtain and print information concerning a peer clock.
The
values obtained provide information on the setting of fudge factors
and other clock performance information.
-.TP
-.BR Ic kerninfo
+.TP 7
+.NOP \f\*[B-Font]kerninfo\f[]
Obtain and print kernel phase-lock loop operating parameters.
This information is available only if the kernel has been specially
modified for a precision timekeeping function.
-.TP
-.BR Ic loopinfo Op Cm oneline | Cm multiline
+.TP 7
+.NOP \f\*[B-Font]loopinfo\f[] [\f\*[B-Font]oneline\f[] | \f\*[B-Font]multiline\f[]]
Print the values of selected loop filter variables.
The loop
filter is the part of NTP which deals with adjusting the local
system clock.
The
-.Sq offset
+\[oq]offset\[cq]
is the last offset given to the
loop filter by the packet processing code.
The
-.Sq frequency
+\[oq]frequency\[cq]
is the frequency error of the local clock in parts-per-million
(ppm).
The
-.Sq time_const
+\[oq]time_const\[cq]
controls the stiffness of the
phase-lock loop and thus the speed at which it can adapt to
oscillator drift.
The
-.Sq watchdog timer
+\[oq]watchdog timer\[cq]
value is the number
of seconds which have elapsed since the last sample offset was
given to the loop filter.
The
-.Cm oneline
+\f\*[B-Font]oneline\f[]
and
-.Cm multiline
+\f\*[B-Font]multiline\f[]
options specify the format in which this
information is to be printed, with
-.Cm multiline
+\f\*[B-Font]multiline\f[]
as the
default.
-.TP
-.BR Ic sysinfo
+.TP 7
+.NOP \f\*[B-Font]sysinfo\f[]
Print a variety of system state variables, i.e., state related
to the local server.
All except the last four lines are described
in the NTP Version 3 specification, RFC-1305.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq system flags
+\[oq]system flags\[cq]
show various system flags, some of
which can be set and cleared by the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
configuration commands, respectively.
These are
the
-.Cm auth ,
-.Cm bclient ,
-.Cm monitor ,
-.Cm pll ,
-.Cm pps
+\f\*[B-Font]auth\f[],
+\f\*[B-Font]bclient\f[],
+\f\*[B-Font]monitor\f[],
+\f\*[B-Font]pll\f[],
+\f\*[B-Font]pps\f[]
and
-.Cm stats
+\f\*[B-Font]stats\f[]
flags.
See the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
documentation for the meaning of these flags.
There
are two additional flags which are read only, the
-.Cm kernel_pll
+\f\*[B-Font]kernel_pll\f[]
and
-.Cm kernel_pps .
+\f\*[B-Font]kernel_pps\f[].
These flags indicate
the synchronization status when the precision time kernel
modifications are in use.
The
-.Sq kernel_pll
+\[oq]kernel_pll\[cq]
indicates that
the local clock is being disciplined by the kernel, while the
-.Sq kernel_pps
+\[oq]kernel_pps\[cq]
indicates the kernel discipline is provided by the PPS
signal.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq stability
+\[oq]stability\[cq]
is the residual frequency error remaining
after the system frequency correction is applied and is intended for
maintenance and debugging.
If it remains high for some time after
starting the daemon, something may be wrong with the local clock,
or the value of the kernel variable
-.Va kern.clockrate.tick
+\fIkern.clockrate.tick\f[]
may be
incorrect.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq broadcastdelay
+\[oq]broadcastdelay\[cq]
shows the default broadcast delay,
as set by the
-.Ic broadcastdelay
+\f\*[B-Font]broadcastdelay\f[]
configuration command.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq authdelay
+\[oq]authdelay\[cq]
shows the default authentication delay,
as set by the
-.Ic authdelay
+\f\*[B-Font]authdelay\f[]
configuration command.
-.TP
-.BR Ic sysstats
+.TP 7
+.NOP \f\*[B-Font]sysstats\f[]
Print statistics counters maintained in the protocol
module.
-.TP
-.BR Ic memstats
+.TP 7
+.NOP \f\*[B-Font]memstats\f[]
Print statistics counters related to memory allocation
code.
-.TP
-.BR Ic iostats
+.TP 7
+.NOP \f\*[B-Font]iostats\f[]
Print statistics counters maintained in the input-output
module.
-.TP
-.BR Ic timerstats
+.TP 7
+.NOP \f\*[B-Font]timerstats\f[]
Print statistics counters maintained in the timer/event queue
support code.
-.TP
-.BR Ic reslist
+.TP 7
+.NOP \f\*[B-Font]reslist\f[]
Obtain and print the server's restriction list.
This list is
(usually) printed in sorted order and may help to understand how
the restrictions are applied.
-.TP
-.BR Ic monlist Op Ar version
+.TP 7
+.NOP \f\*[B-Font]monlist\f[] [\f\*[I-Font]version\f[]]
Obtain and print traffic counts collected and maintained by the
monitor facility.
The version number should not normally need to be
specified.
-.TP
-.BR Ic clkbug Ar clock_peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]clkbug\f[] \f\*[I-Font]clock_peer_address\f[] [\f\*[I-Font]...\f[]]
Obtain debugging information for a reference clock driver.
This
information is provided only by some clock drivers and is mostly
undecodable without a copy of the driver source in hand.
+.PP
.SS "Runtime Configuration Requests"
All requests which cause state changes in the server are
authenticated by the server using a configured NTP key (the
key).
The key number and the corresponding key must also be made
known to
-.B .
+\f\*[B-Font]ntpdc\fP.
This can be done using the
-.Ic keyid
+\f\*[B-Font]keyid\f[]
and
-.Ic passwd
+\f\*[B-Font]passwd\f[]
commands, the latter of which will prompt at the terminal for a
password to use as the encryption key.
You will also be prompted
Authentication not only provides verification that
the requester has permission to make such changes, but also gives
an extra degree of protection again transmission errors.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authenticated requests always include a timestamp in the packet
data, which is included in the computation of the authentication
code.
protection of keys and appropriate source address restrictions are
applied, the run time reconfiguration facility should provide an
adequate level of security.
-.PP
+.sp \n(Ppu
+.ne 2
+
The following commands all make authenticated requests.
-.TP
-.BR Xo Ic addpeer Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addpeer\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Add a configured peer association at the given address and
operating in symmetric active mode.
Note that an existing
executed, or may simply be converted to conform to the new
configuration, as appropriate.
If the optional
-\fIkeyid\fR
+\f\*[I-Font]keyid\f[]
is a
nonzero integer, all outgoing packets to the remote server will
have an authentication field attached encrypted with this key.
If
the value is 0 (or not given) no authentication will be done.
The
-\fIversion\fR
+\f\*[I-Font]version\f[]
can be 1, 2 or 3 and defaults to 3.
The
-.Cm prefer
+\f\*[B-Font]prefer\f[]
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
-.TP
-.BR Xo Ic addserver Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addserver\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Identical to the addpeer command, except that the operating
mode is client.
-.TP
-.BR Xo Ic broadcast Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Identical to the addpeer command, except that the operating
mode is broadcast.
In this case a valid key identifier and key are
required.
The
-\fIpeer_address\fR
+\f\*[I-Font]peer_address\f[]
parameter can be the broadcast
address of the local network or a multicast group address assigned
to NTP.
If a multicast address, a multicast-capable kernel is
required.
-.TP
-.BR Ic unconfig Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]unconfig\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
This command causes the configured bit to be removed from the
specified peer(s).
In many cases this will cause the peer
When appropriate, however, the
association may persist in an unconfigured mode if the remote peer
is willing to continue on in this fashion.
-.TP
-.BR Xo Ic fudge Ar peer_address
-[ "\fItime1\fR" ]
-[ "\fItime2\fR" ]
-[ "\fIstratum\fR" ]
-[ "\fIrefid\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]fudge\f[] \f\*[I-Font]peer_address\f[] [\f\*[B-Font]time1\f[]] [\f\*[B-Font]time2\f[]] [\f\*[I-Font]stratum\f[]] [\f\*[I-Font]refid\f[]]
This command provides a way to set certain data for a reference
clock.
See the source listing for further information.
-.TP
-.BR Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.TP
-.BR Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
+.TP 7
+.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
These commands operate in the same way as the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
configuration file commands of
-.Xr ntpd 1ntpdmdoc .
-.in +4
-.ti -4
-.IR Cm auth
+\fCntpd\fR(1ntpdmdoc)\f[].
+.RS
+.TP 7
+.NOP \f\*[B-Font]auth\f[]
Enables the server to synchronize with unconfigured peers only
if the peer has been correctly authenticated using either public key
or private key cryptography.
The default for this flag is enable.
-.ti -4
-.IR Cm bclient
+.TP 7
+.NOP \f\*[B-Font]bclient\f[]
Enables the server to listen for a message from a broadcast or
multicast server, as in the multicastclient command with
default address.
The default for this flag is disable.
-.ti -4
-.IR Cm calibrate
+.TP 7
+.NOP \f\*[B-Font]calibrate\f[]
Enables the calibrate feature for reference clocks.
The default for this flag is disable.
-.ti -4
-.IR Cm kernel
+.TP 7
+.NOP \f\*[B-Font]kernel\f[]
Enables the kernel time discipline, if available.
The default for this flag is enable if support is available, otherwise disable.
-.ti -4
-.IR Cm monitor
+.TP 7
+.NOP \f\*[B-Font]monitor\f[]
Enables the monitoring facility.
See the documentation here about the
-.Cm monlist
+\f\*[B-Font]monlist\f[]
command or further information.
The default for this flag is enable.
-.ti -4
-.IR Cm ntp
+.TP 7
+.NOP \f\*[B-Font]ntp\f[]
Enables time and frequency discipline.
In effect, this switch opens and closes the feedback loop,
which is useful for testing.
The default for this flag is enable.
-.ti -4
-.IR Cm pps
+.TP 7
+.NOP \f\*[B-Font]pps\f[]
Enables the pulse-per-second (PPS) signal when frequency
and time is disciplined by the precision time kernel modifications.
See the
-.Qq A Kernel Model for Precision Timekeeping
+"A Kernel Model for Precision Timekeeping"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page for further information.
The default for this flag is disable.
-.ti -4
-.IR Cm stats
+.TP 7
+.NOP \f\*[B-Font]stats\f[]
Enables the statistics facility.
See the
-.Sx Monitoring Options
+\fIMonitoring\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
for further information.
The default for this flag is disable.
-.in -4
-.TP
-.BR Xo Ic restrict Ar address Ar mask
-\fIflag Oo Ar ... Oc\fR
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]restrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] \f\*[I-Font]flag\f[] [\f\*[I-Font]...\f[]]
This command operates in the same way as the
-.Ic restrict
+\f\*[B-Font]restrict\f[]
configuration file commands of
-.Xr ntpd 1ntpdmdoc .
-.TP
-.BR Xo Ic unrestrict Ar address Ar mask
-\fIflag Oo Ar ... Oc\fR
-.Xc
+\fCntpd\fR(1ntpdmdoc)\f[].
+.TP 7
+.NOP \f\*[B-Font]unrestrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] \f\*[I-Font]flag\f[] [\f\*[I-Font]...\f[]]
Unrestrict the matching entry from the restrict list.
-.TP
-.BR Xo Ic delrestrict Ar address Ar mask
-[ "\fIntpport\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]delrestrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] [\f\*[B-Font]ntpport\f[]]
Delete the matching entry from the restrict list.
-.TP
-.BR Ic readkeys
+.TP 7
+.NOP \f\*[B-Font]readkeys\f[]
Causes the current set of authentication keys to be purged and
a new set to be obtained by rereading the keys file (which must
have been specified in the
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
configuration file).
This
allows encryption keys to be changed without restarting the
server.
-.TP
-.BR Ic trustedkey Ar keyid Oo Ar ... Oc
-.TP
-.BR Ic untrustedkey Ar keyid Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]keyid\f[] [\f\*[I-Font]...\f[]]
+.TP 7
+.NOP \f\*[B-Font]untrustedkey\f[] \f\*[I-Font]keyid\f[] [\f\*[I-Font]...\f[]]
These commands operate in the same way as the
-.Ic trustedkey
+\f\*[B-Font]trustedkey\f[]
and
-.Ic untrustedkey
+\f\*[B-Font]untrustedkey\f[]
configuration file
commands of
-.Xr ntpd 1ntpdmdoc .
-.TP
-.BR Ic authinfo
+\fCntpd\fR(1ntpdmdoc)\f[].
+.TP 7
+.NOP \f\*[B-Font]authinfo\f[]
Returns information concerning the authentication module,
including known keys and counts of encryptions and decryptions
which have been done.
-.TP
-.BR Ic traps
+.TP 7
+.NOP \f\*[B-Font]traps\f[]
Display the traps set in the server.
See the source listing for
further information.
-.TP
-.BR Xo Ic addtrap Ar address
-[ "\fIport\fR" ]
-[ "\fIinterface\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addtrap\f[] \f\*[I-Font]address\f[] [\f\*[I-Font]port\f[]] [\f\*[I-Font]interface\f[]]
Set a trap for asynchronous messages.
See the source listing
for further information.
-.TP
-.BR Xo Ic clrtrap Ar address
-[ "\fIport\fR" ]
-[ "\fIinterface\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]clrtrap\f[] \f\*[I-Font]address\f[] [\f\*[I-Font]port\f[]] [\f\*[I-Font]interface\f[]]
Clear a trap for asynchronous messages.
See the source listing
for further information.
-.TP
-.BR Ic reset
+.TP 7
+.NOP \f\*[B-Font]reset\f[]
Clear the statistics counters in various modules of the server.
See the source listing for further information.
+.PP
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpd 1ntpdmdoc
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
+\fCntp.conf\fR(5)\f[],
+\fCntpd\fR(1ntpdmdoc)\f[]
+David L. Mills,
+\fINetwork Time Protocol (Version 3)\fR,
+RFC1305
+.PP
+
.SH AUTHORS
The formatting directives in this document came from FreeBSD.
.SH "COPYRIGHT"
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS
The
-.B
+\f\*[B-Font]ntpdc\fP
utility is a crude hack.
Much of the information it shows is
deadly boring and could only be loved by its implementer.
to hack in, at great expense to the program's ease of use.
Despite
this, the program is occasionally useful.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please report bugs to http://bugs.ntp.org .
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH "NOTES"
This manual page was \fIAutoGen\fP-erated from the \fBntpdc\fP
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPDC 1ntpdcmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:49 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:56 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ host ...]
.Pp
.Sh DESCRIPTION
.Nm .
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd
run a command and exit.
This option may appear an unlimited number of times.
.sp
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-i ", " \-\-interactive
+.It Fl i , Fl \-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-l ", " \-\-listpeers
+.It Fl l , Fl \-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
-.It \-n ", " \-\-numeric
+.It Fl n , Fl \-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
converting to the canonical host names.
-.It \-p ", " \-\-peers
+.It Fl p , Fl \-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-s ", " \-\-showpeers
+.It Fl s , Fl \-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'dmpeers' interactive command.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p401 of <code>ntpdc</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
In addition, nearly all the
configuration options which can be specified at startup using
ntpd's configuration file may also be specified at run time using
-<code>ntpdc</code>.
+<code>ntpdc</code>
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpdc</code> program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p401
+<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p402
Usage: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
-.TH ntpdc @NTPDC_MS@ "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpdc @NTPDC_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:42 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpdc-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4naGjO/ag-foaGiO)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:49 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpdc-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpdc \- vendor-specific NTPD control program
+\f\*[B-Font]ntpdc\fP
+\- vendor-specific NTPD control program
.SH SYNOPSIS
-.B ntpdc
+\f\*[B-Font]ntpdc\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ host ...]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ host ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]ntpdc\fP
is a utility program used to query
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
about its
current state and to request changes in that state.
It uses NTP mode 7 control message formats described in the source code.
arguments.
Extensive state and statistics information is available
through the
-.B
+\f\*[B-Font]ntpdc\fP
interface.
In addition, nearly all the
configuration options which can be specified at startup using
ntpd's configuration file may also be specified at run time using
-.B .
+\f\*[B-Font]ntpdc\fP.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]cmd\f[], \f\*[B-Font]\-\-command\f[]=\f\*[I-Font]cmd\f[]
run a command and exit.
This option may appear an unlimited number of times.
.sp
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-i ", " \-\-interactive
+.NOP \f\*[B-Font]\-i\f[], \f\*[B-Font]\-\-interactive\f[]
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-l ", " \-\-listpeers
+.NOP \f\*[B-Font]\-l\f[], \f\*[B-Font]\-\-listpeers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
.TP
-.BR \-n ", " \-\-numeric
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-numeric\f[]
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
.TP
-.BR \-p ", " \-\-peers
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-peers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-s ", " \-\-showpeers
+.NOP \f\*[B-Font]\-s\f[], \f\*[B-Font]\-\-showpeers\f[]
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'dmpeers' interactive command.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntpdc @NTPDC_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4naGjO/ag-foaGiO)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:49 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpdc-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpdc\fP ntpdc
+\- vendor-specific NTPD control program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH USAGE
If one or more request options are included on the command line
when
-.B
+\f\*[B-Font]ntpdc\fP
is executed, each of the requests will be sent
to the NTP servers running on each of the hosts given as command
line arguments, or on localhost by default.
If no request options
are given,
-.B
+\f\*[B-Font]ntpdc\fP
will attempt to read commands from the
standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost
when no other host is specified.
The
-.B
+\f\*[B-Font]ntpdc\fP
utility will prompt for
commands if the standard input is a terminal device.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntpdc\fP
utility uses NTP mode 7 packets to communicate with the
NTP server, and hence can be used to query any compatible server on
the network which permits it.
this communication will be somewhat unreliable, especially over
large distances in terms of network topology.
The
-.B
+\f\*[B-Font]ntpdc\fP
utility makes
no attempt to retransmit requests, and will time requests out if
the remote host is not heard from within a suitable timeout
time.
-.PP
+.sp \n(Ppu
+.ne 2
+
The operation of
-.B
+\f\*[B-Font]ntpdc\fP
are specific to the particular
implementation of the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
daemon and can be expected to
work only with this and maybe some previous versions of the daemon.
Requests from a remote
-.B
+\f\*[B-Font]ntpdc\fP
utility which affect the
state of the local server must be authenticated, which requires
both the remote program and local server share a common key and key
identifier.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that in contexts where a host name is expected, a
- 4
+\f\*[B-Font]\-4\f[]
qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
while a
- 6
+\f\*[B-Font]\-6\f[]
qualifier forces DNS resolution to the IPv6 namespace.
Specifying a command line option other than
- i
+\f\*[B-Font]\-i\f[]
or
- n
+\f\*[B-Font]\-n\f[]
will cause the specified query (queries) to be sent to
the indicated host(s) immediately.
Otherwise,
-.B
+\f\*[B-Font]ntpdc\fP
will
attempt to read interactive format commands from the standard
input.
The output of a
command is normally sent to the standard output, but optionally the
output of individual commands may be sent to a file by appending a
-.Ql \&> ,
+\[oq]\&>\[cq],
followed by a file name, to the command line.
-.PP
+.sp \n(Ppu
+.ne 2
+
A number of interactive format commands are executed entirely
within the
-.B
+\f\*[B-Font]ntpdc\fP
utility itself and do not result in NTP
mode 7 requests being sent to a server.
These are described
following.
-.TP
-.BR Ic \&? Ar command_keyword
-.TP
-.BR Ic help Ar command_keyword
+.TP 7
+.NOP \f\*[B-Font]\&?\f[] \f\*[I-Font]command_keyword\f[]
+.TP 7
+.NOP \f\*[B-Font]help\f[] \f\*[I-Font]command_keyword\f[]
A
-.Sq Ic \&?
+\[oq]\f\*[B-Font]\&?\f[]\[cq]
will print a list of all the command
keywords known to this incarnation of
-.Nm .
+\f\*[B-Font]ntpdc\fP.
A
-.Sq Ic \&?
+\[oq]\f\*[B-Font]\&?\f[]\[cq]
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
source of information about
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
than this manual
page.
-.TP
-.BR Ic delay Ar milliseconds
+.TP 7
+.NOP \f\*[B-Font]delay\f[] \f\*[I-Font]milliseconds\f[]
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-.TP
-.BR Ic host Ar hostname
+.TP 7
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]hostname\f[]
Set the host to which future queries will be sent.
Hostname may
be either a host name or a numeric address.
-.TP
-.BR Ic hostnames Op Cm yes | Cm no
+.TP 7
+.NOP \f\*[B-Font]hostnames\f[] [\f\*[B-Font]yes\f[] | \f\*[B-Font]no\f[]]
If
-.Cm yes
+\f\*[B-Font]yes\f[]
is specified, host names are printed in
information displays.
If
-.Cm no
+\f\*[B-Font]no\f[]
is specified, numeric
addresses are printed instead.
The default is
-.Cm yes ,
+\f\*[B-Font]yes\f[],
unless
modified using the command line
- n
+\f\*[B-Font]\-n\f[]
switch.
-.TP
-.BR Ic keyid Ar keyid
+.TP 7
+.NOP \f\*[B-Font]keyid\f[] \f\*[I-Font]keyid\f[]
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-.TP
-.BR Ic quit
+.TP 7
+.NOP \f\*[B-Font]quit\f[]
Exit
-.Nm .
-.TP
-.BR Ic passwd
+\f\*[B-Font]ntpdc\fP.
+.TP 7
+.NOP \f\*[B-Font]passwd\f[]
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-.TP
-.BR Ic timeout Ar milliseconds
+.TP 7
+.NOP \f\*[B-Font]timeout\f[] \f\*[I-Font]milliseconds\f[]
Specify a timeout period for responses to server queries.
The
default is about 8000 milliseconds.
Note that since
-.Nm
+\f\*[B-Font]ntpdc\fP
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
+.PP
.SS "Control Message Commands"
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
These are read-only commands
in that they make no modification of the server configuration
state.
-.TP
-.BR Ic listpeers
+.TP 7
+.NOP \f\*[B-Font]listpeers\f[]
Obtains and prints a brief list of the peers for which the
server is maintaining state.
These should include all configured
peer associations as well as those peers whose stratum is such that
they are considered by the server to be possible future
synchronization candidates.
-.TP
-.BR Ic peers
+.TP 7
+.NOP \f\*[B-Font]peers\f[]
Obtains a list of peers for which the server is maintaining
state, along with a summary of that state.
Summary information
peer is unsynchronized), the polling interval, in seconds, the
reachability register, in octal, and the current estimated delay,
offset and dispersion of the peer, all in seconds.
-.PP
+.sp \n(Ppu
+.ne 2
+
The character in the left margin indicates the mode this peer
entry is operating in.
A
-.Ql \&+
+\[oq]\&+\[cq]
denotes symmetric active, a
-.Ql \&-
+\[oq]\&-\[cq]
indicates symmetric passive, a
-.Ql \&=
+\[oq]\&=\[cq]
means the
remote server is being polled in client mode, a
-.Ql \&^
+\[oq]\&^\[cq]
indicates that the server is broadcasting to this address, a
-.Ql \&~
+\[oq]\&~\[cq]
denotes that the remote peer is sending broadcasts and a
-.Ql \&~
+\[oq]\&~\[cq]
denotes that the remote peer is sending broadcasts and a
-.Ql \&*
+\[oq]\&*\[cq]
marks the peer the server is currently synchronizing
to.
-.PP
+.sp \n(Ppu
+.ne 2
+
The contents of the host field may be one of four forms.
It may
be a host name, an IP address, a reference clock implementation
name with its parameter or
-.Fn REFCLK "implementation_number" "parameter" .
+\fBREFCLK\fR()\f[]
On
-.Ic hostnames
-.Cm no
+\f\*[B-Font]hostnames\f[]
+\f\*[B-Font]no\f[]
only IP-addresses
will be displayed.
-.TP
-.BR Ic dmpeers
+.TP 7
+.NOP \f\*[B-Font]dmpeers\f[]
A slightly different peer summary list.
Identical to the output
of the
-.Ic peers
+\f\*[B-Font]peers\f[]
command, except for the character in the
leftmost column.
Characters only appear beside peers which were
included in the final stage of the clock selection algorithm.
A
-.Ql \&.
+\[oq]\&.\[cq]
indicates that this peer was cast off in the falseticker
detection, while a
-.Ql \&+
+\[oq]\&+\[cq]
indicates that the peer made it
through.
A
-.Ql \&*
+\[oq]\&*\[cq]
denotes the peer the server is currently
synchronizing with.
-.TP
-.BR Ic showpeer Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]showpeer\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
Shows a detailed display of the current peer variables for one
or more peers.
Most of these values are described in the NTP
Version 2 specification.
-.TP
-.BR Ic pstats Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]pstats\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
Show per-peer statistic counters associated with the specified
peer(s).
-.TP
-.BR Ic clockinfo Ar clock_peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]clockinfo\f[] \f\*[I-Font]clock_peer_address\f[] [\f\*[I-Font]...\f[]]
Obtain and print information concerning a peer clock.
The
values obtained provide information on the setting of fudge factors
and other clock performance information.
-.TP
-.BR Ic kerninfo
+.TP 7
+.NOP \f\*[B-Font]kerninfo\f[]
Obtain and print kernel phase-lock loop operating parameters.
This information is available only if the kernel has been specially
modified for a precision timekeeping function.
-.TP
-.BR Ic loopinfo Op Cm oneline | Cm multiline
+.TP 7
+.NOP \f\*[B-Font]loopinfo\f[] [\f\*[B-Font]oneline\f[] | \f\*[B-Font]multiline\f[]]
Print the values of selected loop filter variables.
The loop
filter is the part of NTP which deals with adjusting the local
system clock.
The
-.Sq offset
+\[oq]offset\[cq]
is the last offset given to the
loop filter by the packet processing code.
The
-.Sq frequency
+\[oq]frequency\[cq]
is the frequency error of the local clock in parts-per-million
(ppm).
The
-.Sq time_const
+\[oq]time_const\[cq]
controls the stiffness of the
phase-lock loop and thus the speed at which it can adapt to
oscillator drift.
The
-.Sq watchdog timer
+\[oq]watchdog timer\[cq]
value is the number
of seconds which have elapsed since the last sample offset was
given to the loop filter.
The
-.Cm oneline
+\f\*[B-Font]oneline\f[]
and
-.Cm multiline
+\f\*[B-Font]multiline\f[]
options specify the format in which this
information is to be printed, with
-.Cm multiline
+\f\*[B-Font]multiline\f[]
as the
default.
-.TP
-.BR Ic sysinfo
+.TP 7
+.NOP \f\*[B-Font]sysinfo\f[]
Print a variety of system state variables, i.e., state related
to the local server.
All except the last four lines are described
in the NTP Version 3 specification, RFC-1305.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq system flags
+\[oq]system flags\[cq]
show various system flags, some of
which can be set and cleared by the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
configuration commands, respectively.
These are
the
-.Cm auth ,
-.Cm bclient ,
-.Cm monitor ,
-.Cm pll ,
-.Cm pps
+\f\*[B-Font]auth\f[],
+\f\*[B-Font]bclient\f[],
+\f\*[B-Font]monitor\f[],
+\f\*[B-Font]pll\f[],
+\f\*[B-Font]pps\f[]
and
-.Cm stats
+\f\*[B-Font]stats\f[]
flags.
See the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
documentation for the meaning of these flags.
There
are two additional flags which are read only, the
-.Cm kernel_pll
+\f\*[B-Font]kernel_pll\f[]
and
-.Cm kernel_pps .
+\f\*[B-Font]kernel_pps\f[].
These flags indicate
the synchronization status when the precision time kernel
modifications are in use.
The
-.Sq kernel_pll
+\[oq]kernel_pll\[cq]
indicates that
the local clock is being disciplined by the kernel, while the
-.Sq kernel_pps
+\[oq]kernel_pps\[cq]
indicates the kernel discipline is provided by the PPS
signal.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq stability
+\[oq]stability\[cq]
is the residual frequency error remaining
after the system frequency correction is applied and is intended for
maintenance and debugging.
If it remains high for some time after
starting the daemon, something may be wrong with the local clock,
or the value of the kernel variable
-.Va kern.clockrate.tick
+\fIkern.clockrate.tick\f[]
may be
incorrect.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq broadcastdelay
+\[oq]broadcastdelay\[cq]
shows the default broadcast delay,
as set by the
-.Ic broadcastdelay
+\f\*[B-Font]broadcastdelay\f[]
configuration command.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Sq authdelay
+\[oq]authdelay\[cq]
shows the default authentication delay,
as set by the
-.Ic authdelay
+\f\*[B-Font]authdelay\f[]
configuration command.
-.TP
-.BR Ic sysstats
+.TP 7
+.NOP \f\*[B-Font]sysstats\f[]
Print statistics counters maintained in the protocol
module.
-.TP
-.BR Ic memstats
+.TP 7
+.NOP \f\*[B-Font]memstats\f[]
Print statistics counters related to memory allocation
code.
-.TP
-.BR Ic iostats
+.TP 7
+.NOP \f\*[B-Font]iostats\f[]
Print statistics counters maintained in the input-output
module.
-.TP
-.BR Ic timerstats
+.TP 7
+.NOP \f\*[B-Font]timerstats\f[]
Print statistics counters maintained in the timer/event queue
support code.
-.TP
-.BR Ic reslist
+.TP 7
+.NOP \f\*[B-Font]reslist\f[]
Obtain and print the server's restriction list.
This list is
(usually) printed in sorted order and may help to understand how
the restrictions are applied.
-.TP
-.BR Ic monlist Op Ar version
+.TP 7
+.NOP \f\*[B-Font]monlist\f[] [\f\*[I-Font]version\f[]]
Obtain and print traffic counts collected and maintained by the
monitor facility.
The version number should not normally need to be
specified.
-.TP
-.BR Ic clkbug Ar clock_peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]clkbug\f[] \f\*[I-Font]clock_peer_address\f[] [\f\*[I-Font]...\f[]]
Obtain debugging information for a reference clock driver.
This
information is provided only by some clock drivers and is mostly
undecodable without a copy of the driver source in hand.
+.PP
.SS "Runtime Configuration Requests"
All requests which cause state changes in the server are
authenticated by the server using a configured NTP key (the
key).
The key number and the corresponding key must also be made
known to
-.B .
+\f\*[B-Font]ntpdc\fP.
This can be done using the
-.Ic keyid
+\f\*[B-Font]keyid\f[]
and
-.Ic passwd
+\f\*[B-Font]passwd\f[]
commands, the latter of which will prompt at the terminal for a
password to use as the encryption key.
You will also be prompted
Authentication not only provides verification that
the requester has permission to make such changes, but also gives
an extra degree of protection again transmission errors.
-.PP
+.sp \n(Ppu
+.ne 2
+
Authenticated requests always include a timestamp in the packet
data, which is included in the computation of the authentication
code.
protection of keys and appropriate source address restrictions are
applied, the run time reconfiguration facility should provide an
adequate level of security.
-.PP
+.sp \n(Ppu
+.ne 2
+
The following commands all make authenticated requests.
-.TP
-.BR Xo Ic addpeer Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addpeer\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Add a configured peer association at the given address and
operating in symmetric active mode.
Note that an existing
executed, or may simply be converted to conform to the new
configuration, as appropriate.
If the optional
-\fIkeyid\fR
+\f\*[I-Font]keyid\f[]
is a
nonzero integer, all outgoing packets to the remote server will
have an authentication field attached encrypted with this key.
If
the value is 0 (or not given) no authentication will be done.
The
-\fIversion\fR
+\f\*[I-Font]version\f[]
can be 1, 2 or 3 and defaults to 3.
The
-.Cm prefer
+\f\*[B-Font]prefer\f[]
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
-.TP
-.BR Xo Ic addserver Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addserver\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Identical to the addpeer command, except that the operating
mode is client.
-.TP
-.BR Xo Ic broadcast Ar peer_address
-[ "\fIkeyid\fR" ]
-[ "\fIversion\fR" ]
-[ "\fIprefer\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]keyid\f[]] [\f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]]
Identical to the addpeer command, except that the operating
mode is broadcast.
In this case a valid key identifier and key are
required.
The
-\fIpeer_address\fR
+\f\*[I-Font]peer_address\f[]
parameter can be the broadcast
address of the local network or a multicast group address assigned
to NTP.
If a multicast address, a multicast-capable kernel is
required.
-.TP
-.BR Ic unconfig Ar peer_address Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]unconfig\f[] \f\*[I-Font]peer_address\f[] [\f\*[I-Font]...\f[]]
This command causes the configured bit to be removed from the
specified peer(s).
In many cases this will cause the peer
When appropriate, however, the
association may persist in an unconfigured mode if the remote peer
is willing to continue on in this fashion.
-.TP
-.BR Xo Ic fudge Ar peer_address
-[ "\fItime1\fR" ]
-[ "\fItime2\fR" ]
-[ "\fIstratum\fR" ]
-[ "\fIrefid\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]fudge\f[] \f\*[I-Font]peer_address\f[] [\f\*[B-Font]time1\f[]] [\f\*[B-Font]time2\f[]] [\f\*[I-Font]stratum\f[]] [\f\*[I-Font]refid\f[]]
This command provides a way to set certain data for a reference
clock.
See the source listing for further information.
-.TP
-.BR Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.TP
-.BR Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
+.TP 7
+.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
+.TP 7
+.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]pps\f[] | \f\*[B-Font]stats\f[]]
These commands operate in the same way as the
-.Ic enable
+\f\*[B-Font]enable\f[]
and
-.Ic disable
+\f\*[B-Font]disable\f[]
configuration file commands of
-.Xr ntpd @NTPD_MS@ .
-.in +4
-.ti -4
-.IR Cm auth
+\fCntpd\fR(@NTPD_MS@)\f[].
+.RS
+.TP 7
+.NOP \f\*[B-Font]auth\f[]
Enables the server to synchronize with unconfigured peers only
if the peer has been correctly authenticated using either public key
or private key cryptography.
The default for this flag is enable.
-.ti -4
-.IR Cm bclient
+.TP 7
+.NOP \f\*[B-Font]bclient\f[]
Enables the server to listen for a message from a broadcast or
multicast server, as in the multicastclient command with
default address.
The default for this flag is disable.
-.ti -4
-.IR Cm calibrate
+.TP 7
+.NOP \f\*[B-Font]calibrate\f[]
Enables the calibrate feature for reference clocks.
The default for this flag is disable.
-.ti -4
-.IR Cm kernel
+.TP 7
+.NOP \f\*[B-Font]kernel\f[]
Enables the kernel time discipline, if available.
The default for this flag is enable if support is available, otherwise disable.
-.ti -4
-.IR Cm monitor
+.TP 7
+.NOP \f\*[B-Font]monitor\f[]
Enables the monitoring facility.
See the documentation here about the
-.Cm monlist
+\f\*[B-Font]monlist\f[]
command or further information.
The default for this flag is enable.
-.ti -4
-.IR Cm ntp
+.TP 7
+.NOP \f\*[B-Font]ntp\f[]
Enables time and frequency discipline.
In effect, this switch opens and closes the feedback loop,
which is useful for testing.
The default for this flag is enable.
-.ti -4
-.IR Cm pps
+.TP 7
+.NOP \f\*[B-Font]pps\f[]
Enables the pulse-per-second (PPS) signal when frequency
and time is disciplined by the precision time kernel modifications.
See the
-.Qq A Kernel Model for Precision Timekeeping
+"A Kernel Model for Precision Timekeeping"
(available as part of the HTML documentation
provided in
-.Pa /usr/share/doc/ntp )
+\fI/usr/share/doc/ntp\f[])
page for further information.
The default for this flag is disable.
-.ti -4
-.IR Cm stats
+.TP 7
+.NOP \f\*[B-Font]stats\f[]
Enables the statistics facility.
See the
-.Sx Monitoring Options
+\fIMonitoring\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5
+\fCntp.conf\fR(5)\f[]
for further information.
The default for this flag is disable.
-.in -4
-.TP
-.BR Xo Ic restrict Ar address Ar mask
-\fIflag Oo Ar ... Oc\fR
-.Xc
+.RE
+.TP 7
+.NOP \f\*[B-Font]restrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] \f\*[I-Font]flag\f[] [\f\*[I-Font]...\f[]]
This command operates in the same way as the
-.Ic restrict
+\f\*[B-Font]restrict\f[]
configuration file commands of
-.Xr ntpd @NTPD_MS@ .
-.TP
-.BR Xo Ic unrestrict Ar address Ar mask
-\fIflag Oo Ar ... Oc\fR
-.Xc
+\fCntpd\fR(@NTPD_MS@)\f[].
+.TP 7
+.NOP \f\*[B-Font]unrestrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] \f\*[I-Font]flag\f[] [\f\*[I-Font]...\f[]]
Unrestrict the matching entry from the restrict list.
-.TP
-.BR Xo Ic delrestrict Ar address Ar mask
-[ "\fIntpport\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]delrestrict\f[] \f\*[I-Font]address\f[] \f\*[I-Font]mask\f[] [\f\*[B-Font]ntpport\f[]]
Delete the matching entry from the restrict list.
-.TP
-.BR Ic readkeys
+.TP 7
+.NOP \f\*[B-Font]readkeys\f[]
Causes the current set of authentication keys to be purged and
a new set to be obtained by rereading the keys file (which must
have been specified in the
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
configuration file).
This
allows encryption keys to be changed without restarting the
server.
-.TP
-.BR Ic trustedkey Ar keyid Oo Ar ... Oc
-.TP
-.BR Ic untrustedkey Ar keyid Oo Ar ... Oc
+.TP 7
+.NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]keyid\f[] [\f\*[I-Font]...\f[]]
+.TP 7
+.NOP \f\*[B-Font]untrustedkey\f[] \f\*[I-Font]keyid\f[] [\f\*[I-Font]...\f[]]
These commands operate in the same way as the
-.Ic trustedkey
+\f\*[B-Font]trustedkey\f[]
and
-.Ic untrustedkey
+\f\*[B-Font]untrustedkey\f[]
configuration file
commands of
-.Xr ntpd @NTPD_MS@ .
-.TP
-.BR Ic authinfo
+\fCntpd\fR(@NTPD_MS@)\f[].
+.TP 7
+.NOP \f\*[B-Font]authinfo\f[]
Returns information concerning the authentication module,
including known keys and counts of encryptions and decryptions
which have been done.
-.TP
-.BR Ic traps
+.TP 7
+.NOP \f\*[B-Font]traps\f[]
Display the traps set in the server.
See the source listing for
further information.
-.TP
-.BR Xo Ic addtrap Ar address
-[ "\fIport\fR" ]
-[ "\fIinterface\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]addtrap\f[] \f\*[I-Font]address\f[] [\f\*[I-Font]port\f[]] [\f\*[I-Font]interface\f[]]
Set a trap for asynchronous messages.
See the source listing
for further information.
-.TP
-.BR Xo Ic clrtrap Ar address
-[ "\fIport\fR" ]
-[ "\fIinterface\fR" ]
-.Xc
+.TP 7
+.NOP \f\*[B-Font]clrtrap\f[] \f\*[I-Font]address\f[] [\f\*[I-Font]port\f[]] [\f\*[I-Font]interface\f[]]
Clear a trap for asynchronous messages.
See the source listing
for further information.
-.TP
-.BR Ic reset
+.TP 7
+.NOP \f\*[B-Font]reset\f[]
Clear the statistics counters in various modules of the server.
See the source listing for further information.
+.PP
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "SEE ALSO"
-.Xr ntp.conf 5 ,
-.Xr ntpd @NTPD_MS@
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
+\fCntp.conf\fR(5)\f[],
+\fCntpd\fR(@NTPD_MS@)\f[]
+David L. Mills,
+\fINetwork Time Protocol (Version 3)\fR,
+RFC1305
+.PP
+
.SH AUTHORS
The formatting directives in this document came from FreeBSD.
.SH "COPYRIGHT"
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS
The
-.B
+\f\*[B-Font]ntpdc\fP
utility is a crude hack.
Much of the information it shows is
deadly boring and could only be loved by its implementer.
to hack in, at great expense to the program's ease of use.
Despite
this, the program is occasionally useful.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please report bugs to http://bugs.ntp.org .
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH "NOTES"
This manual page was \fIAutoGen\fP-erated from the \fBntpdc\fP
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPDC @NTPDC_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:31:49 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:07:56 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ host ...]
.Pp
.Sh DESCRIPTION
.Nm .
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd
run a command and exit.
This option may appear an unlimited number of times.
.sp
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-i ", " \-\-interactive
+.It Fl i , Fl \-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-l ", " \-\-listpeers
+.It Fl l , Fl \-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
-.It \-n ", " \-\-numeric
+.It Fl n , Fl \-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
converting to the canonical host names.
-.It \-p ", " \-\-peers
+.It Fl p , Fl \-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-s ", " \-\-showpeers
+.It Fl s , Fl \-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'dmpeers' interactive command.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:32:07 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:08:25 PM by AutoGen 5.18.3pre5
# From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@code{ntpq}
will attempt to read
interactive format commands from the standard input.
-@node Internal Commands
-@section Internal Commands
-
-
+@subsubsection Internal Commands
Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
requests being sent to a server.
These are described following.
@table @asis
-
-@item ? [@kbd{command_keyword}]
-@item @code{help} [@kbd{command_keyword}]
+@item @code{?} @code{[@kbd{command_keyword}]}
+@item @code{help} @code{[@kbd{command_keyword}]}
A
@quoteleft{}?@quoteright{}
by itself will print a list of all the command
keywords known to this incarnation of
-@code{ntpq}.
+@code{ntpq}
A
@quoteleft{}?@quoteright{}
followed by a command keyword will print function and usage
@code{ntpq}
than this manual
page.
-@item @code{addvars} @kbd{variable_name}[@code{=value}]
-@code{...}
-
-@item@code{rmvars}@kbd{variable_name}@code{...}
-@item@code{clearvars}
+@item @code{addvars} @kbd{variable_name} @code{[@code{=value}]} @code{...}
+@item @code{rmvars} @kbd{variable_name} @code{...}
+@item @code{clearvars}
The data carried by NTP mode 6 messages consists of a list of
items of the form
-@quoteleft{}variable_name=value,@quoteright{}
+@quoteleft{}variable_name=value@quoteright{},
where the
@quoteleft{}=value@quoteright{}
is ignored, and can be omitted,
@code{clearlist}
command removes all variables from the
list.
-@item@code{authenticate}[yes]|no
+@item @code{authenticate} @code{[yes | no]}
Normally
@code{ntpq}
does not authenticate requests unless
they are write requests.
The command
-@quoteleft{}authenticateyes@quoteright{}
+@quoteleft{}authenticate yes@quoteright{}
causes
@code{ntpq}
to send authentication with all requests it
to display whether or not
@code{ntpq}
is currently autheinticating requests.
-@item@code{cooked}
+@item @code{cooked}
Causes output from query commands to be "cooked", so that
variables which are recognized by
@code{ntpq}
@code{ntpq}
thinks should have a decodable value but didn't are
marked with a trailing
-@quoteleft{}?.@quoteright{}
-@item@code{debug}Oo@code{more}|@code{less}|@code{off}Oc
+@quoteleft{}?@quoteright{}.
+@item @code{debug} @code{[@code{more} | @code{less} | @code{off}]}
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
-@item@code{delay}@kbd{milliseconds}
+@item @code{delay} @kbd{milliseconds}
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-@item@code{host}@kbd{hostname}
+@item @code{host} @kbd{hostname}
Set the host to which future queries will be sent.
@kbd{hostname}
may be either a host name or a numeric address.
-@item@code{hostnames}[@code{yes}|@code{Cm}@code{no}]
+@item @code{hostnames} @code{[@code{yes} | @code{no}]}
If
@code{yes}
is specified, host names are printed in
modified using the command line
@code{-n}
switch.
-@item@code{keyid}@kbd{keyid}
+@item @code{keyid} @kbd{keyid}
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-@item@code{ntpversion}@code{Oo}
-@code{1}|
-@code{2}|
-@code{3}|
-@code{4}
-Oc
-
+@item @code{ntpversion} @code{[@code{1} | @code{2} | @code{3} | @code{4}]}
Sets the NTP version number which
@code{ntpq}
claims in
to be no servers left which demand version 1.
With no argument, displays the current NTP version that will be used
when communicating with servers.
-@item@code{quit}
+@item @code{quit}
Exit
@code{ntpq}
-@item@code{passwd}
+@item @code{passwd}
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-@item@code{raw}
+@item @code{raw}
Causes all output from query commands is printed as received
from the remote server.
The only formating/interpretation done on
the data is to transform nonascii data into a printable (but barely
understandable) form.
-@item@code{timeout}@kbd{milliseconds}
+@item @code{timeout} @kbd{milliseconds}
Specify a timeout period for responses to server queries.
The
default is about 5000 milliseconds.
@exampleindent 0
@example
-ntpq - standard NTP query program - Ver. 4.2.7p401
+ntpq - standard NTP query program - Ver. 4.2.7p402
Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:31:52 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:07:59 PM by AutoGen 5.18.3pre5
* From the definitions ntpq-opts.def
* and the template file options
*
* static const strings for ntpq options
*/
static char const ntpq_opt_strs[1833] =
-/* 0 */ "ntpq 4.2.7p401\n"
+/* 0 */ "ntpq 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1627 */ "no-load-opts\0"
/* 1640 */ "no\0"
/* 1643 */ "NTPQ\0"
-/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p401\n"
+/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1769 */ "$HOME\0"
/* 1775 */ ".\0"
/* 1777 */ ".ntprc\0"
/* 1784 */ "http://bugs.ntp.org, bugs@ntp.org\0"
-/* 1818 */ "ntpq 4.2.7p401";
+/* 1818 */ "ntpq 4.2.7p402";
/**
* ipv4 option description with
translate option names.
*/
/* referenced via ntpqOptions.pzCopyright */
- puts(_("ntpq 4.2.7p401\n\
+ puts(_("ntpq 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("load options from a config file"));
/* referenced via ntpqOptions.pzUsageTitle */
- puts(_("ntpq - standard NTP query program - Ver. 4.2.7p401\n\
+ puts(_("ntpq - standard NTP query program - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpqOptions.pzFullVersion */
- puts(_("ntpq 4.2.7p401"));
+ puts(_("ntpq 4.2.7p402"));
/* referenced via ntpqOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:31:52 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:07:58 PM by AutoGen 5.18.3pre5
* From the definitions ntpq-opts.def
* and the template file options
*
/** count of all options for ntpq */
#define OPTION_CT 14
/** ntpq version */
-#define NTPQ_VERSION "4.2.7p401"
+#define NTPQ_VERSION "4.2.7p402"
/** Full ntpq version text */
-#define NTPQ_FULL_VERSION "ntpq 4.2.7p401"
+#define NTPQ_FULL_VERSION "ntpq 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpq 1ntpqman "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpq 1ntpqman "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:03 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpq-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7aaGAP/ag-ibaGzP)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:21 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpq-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpq \- standard NTP query program
+\f\*[B-Font]ntpq\fP
+\- standard NTP query program
.SH SYNOPSIS
-.B ntpq
+\f\*[B-Font]ntpq\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ host ...]"
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ host ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntpq\fP
utility program is used to query NTP servers which
implement the standard NTP mode 6 control message formats defined
in Appendix B of the NTPv3 specification RFC1305, requesting
variables can be assembled, with raw and pretty-printed output
options being available.
The
-.B
+\f\*[B-Font]ntpq\fP
utility can also obtain and print a
list of peers in a common format by sending multiple queries to the
server.
If one or more request options is included on the command line
when
-.B
+\f\*[B-Font]ntpq\fP
is executed, each of the requests will be sent
to the NTP servers running on each of the hosts given as command
line arguments, or on localhost by default.
If no request options
are given,
-.B
+\f\*[B-Font]ntpq\fP
will attempt to read commands from the
standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost
when no other host is specified.
The
-.B
+\f\*[B-Font]ntpq\fP
utility will prompt for
commands if the standard input is a terminal device.
-.B
+\f\*[B-Font]ntpq\fP
uses NTP mode 6 packets to communicate with the
NTP server, and hence can be used to query any compatible server on
the network which permits it.
this communication will be somewhat unreliable, especially over
large distances in terms of network topology.
The
-.B
+\f\*[B-Font]ntpq\fP
utility makes
one attempt to retransmit requests, and will time requests out if
the remote host is not heard from within a suitable timeout
time.
Specifying a
command line option other than
- i
+\f\*[B-Font]\-i\f[]
or
- n
+\f\*[B-Font]\-n\f[]
will
cause the specified query (queries) to be sent to the indicated
host(s) immediately.
Otherwise,
-.B
+\f\*[B-Font]ntpq\fP
will attempt to read
interactive format commands from the standard input.
.SS "Internal Commands"
A
number of interactive format commands are executed entirely within
the
-.B
+\f\*[B-Font]ntpq\fP
utility itself and do not result in NTP mode 6
requests being sent to a server.
These are described following.
-.TP
-.BR Ic ? Op Ar command_keyword
-.TP
-.BR Ic help Op Ar command_keyword
+.TP 20
+.NOP \f\*[B-Font]?\f[] [\f\*[I-Font]command_keyword\f[]]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]help\f[] [\f\*[I-Font]command_keyword\f[]]
A
-.Ql \&?
+\[oq]\&?\[cq]
by itself will print a list of all the command
keywords known to this incarnation of
-.Nm .
+\f\*[B-Font]ntpq\fP.
A
-.Ql \&?
+\[oq]\&?\[cq]
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
source of information about
-.Nm
+\f\*[B-Font]ntpq\fP
than this manual
page.
-.TP
-.BR Ic addvars Ar variable_name Xo Op Ic =value
-.Ic ...
-.Xc
-.TP
-.BR Ic rmvars Ar variable_name Ic ...
-.TP
-.BR Ic clearvars
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]addvars\f[] \f\*[I-Font]variable_name\f[] [\f\*[B-Font]=value\f[]] \f\*[B-Font]...\f[]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]rmvars\f[] \f\*[I-Font]variable_name\f[] \f\*[B-Font]...\f[]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]clearvars\f[]
The data carried by NTP mode 6 messages consists of a list of
items of the form
-.Ql variable_name=value ,
+\[oq]variable_name=value\[cq],
where the
-.Ql =value
+\[oq]=value\[cq]
is ignored, and can be omitted,
in requests to the server to read variables.
The
-.Nm
+\f\*[B-Font]ntpq\fP
utility maintains an internal list in which data to be included in control
messages can be assembled, and sent using the
-.Ic readlist
+\f\*[B-Font]readlist\f[]
and
-.Ic writelist
+\f\*[B-Font]writelist\f[]
commands described below.
The
-.Ic addvars
+\f\*[B-Font]addvars\f[]
command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
be comma-separated and not contain white space.
The
-.Ic rmvars
+\f\*[B-Font]rmvars\f[]
command can be used to remove individual variables from the list,
while the
-.Ic clearlist
+\f\*[B-Font]clearlist\f[]
command removes all variables from the
list.
-.TP
-.BR Ic authenticate Op yes | no
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]authenticate\f[] [yes | no]
Normally
-.Nm
+\f\*[B-Font]ntpq\fP
does not authenticate requests unless
they are write requests.
The command
-.Ql authenticate yes
+\[oq]authenticate yes\[cq]
causes
-.Nm
+\f\*[B-Font]ntpq\fP
to send authentication with all requests it
makes.
Authenticated requests causes some servers to handle
requests slightly differently, and can occasionally melt the CPU in
fuzzballs if you turn authentication on before doing a
-.Ic peer
+\f\*[B-Font]peer\f[]
display.
The command
-.Ql authenticate
+\[oq]authenticate\[cq]
causes
-.Nm
+\f\*[B-Font]ntpq\fP
to display whether or not
-.Nm
+\f\*[B-Font]ntpq\fP
is currently autheinticating requests.
-.TP
-.BR Ic cooked
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]cooked\f[]
Causes output from query commands to be "cooked", so that
variables which are recognized by
-.Nm
+\f\*[B-Font]ntpq\fP
will have their
values reformatted for human consumption.
Variables which
-.Nm
+\f\*[B-Font]ntpq\fP
thinks should have a decodable value but didn't are
marked with a trailing
-.Ql \&? .
-.TP
-.BR Xo
-.Ic debug
-.Oo
-.Cm more |
-.Cm less |
-.Cm off
-.Oc
-.Xc
+\[oq]\&?\[cq].
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]debug\f[] [\f\*[B-Font]more\f[] | \f\*[B-Font]less\f[] | \f\*[B-Font]off\f[]]
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
-.TP
-.BR Ic delay Ar milliseconds
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]delay\f[] \f\*[I-Font]milliseconds\f[]
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-.TP
-.BR Ic host Ar hostname
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]hostname\f[]
Set the host to which future queries will be sent.
-\fIhostname\fR
+\f\*[I-Font]hostname\f[]
may be either a host name or a numeric address.
-.TP
-.BR Ic hostnames Op Cm yes | Cm no
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]hostnames\f[] [\f\*[B-Font]yes\f[] | \f\*[B-Font]no\f[]]
If
-.Cm yes
+\f\*[B-Font]yes\f[]
is specified, host names are printed in
information displays.
If
-.Cm no
+\f\*[B-Font]no\f[]
is specified, numeric
addresses are printed instead.
The default is
-.Cm yes ,
+\f\*[B-Font]yes\f[],
unless
modified using the command line
- n
+\f\*[B-Font]\-n\f[]
switch.
-.TP
-.BR Ic keyid Ar keyid
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]keyid\f[] \f\*[I-Font]keyid\f[]
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-.TP
-.BR Ic ntpversion Xo Oo
-.Cm 1 |
-.Cm 2 |
-.Cm 3 |
-.Cm 4
-.Oc
-.Xc
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]ntpversion\f[] [\f\*[B-Font]1\f[] | \f\*[B-Font]2\f[] | \f\*[B-Font]3\f[] | \f\*[B-Font]4\f[]]
Sets the NTP version number which
-.Nm
+\f\*[B-Font]ntpq\fP
claims in
packets.
Defaults to 3, and note that mode 6 control messages (and
to be no servers left which demand version 1.
With no argument, displays the current NTP version that will be used
when communicating with servers.
-.TP
-.BR Ic quit
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]quit\f[]
Exit
-.Nm
-.TP
-.BR Ic passwd
+\f\*[B-Font]ntpq\fP
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]passwd\f[]
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-.TP
-.BR Ic raw
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]raw\f[]
Causes all output from query commands is printed as received
from the remote server.
The only formating/interpretation done on
the data is to transform nonascii data into a printable (but barely
understandable) form.
-.TP
-.BR Ic timeout Ar milliseconds
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]timeout\f[] \f\*[I-Font]milliseconds\f[]
Specify a timeout period for responses to server queries.
The
default is about 5000 milliseconds.
Note that since
-.Nm
+\f\*[B-Font]ntpq\fP
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
+.PP
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]cmd\f[], \f\*[B-Font]\-\-command\f[]=\f\*[I-Font]cmd\f[]
run a command and exit.
This option may appear an unlimited number of times.
.sp
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-p ", " \-\-peers
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-peers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-i ", " \-\-interactive
+.NOP \f\*[B-Font]\-i\f[], \f\*[B-Font]\-\-interactive\f[]
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Prompts will be written to the standard output and
commands read from the standard input.
.TP
-.BR \-n ", " \-\-numeric
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-numeric\f[]
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
.TP
-.BR \-\-old\-rv
+.NOP \f\*[B-Font]\-\-old\-rv\f[]
Always output status line with readvar.
.sp
By default, \fBntpq\fP now suppresses the \fBassocid=...\fP
preset this option in a script will enable both older and
newer \fBntpq\fP to behave identically in this regard.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntpq 1ntpqman "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7aaGAP/ag-ibaGzP)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:21 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpq-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpq\fP ntpq
+\- standard NTP query program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPQ 1ntpqmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:09 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:27 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ host ...]
.Pp
.Sh DESCRIPTION
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd
run a command and exit.
This option may appear an unlimited number of times.
.sp
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-p ", " \-\-peers
+.It Fl p , Fl \-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-i ", " \-\-interactive
+.It Fl i , Fl \-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Force \fBntpq\fP to operate in interactive mode.
Prompts will be written to the standard output and
commands read from the standard input.
-.It \-n ", " \-\-numeric
+.It Fl n , Fl \-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
converting to the canonical host names.
-.It \-\-old\-rv
+.It Fl \-old\-rv
Always output status line with readvar.
.sp
By default, \fBntpq\fP now suppresses the \fBassocid=...\fP
Using an environment variable to
preset this option in a script will enable both older and
newer \fBntpq\fP to behave identically in this regard.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
and determine the performance of
<code>ntpd</code>, the NTP daemon.
- <p>This document applies to version 4.2.7p401 of <code>ntpq</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntpq</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpq - standard NTP query program - Ver. 4.2.7p400
+<pre class="example">ntpq - standard NTP query program - Ver. 4.2.7p401
Usage: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
-.TH ntpq @NTPQ_MS@ "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpq @NTPQ_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:03 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpq-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7aaGAP/ag-ibaGzP)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:21 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpq-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpq \- standard NTP query program
+\f\*[B-Font]ntpq\fP
+\- standard NTP query program
.SH SYNOPSIS
-.B ntpq
+\f\*[B-Font]ntpq\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ host ...]"
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ host ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
The
-.B
+\f\*[B-Font]ntpq\fP
utility program is used to query NTP servers which
implement the standard NTP mode 6 control message formats defined
in Appendix B of the NTPv3 specification RFC1305, requesting
variables can be assembled, with raw and pretty-printed output
options being available.
The
-.B
+\f\*[B-Font]ntpq\fP
utility can also obtain and print a
list of peers in a common format by sending multiple queries to the
server.
If one or more request options is included on the command line
when
-.B
+\f\*[B-Font]ntpq\fP
is executed, each of the requests will be sent
to the NTP servers running on each of the hosts given as command
line arguments, or on localhost by default.
If no request options
are given,
-.B
+\f\*[B-Font]ntpq\fP
will attempt to read commands from the
standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost
when no other host is specified.
The
-.B
+\f\*[B-Font]ntpq\fP
utility will prompt for
commands if the standard input is a terminal device.
-.B
+\f\*[B-Font]ntpq\fP
uses NTP mode 6 packets to communicate with the
NTP server, and hence can be used to query any compatible server on
the network which permits it.
this communication will be somewhat unreliable, especially over
large distances in terms of network topology.
The
-.B
+\f\*[B-Font]ntpq\fP
utility makes
one attempt to retransmit requests, and will time requests out if
the remote host is not heard from within a suitable timeout
time.
Specifying a
command line option other than
- i
+\f\*[B-Font]\-i\f[]
or
- n
+\f\*[B-Font]\-n\f[]
will
cause the specified query (queries) to be sent to the indicated
host(s) immediately.
Otherwise,
-.B
+\f\*[B-Font]ntpq\fP
will attempt to read
interactive format commands from the standard input.
.SS "Internal Commands"
A
number of interactive format commands are executed entirely within
the
-.B
+\f\*[B-Font]ntpq\fP
utility itself and do not result in NTP mode 6
requests being sent to a server.
These are described following.
-.TP
-.BR Ic ? Op Ar command_keyword
-.TP
-.BR Ic help Op Ar command_keyword
+.TP 20
+.NOP \f\*[B-Font]?\f[] [\f\*[I-Font]command_keyword\f[]]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]help\f[] [\f\*[I-Font]command_keyword\f[]]
A
-.Ql \&?
+\[oq]\&?\[cq]
by itself will print a list of all the command
keywords known to this incarnation of
-.Nm .
+\f\*[B-Font]ntpq\fP.
A
-.Ql \&?
+\[oq]\&?\[cq]
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
source of information about
-.Nm
+\f\*[B-Font]ntpq\fP
than this manual
page.
-.TP
-.BR Ic addvars Ar variable_name Xo Op Ic =value
-.Ic ...
-.Xc
-.TP
-.BR Ic rmvars Ar variable_name Ic ...
-.TP
-.BR Ic clearvars
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]addvars\f[] \f\*[I-Font]variable_name\f[] [\f\*[B-Font]=value\f[]] \f\*[B-Font]...\f[]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]rmvars\f[] \f\*[I-Font]variable_name\f[] \f\*[B-Font]...\f[]
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]clearvars\f[]
The data carried by NTP mode 6 messages consists of a list of
items of the form
-.Ql variable_name=value ,
+\[oq]variable_name=value\[cq],
where the
-.Ql =value
+\[oq]=value\[cq]
is ignored, and can be omitted,
in requests to the server to read variables.
The
-.Nm
+\f\*[B-Font]ntpq\fP
utility maintains an internal list in which data to be included in control
messages can be assembled, and sent using the
-.Ic readlist
+\f\*[B-Font]readlist\f[]
and
-.Ic writelist
+\f\*[B-Font]writelist\f[]
commands described below.
The
-.Ic addvars
+\f\*[B-Font]addvars\f[]
command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
be comma-separated and not contain white space.
The
-.Ic rmvars
+\f\*[B-Font]rmvars\f[]
command can be used to remove individual variables from the list,
while the
-.Ic clearlist
+\f\*[B-Font]clearlist\f[]
command removes all variables from the
list.
-.TP
-.BR Ic authenticate Op yes | no
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]authenticate\f[] [yes | no]
Normally
-.Nm
+\f\*[B-Font]ntpq\fP
does not authenticate requests unless
they are write requests.
The command
-.Ql authenticate yes
+\[oq]authenticate yes\[cq]
causes
-.Nm
+\f\*[B-Font]ntpq\fP
to send authentication with all requests it
makes.
Authenticated requests causes some servers to handle
requests slightly differently, and can occasionally melt the CPU in
fuzzballs if you turn authentication on before doing a
-.Ic peer
+\f\*[B-Font]peer\f[]
display.
The command
-.Ql authenticate
+\[oq]authenticate\[cq]
causes
-.Nm
+\f\*[B-Font]ntpq\fP
to display whether or not
-.Nm
+\f\*[B-Font]ntpq\fP
is currently autheinticating requests.
-.TP
-.BR Ic cooked
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]cooked\f[]
Causes output from query commands to be "cooked", so that
variables which are recognized by
-.Nm
+\f\*[B-Font]ntpq\fP
will have their
values reformatted for human consumption.
Variables which
-.Nm
+\f\*[B-Font]ntpq\fP
thinks should have a decodable value but didn't are
marked with a trailing
-.Ql \&? .
-.TP
-.BR Xo
-.Ic debug
-.Oo
-.Cm more |
-.Cm less |
-.Cm off
-.Oc
-.Xc
+\[oq]\&?\[cq].
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]debug\f[] [\f\*[B-Font]more\f[] | \f\*[B-Font]less\f[] | \f\*[B-Font]off\f[]]
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
-.TP
-.BR Ic delay Ar milliseconds
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]delay\f[] \f\*[I-Font]milliseconds\f[]
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-.TP
-.BR Ic host Ar hostname
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]host\f[] \f\*[I-Font]hostname\f[]
Set the host to which future queries will be sent.
-\fIhostname\fR
+\f\*[I-Font]hostname\f[]
may be either a host name or a numeric address.
-.TP
-.BR Ic hostnames Op Cm yes | Cm no
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]hostnames\f[] [\f\*[B-Font]yes\f[] | \f\*[B-Font]no\f[]]
If
-.Cm yes
+\f\*[B-Font]yes\f[]
is specified, host names are printed in
information displays.
If
-.Cm no
+\f\*[B-Font]no\f[]
is specified, numeric
addresses are printed instead.
The default is
-.Cm yes ,
+\f\*[B-Font]yes\f[],
unless
modified using the command line
- n
+\f\*[B-Font]\-n\f[]
switch.
-.TP
-.BR Ic keyid Ar keyid
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]keyid\f[] \f\*[I-Font]keyid\f[]
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-.TP
-.BR Ic ntpversion Xo Oo
-.Cm 1 |
-.Cm 2 |
-.Cm 3 |
-.Cm 4
-.Oc
-.Xc
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]ntpversion\f[] [\f\*[B-Font]1\f[] | \f\*[B-Font]2\f[] | \f\*[B-Font]3\f[] | \f\*[B-Font]4\f[]]
Sets the NTP version number which
-.Nm
+\f\*[B-Font]ntpq\fP
claims in
packets.
Defaults to 3, and note that mode 6 control messages (and
to be no servers left which demand version 1.
With no argument, displays the current NTP version that will be used
when communicating with servers.
-.TP
-.BR Ic quit
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]quit\f[]
Exit
-.Nm
-.TP
-.BR Ic passwd
+\f\*[B-Font]ntpq\fP
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]passwd\f[]
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-.TP
-.BR Ic raw
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]raw\f[]
Causes all output from query commands is printed as received
from the remote server.
The only formating/interpretation done on
the data is to transform nonascii data into a printable (but barely
understandable) form.
-.TP
-.BR Ic timeout Ar milliseconds
+.br
+.ns
+.TP 20
+.NOP \f\*[B-Font]timeout\f[] \f\*[I-Font]milliseconds\f[]
Specify a timeout period for responses to server queries.
The
default is about 5000 milliseconds.
Note that since
-.Nm
+\f\*[B-Font]ntpq\fP
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
+.PP
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]cmd\f[], \f\*[B-Font]\-\-command\f[]=\f\*[I-Font]cmd\f[]
run a command and exit.
This option may appear an unlimited number of times.
.sp
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-p ", " \-\-peers
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-peers\f[]
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-i ", " \-\-interactive
+.NOP \f\*[B-Font]\-i\f[], \f\*[B-Font]\-\-interactive\f[]
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Prompts will be written to the standard output and
commands read from the standard input.
.TP
-.BR \-n ", " \-\-numeric
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-numeric\f[]
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
.TP
-.BR \-\-old\-rv
+.NOP \f\*[B-Font]\-\-old\-rv\f[]
Always output status line with readvar.
.sp
By default, \fBntpq\fP now suppresses the \fBassocid=...\fP
preset this option in a script will enable both older and
newer \fBntpq\fP to behave identically in this regard.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntpq @NTPQ_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7aaGAP/ag-ibaGzP)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:21 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpq-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpq\fP ntpq
+\- standard NTP query program
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPQ @NTPQ_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:09 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:27 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ host ...]
.Pp
.Sh DESCRIPTION
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-c " \fIcmd\fP, " \-\-command "=" \fIcmd\fP
+.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd
run a command and exit.
This option may appear an unlimited number of times.
.sp
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-p ", " \-\-peers
+.It Fl p , Fl \-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-i ", " \-\-interactive
+.It Fl i , Fl \-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Force \fBntpq\fP to operate in interactive mode.
Prompts will be written to the standard output and
commands read from the standard input.
-.It \-n ", " \-\-numeric
+.It Fl n , Fl \-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
converting to the canonical host names.
-.It \-\-old\-rv
+.It Fl \-old\-rv
Always output status line with readvar.
.sp
By default, \fBntpq\fP now suppresses the \fBassocid=...\fP
Using an environment variable to
preset this option in a script will enable both older and
newer \fBntpq\fP to behave identically in this regard.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:32:49 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:08:41 PM by AutoGen 5.18.3pre5
# From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p401
+ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p402
Usage: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-n no nofork Do not fork
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:32:13 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:08:29 PM by AutoGen 5.18.3pre5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
* static const strings for ntpsnmpd options
*/
static char const ntpsnmpd_opt_strs[1560] =
-/* 0 */ "ntpsnmpd 4.2.7p401\n"
+/* 0 */ "ntpsnmpd 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1360 */ "no-load-opts\0"
/* 1373 */ "no\0"
/* 1376 */ "NTPSNMPD\0"
-/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p401\n"
+/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1490 */ "$HOME\0"
/* 1496 */ ".\0"
/* 1498 */ ".ntprc\0"
/* 1505 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1539 */ "\n\0"
-/* 1541 */ "ntpsnmpd 4.2.7p401";
+/* 1541 */ "ntpsnmpd 4.2.7p402";
/**
* nofork option description:
translate option names.
*/
/* referenced via ntpsnmpdOptions.pzCopyright */
- puts(_("ntpsnmpd 4.2.7p401\n\
+ puts(_("ntpsnmpd 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("load options from a config file"));
/* referenced via ntpsnmpdOptions.pzUsageTitle */
- puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p401\n\
+ puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"));
/* referenced via ntpsnmpdOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpsnmpdOptions.pzFullVersion */
- puts(_("ntpsnmpd 4.2.7p401"));
+ puts(_("ntpsnmpd 4.2.7p402"));
/* referenced via ntpsnmpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:32:13 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:08:29 PM by AutoGen 5.18.3pre5
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
/** count of all options for ntpsnmpd */
#define OPTION_CT 8
/** ntpsnmpd version */
-#define NTPSNMPD_VERSION "4.2.7p401"
+#define NTPSNMPD_VERSION "4.2.7p402"
/** Full ntpsnmpd version text */
-#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p401"
+#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpsnmpd 1ntpsnmpdman "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpsnmpd 1ntpsnmpdman "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:45 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpsnmpd-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LhaGNQ/ag-YhaGMQ)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:38 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpsnmpd-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpsnmpd \- NTP SNMP MIB agent
+\f\*[B-Font]ntpsnmpd\fP
+\- NTP SNMP MIB agent
.SH SYNOPSIS
-.B ntpsnmpd
+\f\*[B-Font]ntpsnmpd\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..."
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]ntpsnmpd\fP
is an SNMP MIB agent designed to interface with
-.Xr ntpd 1ntpdmdoc .
+\fCntpd\fR(1ntpdmdoc)\f[].
.SH "OPTIONS"
.TP
-.BR \-n ", " \-\-nofork
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-nofork\f[]
Do not fork.
.sp
.TP
-.BR \-p ", " \-\-syslog
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-syslog\f[]
Log to syslog().
.sp
.TP
-.BR \-\-agentxsocket "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-agentxsocket\f[]=\f\*[I-Font]string\f[]
The socket address ntpsnmpd uses to connect to net-snmpd.
-The default \fIstring\fP for this option is:
+The default
+\f\*[I-Font]string\f[]
+for this option is:
.ti +4
unix:/var/agentx/master
.sp
\fIunix:/var/agentx/master\fP.
Another common alternative is \fItcp:localhost:705\fP.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
rm \-f $list
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.TH ntpsnmpd 1ntpsnmpdman "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LhaGNQ/ag-YhaGMQ)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:38 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpsnmpd-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpsnmpd\fP ntpsnmpd
+\- NTP SNMP MIB agent
.SH USAGE
-.B
+\f\*[B-Font]ntpsnmpd\fP
currently uses a private MIB OID,
-.Ql enterprises.5597 ,
+\[oq]enterprises.5597\[cq],
which is the Meinberg top level OEM OID, and
-.Ql 99
+\[oq]99\[cq]
is the temporary working space for this project.
The final OID has to be registered with IANA
and this is done by the RFC Editor
when the NTPv4 MIB RFC is standardized.
-.PP
+.sp \n(Ppu
+.ne 2
+
If you have
-.Xr snmpwalk 1
+\fCsnmpwalk\fR(1)\f[]
installed you can run
.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH AUTHORS
-.An "Heiko Gerstung"
+.NOP "Heiko Gerstung"
+.br
.SH "COPYRIGHT"
Copyright (C) 1970-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
The following objects are currently supported:
-.PP
-.TP
-.BR Li ntpEntSoftwareName
+.sp \n(Ppu
+.ne 2
+
+.TP 29
+.NOP \f[C]ntpEntSoftwareName\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVersion
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVersion\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVersionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVersionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVendor
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVendor\f[]
please fill me in...
-.TP
-.BR Li ntpEntSystemType
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSystemType\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeResolution
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeResolution\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeResolutionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeResolutionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimePrecision
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimePrecision\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimePrecisionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimePrecisionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeDistance
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeDistance\f[]
please fill me in...
.PP
-This document corresponds to version 4.2.7p401 of NTP.
-.PP
+.sp \n(Ppu
+.ne 2
+
+This document corresponds to version 4.2.7p402 of NTP.
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:51 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:44 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
.Pp
All arguments must be options.
.Pp
.Xr ntpd 1ntpdmdoc .
.Sh "OPTIONS"
.Bl -tag
-.It \-n ", " \-\-nofork
+.It Fl n , Fl \-nofork
Do not fork.
.sp
-.It \-p ", " \-\-syslog
+.It Fl p , Fl \-syslog
Log to syslog().
.sp
-.It \-\-agentxsocket "=\fIstring\fP"
+.It Fl \-agentxsocket Ns = Ns Ar string
The socket address ntpsnmpd uses to connect to net\-snmpd.
-The default \fIstring\fP for this option is:
+The default
+.Ar string
+for this option is:
.ti +4
unix:/var/agentx/master
.sp
The default "agent X socket" is the Unix Domain socket
\fIunix:/var/agentx/master\fP.
Another common alternative is \fItcp:localhost:705\fP.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
please fill me in...
.El
.Pp
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntpsnmpd\fP
option definitions.
<p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code>
operations and determine performance. It uses the standard NTP mode 6 control
- <p>This document applies to version 4.2.7p401 of <code>ntpsnmpd</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntpsnmpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description
-.TH ntpsnmpd @NTPSNMPD_MS@ "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntpsnmpd @NTPSNMPD_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:45 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntpsnmpd-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LhaGNQ/ag-YhaGMQ)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:38 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpsnmpd-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntpsnmpd \- NTP SNMP MIB agent
+\f\*[B-Font]ntpsnmpd\fP
+\- NTP SNMP MIB agent
.SH SYNOPSIS
-.B ntpsnmpd
+\f\*[B-Font]ntpsnmpd\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..."
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]ntpsnmpd\fP
is an SNMP MIB agent designed to interface with
-.Xr ntpd @NTPD_MS@ .
+\fCntpd\fR(@NTPD_MS@)\f[].
.SH "OPTIONS"
.TP
-.BR \-n ", " \-\-nofork
+.NOP \f\*[B-Font]\-n\f[], \f\*[B-Font]\-\-nofork\f[]
Do not fork.
.sp
.TP
-.BR \-p ", " \-\-syslog
+.NOP \f\*[B-Font]\-p\f[], \f\*[B-Font]\-\-syslog\f[]
Log to syslog().
.sp
.TP
-.BR \-\-agentxsocket "=\fIstring\fP"
+.NOP \f\*[B-Font]\-\-agentxsocket\f[]=\f\*[I-Font]string\f[]
The socket address ntpsnmpd uses to connect to net-snmpd.
-The default \fIstring\fP for this option is:
+The default
+\f\*[I-Font]string\f[]
+for this option is:
.ti +4
unix:/var/agentx/master
.sp
\fIunix:/var/agentx/master\fP.
Another common alternative is \fItcp:localhost:705\fP.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
rm \-f $list
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.TH ntpsnmpd @NTPSNMPD_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LhaGNQ/ag-YhaGMQ)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:38 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntpsnmpd-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntpsnmpd\fP ntpsnmpd
+\- NTP SNMP MIB agent
.SH USAGE
-.B
+\f\*[B-Font]ntpsnmpd\fP
currently uses a private MIB OID,
-.Ql enterprises.5597 ,
+\[oq]enterprises.5597\[cq],
which is the Meinberg top level OEM OID, and
-.Ql 99
+\[oq]99\[cq]
is the temporary working space for this project.
The final OID has to be registered with IANA
and this is done by the RFC Editor
when the NTPv4 MIB RFC is standardized.
-.PP
+.sp \n(Ppu
+.ne 2
+
If you have
-.Xr snmpwalk 1
+\fCsnmpwalk\fR(1)\f[]
installed you can run
.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH AUTHORS
-.An "Heiko Gerstung"
+.NOP "Heiko Gerstung"
+.br
.SH "COPYRIGHT"
Copyright (C) 1970-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
The following objects are currently supported:
-.PP
-.TP
-.BR Li ntpEntSoftwareName
+.sp \n(Ppu
+.ne 2
+
+.TP 29
+.NOP \f[C]ntpEntSoftwareName\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVersion
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVersion\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVersionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVersionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntSoftwareVendor
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSoftwareVendor\f[]
please fill me in...
-.TP
-.BR Li ntpEntSystemType
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntSystemType\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeResolution
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeResolution\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeResolutionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeResolutionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimePrecision
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimePrecision\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimePrecisionVal
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimePrecisionVal\f[]
please fill me in...
-.TP
-.BR Li ntpEntTimeDistance
+.br
+.ns
+.TP 29
+.NOP \f[C]ntpEntTimeDistance\f[]
please fill me in...
.PP
-This document corresponds to version 4.2.7p401 of NTP.
-.PP
+.sp \n(Ppu
+.ne 2
+
+This document corresponds to version 4.2.7p402 of NTP.
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:32:51 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:08:44 PM by AutoGen 5.18.3pre5
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
.Pp
All arguments must be options.
.Pp
.Xr ntpd @NTPD_MS@ .
.Sh "OPTIONS"
.Bl -tag
-.It \-n ", " \-\-nofork
+.It Fl n , Fl \-nofork
Do not fork.
.sp
-.It \-p ", " \-\-syslog
+.It Fl p , Fl \-syslog
Log to syslog().
.sp
-.It \-\-agentxsocket "=\fIstring\fP"
+.It Fl \-agentxsocket Ns = Ns Ar string
The socket address ntpsnmpd uses to connect to net\-snmpd.
-The default \fIstring\fP for this option is:
+The default
+.Ar string
+for this option is:
.ti +4
unix:/var/agentx/master
.sp
The default "agent X socket" is the Unix Domain socket
\fIunix:/var/agentx/master\fP.
Another common alternative is \fItcp:localhost:705\fP.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
please fill me in...
.El
.Pp
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntpsnmpd\fP
option definitions.
# - Numeric values increment
# - empty 'increments' to 1
# - NEW 'increments' to empty
-point=401
+point=402
### betapoint is normally modified by script.
# ntp-stable Beta number (betapoint)
#
# EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi)
#
-# It has been AutoGen-ed December 22, 2013 at 10:04:28 AM by AutoGen 5.18.3pre7
+# It has been AutoGen-ed December 22, 2013 at 11:02:56 PM by AutoGen 5.18.3pre5
# From the definitions plot_summary-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
#
# EDIT THIS FILE WITH CAUTION (invoke-summary.texi)
#
-# It has been AutoGen-ed December 22, 2013 at 10:12:44 AM by AutoGen 5.18.3pre7
+# It has been AutoGen-ed December 22, 2013 at 11:03:02 PM by AutoGen 5.18.3pre5
# From the definitions summary-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
<title>Ntp-wait User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Ntp-wait User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">Ntp-wait User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<p>This document describes the use of the NTP Project's <code>ntp-wait</code> program.
and only then start any applicaitons (like database servers) that require
accurate and stable time.
- <p>This document applies to version 4.2.7p401 of <code>ntp-wait</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntp-wait</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</ul>
<div class="node">
-<a name="ntp-wait-Invocation"></a>
-<a name="ntp_002dwait-Invocation"></a>
<p><hr>
-
-
+<a name="ntp_002dwait-Invocation"></a>
+<br>
</div>
<h3 class="section">0.1 Invoking ntp-wait</h3>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp-wait</code> program.
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>: ntp-wait help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>: ntp-wait help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#ntp_002dwait-tries">ntp-wait tries</a>: tries option (-n)
<li><a accesskey="3" href="#ntp_002dwait-sleep">ntp-wait sleep</a>: sleep option (-s)
<li><a accesskey="4" href="#ntp_002dwait-verbose">ntp-wait verbose</a>: verbose option (-v)
</ul>
<div class="node">
-<a name="ntp-wait-usage"></a>
-<a name="ntp_002dwait-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-tries">ntp-wait tries</a>,
+
<a name="ntp_002dwait-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-tries">ntp-wait tries</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">0.1.1 ntp-wait help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">0.1.1 ntp-wait help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-ntp_002dwait-help-3"></a>
This is the automatically generated usage text for ntp-wait.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntp-wait - Wait for ntpd to stabilize the system clock
hyphen and the flag character.
</pre>
<div class="node">
-<a name="ntp-wait-tries"></a>
-<a name="ntp_002dwait-tries"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-sleep">ntp-wait sleep</a>,
+
<a name="ntp_002dwait-tries"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-sleep">ntp-wait sleep</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-usage">ntp-wait usage</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.2 tries option (-n)</h4>
The maximum number of times we will check <code>ntpd</code> to see if
it has been able to synchronize and stabilize the system clock.
<div class="node">
-<a name="ntp-wait-sleep"></a>
-<a name="ntp_002dwait-sleep"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-verbose">ntp-wait verbose</a>,
+
<a name="ntp_002dwait-sleep"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-verbose">ntp-wait verbose</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-tries">ntp-wait tries</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.3 sleep option (-s)</h4>
<p><a name="index-ntp_002dwait_002dsleep-5"></a>
This is the “how long to sleep between tries” option.
-This option takes a number argument <samp><span class="file">secs-between-tries</span></samp>.
- We will sleep for <samp><span class="file">secs-between-tries</span></samp> after each query
+This option takes a number argument <span class="file">secs-between-tries</span>.
+ We will sleep for <span class="file">secs-between-tries</span> after each query
of <code>ntpd</code> that returns "the time is not yet stable".
<div class="node">
-<a name="ntp-wait-verbose"></a>
-<a name="ntp_002dwait-verbose"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
+
<a name="ntp_002dwait-verbose"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-sleep">ntp-wait sleep</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.4 verbose option (-v)</h4>
By default, <code>ntp-wait</code> is silent.
With this option, <code>ntp-wait</code> will provide status information.
<div class="node">
-<a name="ntp-wait-exit-status"></a>
-<a name="ntp_002dwait-exit-status"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
+
<a name="ntp_002dwait-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-verbose">ntp-wait verbose</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.5 ntp-wait exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
<div class="node">
-<a name="ntp-wait-Authors"></a>
-<a name="ntp_002dwait-Authors"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Notes">ntp-wait Notes</a>,
+
<a name="ntp_002dwait-Authors"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Notes">ntp-wait Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.6 ntp-wait Authors</h4>
<div class="node">
-<a name="ntp-wait-Notes"></a>
-<a name="ntp_002dwait-Notes"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
+
<a name="ntp_002dwait-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.7 ntp-wait Notes</h4>
html_DATA = ntpsweep.html
+CLEANFILES = ntpsweep.1
+DISTCLEANFILES = config.log
+
noinst_DATA = \
ntpsweep.1 \
ntpsweep.1ntpsweepman \
<title>ntpsweep User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpsweep User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">ntpsweep User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-Description">ntpsweep Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-Description">ntpsweep Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<p>This document describes the use of the NTP Project's <code>ntpsweep</code> program.
- <p>This document applies to version 4.2.7p401 of <code>ntpsweep</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntpsweep</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</ul>
<div class="node">
-<a name="ntpsweep-Invocation"></a>
<p><hr>
-
-
+<a name="ntpsweep-Invocation"></a>
+<br>
</div>
<h3 class="section">0.1 Invoking ntpsweep</h3>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpsweep</code> program.
<ul class="menu">
-<li><a accesskey="1" href="#ntpsweep-usage">ntpsweep usage</a>: ntpsweep help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#ntpsweep-usage">ntpsweep usage</a>: ntpsweep help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#ntpsweep-host_002dlist">ntpsweep host-list</a>: host-list option (-l)
<li><a accesskey="3" href="#ntpsweep-peers">ntpsweep peers</a>: peers option (-p)
<li><a accesskey="4" href="#ntpsweep-maxlevel">ntpsweep maxlevel</a>: maxlevel option (-m)
</ul>
<div class="node">
-<a name="ntpsweep-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-host_002dlist">ntpsweep host-list</a>,
+
<a name="ntpsweep-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-host_002dlist">ntpsweep host-list</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">0.1.1 ntpsweep help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">0.1.1 ntpsweep help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-ntpsweep-help-3"></a>
This is the automatically generated usage text for ntpsweep.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpsweep - Print various informations about given ntp servers
hyphen and the flag character.
</pre>
<div class="node">
-<a name="ntpsweep-host-list"></a>
-<a name="ntpsweep-host_002dlist"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-peers">ntpsweep peers</a>,
+
<a name="ntpsweep-host_002dlist"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-peers">ntpsweep peers</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpsweep-usage">ntpsweep usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.2 host-list option (-l)</h4>
<p>Use this option to specify the host on which this script operates.
May appear multiple times.
<div class="node">
-<a name="ntpsweep-peers"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-maxlevel">ntpsweep maxlevel</a>,
+
<a name="ntpsweep-peers"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-maxlevel">ntpsweep maxlevel</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpsweep-host_002dlist">ntpsweep host-list</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.3 peers option (-p)</h4>
<p><a name="index-ntpsweep_002dpeers-5"></a>
This is the “recursively list all peers a host synchronizes to” option.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<div class="node">
-<a name="ntpsweep-maxlevel"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-strip">ntpsweep strip</a>,
+
<a name="ntpsweep-maxlevel"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-strip">ntpsweep strip</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpsweep-peers">ntpsweep peers</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.4 maxlevel option (-m)</h4>
<p><a name="index-ntpsweep_002dmaxlevel-6"></a>
This is the “traverse peers up to this level (4 is a reasonable number)” option.
This option takes a number argument.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<div class="node">
-<a name="ntpsweep-strip"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-host">ntpsweep host</a>,
+
<a name="ntpsweep-strip"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-host">ntpsweep host</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpsweep-maxlevel">ntpsweep maxlevel</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.5 strip option (-s)</h4>
<p><a name="index-ntpsweep_002dstrip-7"></a>
This is the “strip this string from hostnames” option.
This option takes a string argument.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<div class="node">
-<a name="ntpsweep-host"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpsweep-exit-status">ntpsweep exit status</a>,
+
<a name="ntpsweep-host"></a>Next: <a rel="next" accesskey="n" href="#ntpsweep-exit-status">ntpsweep exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpsweep-strip">ntpsweep strip</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.6 host option (-h)</h4>
<p><a name="index-ntpsweep_002dhost-8"></a>
This is the “specify a single host” option.
This option takes a string argument.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<p><strong>NOTE</strong><strong>: THIS OPTION IS DEPRECATED</strong>
<div class="node">
-<a name="ntpsweep-exit-status"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#ntpsweep-host">ntpsweep host</a>,
+
<a name="ntpsweep-exit-status"></a>Previous: <a rel="previous" accesskey="p" href="#ntpsweep-host">ntpsweep host</a>,
Up: <a rel="up" accesskey="u" href="#ntpsweep-Invocation">ntpsweep Invocation</a>
-
+<br>
</div>
<h4 class="subsection">0.1.7 ntpsweep exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
</body></html>
<title>Ntptrace User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Ntptrace User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">Ntptrace User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntptrace-Description">ntptrace Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntptrace-Description">ntptrace Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<h2 class="unnumbered">Simple Network Time Protocol User Manual</h2>
<p>This document describes the use of the NTP Project's <code>ntptrace</code> program.
-This document applies to version 4.2.7p401 of <code>ntptrace</code>.
+This document applies to version 4.2.7p402 of <code>ntptrace</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</ul>
<div class="node">
-<a name="ntptrace-Invocation"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#ntptrace-Description">ntptrace Description</a>,
+
<a name="ntptrace-Invocation"></a>Previous: <a rel="previous" accesskey="p" href="#ntptrace-Description">ntptrace Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-
+<br>
</div>
<h3 class="section">Invoking ntptrace</h3>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntptrace</code> program.
<ul class="menu">
-<li><a accesskey="1" href="#ntptrace-usage">ntptrace usage</a>: ntptrace help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#ntptrace-usage">ntptrace usage</a>: ntptrace help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#ntptrace-numeric">ntptrace numeric</a>: numeric option (-n)
<li><a accesskey="3" href="#ntptrace-max_002dhosts">ntptrace max-hosts</a>: max-hosts option (-m)
<li><a accesskey="4" href="#ntptrace-host">ntptrace host</a>: host option (-r)
</ul>
<div class="node">
-<a name="ntptrace-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntptrace-numeric">ntptrace numeric</a>,
+
<a name="ntptrace-usage"></a>Next: <a rel="next" accesskey="n" href="#ntptrace-numeric">ntptrace numeric</a>,
Up: <a rel="up" accesskey="u" href="#ntptrace-Invocation">ntptrace Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">ntptrace help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">ntptrace help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-ntptrace-help-3"></a>
This is the automatically generated usage text for ntptrace.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntptrace - Trace peers of an NTP server
hyphen and the flag character.
</pre>
<div class="node">
-<a name="ntptrace-numeric"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntptrace-max_002dhosts">ntptrace max-hosts</a>,
+
<a name="ntptrace-numeric"></a>Next: <a rel="next" accesskey="n" href="#ntptrace-max_002dhosts">ntptrace max-hosts</a>,
Previous: <a rel="previous" accesskey="p" href="#ntptrace-usage">ntptrace usage</a>,
Up: <a rel="up" accesskey="u" href="#ntptrace-Invocation">ntptrace Invocation</a>
-
+<br>
</div>
<h4 class="subsection">numeric option (-n)</h4>
Output hosts as dotted-quad numeric format rather than converting to
the canonical host names.
<div class="node">
-<a name="ntptrace-max-hosts"></a>
-<a name="ntptrace-max_002dhosts"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntptrace-host">ntptrace host</a>,
+
<a name="ntptrace-max_002dhosts"></a>Next: <a rel="next" accesskey="n" href="#ntptrace-host">ntptrace host</a>,
Previous: <a rel="previous" accesskey="p" href="#ntptrace-numeric">ntptrace numeric</a>,
Up: <a rel="up" accesskey="u" href="#ntptrace-Invocation">ntptrace Invocation</a>
-
+<br>
</div>
<h4 class="subsection">max-hosts option (-m)</h4>
<p><a name="index-ntptrace_002dmax_002dhosts-5"></a>
This is the “maximum number of peers to trace” option.
This option takes a number argument.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<div class="node">
-<a name="ntptrace-host"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntptrace-exit-status">ntptrace exit status</a>,
+
<a name="ntptrace-host"></a>Next: <a rel="next" accesskey="n" href="#ntptrace-exit-status">ntptrace exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntptrace-max_002dhosts">ntptrace max-hosts</a>,
Up: <a rel="up" accesskey="u" href="#ntptrace-Invocation">ntptrace Invocation</a>
-
+<br>
</div>
<h4 class="subsection">host option (-r)</h4>
<p><a name="index-ntptrace_002dhost-6"></a>
This is the “single remote host” option.
This option takes a string argument.
-This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
+This option has no <span class="samp">doc</span> documentation.
<div class="node">
-<a name="ntptrace-exit-status"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#ntptrace-host">ntptrace host</a>,
+
<a name="ntptrace-exit-status"></a>Previous: <a rel="previous" accesskey="p" href="#ntptrace-host">ntptrace host</a>,
Up: <a rel="up" accesskey="u" href="#ntptrace-Invocation">ntptrace Invocation</a>
-
+<br>
</div>
<h4 class="subsection">ntptrace exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
</body></html>
.ds R-Font R
.TH plot_summary 1plot_summaryman "22 Dec 2013" "" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (in-mem file)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tla4MG/ag-6laiMG)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:04:41 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:02:58 PM by AutoGen 5.18.3pre5
.\" From the definitions plot_summary-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.PP
+.TH plot_summary 1plot_summaryman "22 Dec 2013" "" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tla4MG/ag-6laiMG)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:02:58 PM by AutoGen 5.18.3pre5
+.\" From the definitions plot_summary-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]plot_summary\fP plot_summary
+\- plot statistics generated by summary script
+There is no description for this command.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.Dd December 22 2013
.Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
-.Os FreeBSD 6.4-STABLE
+.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:04:50 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:00 PM by AutoGen 5.18.3pre5
.\" From the definitions plot_summary-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.It Fl \-more\-help
Pass the extended usage information through a pager.
.El
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
+There is no description for this command.
.Sh "EXIT STATUS"
One of the following exit values will be returned:
.Bl -tag
<title>Plot_summary User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Plot_summary User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">Plot_summary User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-Description">plot_summary Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-Description">plot_summary Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<h2 class="unnumbered">Plot_summary User Manual</h2>
<p>This document describes the use of the NTP Project's <code>plot_summary</code> program.
-This document applies to version 4.2.7p401 of <code>plot_summary</code>.
+This document applies to version 4.2.7p402 of <code>plot_summary</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</ul>
<div class="node">
-<a name="plot_summary-Invocation"></a>
-<a name="plot_005fsummary-Invocation"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-Description">plot_summary Description</a>,
+
<a name="plot_005fsummary-Invocation"></a>Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-Description">plot_summary Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-
+<br>
</div>
<h3 class="section">Invoking plot_summary</h3>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>plot_summary</code> program.
<ul class="menu">
-<li><a accesskey="1" href="#plot_005fsummary-usage">plot_summary usage</a>: plot_summary help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#plot_005fsummary-usage">plot_summary usage</a>: plot_summary help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#plot_005fsummary-directory">plot_summary directory</a>: directory option
<li><a accesskey="3" href="#plot_005fsummary-identifier">plot_summary identifier</a>: identifier option
<li><a accesskey="4" href="#plot_005fsummary-peer">plot_summary peer</a>: peer option
</ul>
<div class="node">
-<a name="plot_summary-usage"></a>
-<a name="plot_005fsummary-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-directory">plot_summary directory</a>,
+
<a name="plot_005fsummary-usage"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-directory">plot_summary directory</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">plot_summary help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">plot_summary help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-plot_005fsummary-help-3"></a>
This is the automatically generated usage text for plot_summary.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">plot_summary - plot statistics generated by summary script
hyphen and the flag character.
</pre>
<div class="node">
-<a name="plot_summary-directory"></a>
-<a name="plot_005fsummary-directory"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-identifier">plot_summary identifier</a>,
+
<a name="plot_005fsummary-directory"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-identifier">plot_summary identifier</a>,
Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-usage">plot_summary usage</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">directory option</h4>
The directory where the <code>plot_summary</code> will search for the
*_summary files generated by <code>summary</code> script.
<div class="node">
-<a name="plot_summary-identifier"></a>
-<a name="plot_005fsummary-identifier"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-peer">plot_summary peer</a>,
+
<a name="plot_005fsummary-identifier"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-peer">plot_summary peer</a>,
Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-directory">plot_summary directory</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">identifier option</h4>
Where does the plotted data come from, default to string "host" plus
current hostname
<div class="node">
-<a name="plot_summary-peer"></a>
-<a name="plot_005fsummary-peer"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-plot_002dterm">plot_summary plot-term</a>,
+
<a name="plot_005fsummary-peer"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-plot_002dterm">plot_summary plot-term</a>,
Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-identifier">plot_summary identifier</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">peer option</h4>
<p>By default the peer_summary plots are not generated. Use this option to
specify list of peers if you want to generate plots for them.
<div class="node">
-<a name="plot_summary-plot-term"></a>
-<a name="plot_005fsummary-plot_002dterm"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-output_002dfile">plot_summary output-file</a>,
+
<a name="plot_005fsummary-plot_002dterm"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-output_002dfile">plot_summary output-file</a>,
Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-peer">plot_summary peer</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">plot-term option</h4>
<code>dumb</code> is it's not'. See output from -e "set
terminal") for the list of avalaible options.
<div class="node">
-<a name="plot_summary-output-file"></a>
-<a name="plot_005fsummary-output_002dfile"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#plot_005fsummary-exit-status">plot_summary exit status</a>,
+
<a name="plot_005fsummary-output_002dfile"></a>Next: <a rel="next" accesskey="n" href="#plot_005fsummary-exit-status">plot_summary exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-plot_002dterm">plot_summary plot-term</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">output-file option</h4>
This option takes a str argument.
Output file for <code>gnuplot</code>, default to stdout.
<div class="node">
-<a name="plot_summary-exit-status"></a>
-<a name="plot_005fsummary-exit-status"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-output_002dfile">plot_summary output-file</a>,
+
<a name="plot_005fsummary-exit-status"></a>Previous: <a rel="previous" accesskey="p" href="#plot_005fsummary-output_002dfile">plot_summary output-file</a>,
Up: <a rel="up" accesskey="u" href="#plot_005fsummary-Invocation">plot_summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">plot_summary exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
</body></html>
.ds R-Font R
.TH plot_summary 1plot_summaryman "22 Dec 2013" "" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (in-mem file)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tla4MG/ag-6laiMG)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:04:41 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:02:58 PM by AutoGen 5.18.3pre5
.\" From the definitions plot_summary-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.PP
+.TH plot_summary 1plot_summaryman "22 Dec 2013" "" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Tla4MG/ag-6laiMG)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:02:58 PM by AutoGen 5.18.3pre5
+.\" From the definitions plot_summary-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]plot_summary\fP plot_summary
+\- plot statistics generated by summary script
+There is no description for this command.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.Dd December 22 2013
.Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
-.Os FreeBSD 6.4-STABLE
+.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:04:50 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:00 PM by AutoGen 5.18.3pre5
.\" From the definitions plot_summary-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.It Fl \-more\-help
Pass the extended usage information through a pager.
.El
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
+There is no description for this command.
.Sh "EXIT STATUS"
One of the following exit values will be returned:
.Bl -tag
.ds R-Font R
.TH summary 1summaryman "22 Dec 2013" "" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (in-mem file)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lLaO3G/ag-yLa42G)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:13:06 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:04 PM by AutoGen 5.18.3pre5
.\" From the definitions summary-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.PP
+.TH summary 1summaryman "22 Dec 2013" "" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lLaO3G/ag-yLa42G)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:04 PM by AutoGen 5.18.3pre5
+.\" From the definitions summary-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]summary\fP summary
+\- compute various stastics from NTP stat files
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.Dd December 22 2013
.Dt SUMMARY 1summarymdoc User Commands
-.Os FreeBSD 6.4-STABLE
+.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:13:19 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:06 PM by AutoGen 5.18.3pre5
.\" From the definitions summary-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.It Fl \-more\-help
Pass the extended usage information through a pager.
.El
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.Sh "EXIT STATUS"
One of the following exit values will be returned:
.Bl -tag
<title>Summary User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Summary User's Manual">
-<meta name="generator" content="makeinfo 4.13">
+<meta name="generator" content="makeinfo 4.7">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family:serif; font-weight:normal; }
- span.sansserif { font-family:sans-serif; font-weight:normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family: serif; font-weight: normal; }
--></style>
</head>
<body>
<h1 class="settitle">Summary User's Manual</h1>
<div class="node">
-<a name="Top"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-Description">summary Description</a>,
+
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#summary-Description">summary Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
+<br>
</div>
<h2 class="unnumbered">Summary User Manual</h2>
<p>This document describes the use of the NTP Project's <code>summary</code> program.
-This document applies to version 4.2.7p401 of <code>summary</code>.
+This document applies to version 4.2.7p402 of <code>summary</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
</ul>
<div class="node">
-<a name="summary-Invocation"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#summary-Description">summary Description</a>,
+
<a name="summary-Invocation"></a>Previous: <a rel="previous" accesskey="p" href="#summary-Description">summary Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-
+<br>
</div>
<h3 class="section">Invoking summary</h3>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>summary</code> program.
<ul class="menu">
-<li><a accesskey="1" href="#summary-usage">summary usage</a>: summary help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="1" href="#summary-usage">summary usage</a>: summary help/usage (<span class="option">--help</span>)
<li><a accesskey="2" href="#summary-directory">summary directory</a>: directory option
<li><a accesskey="3" href="#summary-end_002ddate">summary end-date</a>: end-date option
<li><a accesskey="4" href="#summary-output_002ddirectory">summary output-directory</a>: output-directory option
</ul>
<div class="node">
-<a name="summary-usage"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-directory">summary directory</a>,
+
<a name="summary-usage"></a>Next: <a rel="next" accesskey="n" href="#summary-directory">summary directory</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
-<h4 class="subsection">summary help/usage (<samp><span class="option">--help</span></samp>)</h4>
+<h4 class="subsection">summary help/usage (<span class="option">--help</span>)</h4>
<p><a name="index-summary-help-3"></a>
This is the automatically generated usage text for summary.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">summary - compute various stastics from NTP stat files
hyphen and the flag character.
</pre>
<div class="node">
-<a name="summary-directory"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-end_002ddate">summary end-date</a>,
+
<a name="summary-directory"></a>Next: <a rel="next" accesskey="n" href="#summary-end_002ddate">summary end-date</a>,
Previous: <a rel="previous" accesskey="p" href="#summary-usage">summary usage</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">directory option</h4>
The directory where <code>ntpd</code> will search for .stat files generated
by <code>ntpd</code>.
<div class="node">
-<a name="summary-end-date"></a>
-<a name="summary-end_002ddate"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-output_002ddirectory">summary output-directory</a>,
+
<a name="summary-end_002ddate"></a>Next: <a rel="next" accesskey="n" href="#summary-output_002ddirectory">summary output-directory</a>,
Previous: <a rel="previous" accesskey="p" href="#summary-directory">summary directory</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">end-date option</h4>
option. Defaults to today minus one day (Use <code>date -u +%Y%m%d</code>)
to get the timestamp.
<div class="node">
-<a name="summary-output-directory"></a>
-<a name="summary-output_002ddirectory"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-start_002ddate">summary start-date</a>,
+
<a name="summary-output_002ddirectory"></a>Next: <a rel="next" accesskey="n" href="#summary-start_002ddate">summary start-date</a>,
Previous: <a rel="previous" accesskey="p" href="#summary-end_002ddate">summary end-date</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">output-directory option</h4>
This option takes a str argument.
The output directory <code>summary</code> will write all output files to.
<div class="node">
-<a name="summary-start-date"></a>
-<a name="summary-start_002ddate"></a>
<p><hr>
-Next: <a rel="next" accesskey="n" href="#summary-exit-status">summary exit status</a>,
+
<a name="summary-start_002ddate"></a>Next: <a rel="next" accesskey="n" href="#summary-exit-status">summary exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#summary-output_002ddirectory">summary output-directory</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">start-date option</h4>
Process all files with the date suffix more or equal to value of
this option. Defaults to 197000101.
<div class="node">
-<a name="summary-exit-status"></a>
<p><hr>
-Previous: <a rel="previous" accesskey="p" href="#summary-start_002ddate">summary start-date</a>,
+
<a name="summary-exit-status"></a>Previous: <a rel="previous" accesskey="p" href="#summary-start_002ddate">summary start-date</a>,
Up: <a rel="up" accesskey="u" href="#summary-Invocation">summary Invocation</a>
-
+<br>
</div>
<h4 class="subsection">summary exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
-<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
+<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
</dl>
</body></html>
.ds R-Font R
.TH summary 1summaryman "22 Dec 2013" "" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (in-mem file)
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lLaO3G/ag-yLa42G)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:13:06 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:04 PM by AutoGen 5.18.3pre5
.\" From the definitions summary-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.NOP \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.PP
+.TH summary 1summaryman "22 Dec 2013" "" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lLaO3G/ag-yLa42G)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:04 PM by AutoGen 5.18.3pre5
+.\" From the definitions summary-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]summary\fP summary
+\- compute various stastics from NTP stat files
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.Dd December 22 2013
.Dt SUMMARY 1summarymdoc User Commands
-.Os FreeBSD 6.4-STABLE
+.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2013 at 10:13:19 AM by AutoGen 5.18.3pre7
+.\" It has been AutoGen-ed December 22, 2013 at 11:03:06 PM by AutoGen 5.18.3pre5
.\" From the definitions summary-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.It Fl \-more\-help
Pass the extended usage information through a pager.
.El
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+/usr/local/gnu/bin/grep \-E \-v '^[ ]*$' .doc | $cvt_prog
.Sh "EXIT STATUS"
One of the following exit values will be returned:
.Bl -tag
#
# EDIT THIS FILE WITH CAUTION (invoke-sntp.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:34:05 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:09:28 PM by AutoGen 5.18.3pre5
# From the definitions sntp-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
based on the reported precision of the server.
@code{'+/- 0.089'}
is the reported
-@emph{ synchronization distance}
+@emph{synchronization} @emph{distance}
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
@code{'+/- ?'}.
If the
-@emph{ host}
+@emph{host}
is different from the
-@emph{ IP,}
+@emph{IP},
both will be displayed.
Otherwise, only the
-@emph{ IP}
+@emph{IP}
is displayed.
Finally, the
-@emph{ stratum}
+@emph{stratum}
of the host is reported.
This section was generated by @strong{AutoGen},
@exampleindent 0
@example
-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p401
+sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p402
Usage: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:18:27 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:00:07 PM by AutoGen 5.18.3pre5
* From the definitions sntp-opts.def
* and the template file options
*
* static const strings for sntp options
*/
static char const sntp_opt_strs[2499] =
-/* 0 */ "sntp 4.2.7p401\n"
+/* 0 */ "sntp 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2244 */ "LOAD_OPTS\0"
/* 2254 */ "no-load-opts\0"
/* 2267 */ "SNTP\0"
-/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p401\n"
+/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ hostname-or-IP ...]\n\0"
/* 2433 */ "$HOME\0"
/* 2441 */ ".ntprc\0"
/* 2448 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2482 */ "\n\0"
-/* 2484 */ "sntp 4.2.7p401";
+/* 2484 */ "sntp 4.2.7p402";
/**
* ipv4 option description with
translate option names.
*/
/* referenced via sntpOptions.pzCopyright */
- puts(_("sntp 4.2.7p401\n\
+ puts(_("sntp 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("load options from a config file"));
/* referenced via sntpOptions.pzUsageTitle */
- puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p401\n\
+ puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ hostname-or-IP ...]\n"));
puts(_("\n"));
/* referenced via sntpOptions.pzFullVersion */
- puts(_("sntp 4.2.7p401"));
+ puts(_("sntp 4.2.7p402"));
/* referenced via sntpOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:18:26 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:00:06 PM by AutoGen 5.18.3pre5
* From the definitions sntp-opts.def
* and the template file options
*
/** count of all options for sntp */
#define OPTION_CT 23
/** sntp version */
-#define SNTP_VERSION "4.2.7p401"
+#define SNTP_VERSION "4.2.7p402"
/** Full sntp version text */
-#define SNTP_FULL_VERSION "sntp 4.2.7p401"
+#define SNTP_FULL_VERSION "sntp 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH sntp 1sntpman "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH sntp 1sntpman "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:34:01 AM by AutoGen 5.18.3pre5
-.\" From the definitions sntp-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mHaqeU/ag-yHaqdU)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:24 PM by AutoGen 5.18.3pre5
+.\" From the definitions sntp-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-sntp \- standard Simple Network Time Protocol client program
+\f\*[B-Font]sntp\fP
+\- standard Simple Network Time Protocol client program
.SH SYNOPSIS
-.B sntp
+\f\*[B-Font]sntp\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ hostname-or-IP ...]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ hostname-or-IP ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]sntp\fP
can be used as an SNTP client to query a NTP or SNTP server and either display
the time or set the local system's time (given suitable privilege). It can be
run as an interactive command or from a
-.Ic cron
+\f\*[B-Font]cron\f[]
job.
NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
are defined and described by RFC 5905.
-.PP
+.sp \n(Ppu
+.ne 2
+
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
-.Ic "'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'"
+\f\*[B-Font]'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'\f[]
where the
-.Ic "'(+0800)'"
+\f\*[B-Font]'(+0800)'\f[]
means that to get to UTC from the reported local time one must
add 8 hours and 0 minutes,
the
-.Ic "'+4.567'"
+\f\*[B-Font]'+4.567'\f[]
indicates the local clock is 4.567 seconds behind the correct time
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic "'+/- 0.089'"
+\f\*[B-Font]'+/- 0.089'\f[]
is the reported
-.I synchronization distance
+\fIsynchronization\f[] \fIdistance\f[]
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic "'+/- ?'" .
+\f\*[B-Font]'+/- ?'\f[].
If the
-.I host
+\fIhost\f[]
is different from the
-.I IP ,
+\fIIP\f[],
both will be displayed.
Otherwise, only the
-.I IP
+\fIIP\f[]
is displayed.
Finally, the
-.I stratum
+\fIstratum\f[]
of the host is reported.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of the following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a " \fIauth\-keynumber\fP, " \-\-authentication "=" \fIauth\-keynumber\fP
+.NOP \f\*[B-Font]\-a\f[] \f\*[I-Font]auth\-keynumber\f[], \f\*[B-Font]\-\-authentication\f[]=\f\*[I-Font]auth\-keynumber\f[]
Enable authentication with the key \fBauth-keynumber\fP.
This option takes an integer number as its argument.
.sp
number specified in the \fBkeyfile\fP as this key's identifier.
See the \fBkeyfile\fP option (\fB-k\fP) for more details.
.TP
-.BR \-b " \fIbroadcast\-address\fP, " \-\-broadcast "=" \fIbroadcast\-address\fP
+.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]broadcast\-address\f[], \f\*[B-Font]\-\-broadcast\f[]=\f\*[I-Font]broadcast\-address\f[]
Listen to the address specified for broadcast time sync.
This option may appear an unlimited number of times.
.sp
for NTP broadcasts. The default maximum wait time
can (and probably should) be modified with \fB-t\fP.
.TP
-.BR \-c " \fIhost\-name\fP, " \-\-concurrent "=" \fIhost\-name\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]host\-name\f[], \f\*[B-Font]\-\-concurrent\f[]=\f\*[I-Font]host\-name\f[]
Concurrently query all IPs returned for host-name.
This option may appear an unlimited number of times.
.sp
returned for the DNS lookup of the supplied host-name are on
different machines, so we can send concurrent queries.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
+.NOP \f\*[B-Font]\-g\f[] \f\*[I-Font]milliseconds\f[], \f\*[B-Font]\-\-gap\f[]=\f\*[I-Font]milliseconds\f[]
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
-The default \fImilliseconds\fP for this option is:
+The default
+\f\*[I-Font]milliseconds\f[]
+for this option is:
.ti +4
50
.sp
separate the queries we send out by the specified number of
milliseconds.
.TP
-.BR \-K " \fIfile\-name\fP, " \-\-kod "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-K\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-kod\f[]=\f\*[I-Font]file\-name\f[]
KoD history filename.
-The default \fIfile\-name\fP for this option is:
+The default
+\f\*[I-Font]file\-name\f[]
+for this option is:
.ti +4
/var/db/ntp-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
.TP
-.BR \-k " \fIfile\-name\fP, " \-\-keyfile "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-k\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-keyfile\f[]=\f\*[I-Font]file\-name\f[]
Look in this file for the key specified with \fB-a\fP.
.sp
This option specifies the keyfile.
\fIkeyno\fP in this file. See \fBntp.keys(5)\fP for more
information.
.TP
-.BR \-l " \fIfile\-name\fP, " \-\-logfile "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-logfile\f[]=\f\*[I-Font]file\-name\f[]
Log to specified logfile.
.sp
This option causes the client to write log messages to the specified
\fIlogfile\fP.
.TP
-.BR \-M " \fInumber\fP, " \-\-steplimit "=" \fInumber\fP
+.NOP \f\*[B-Font]\-M\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-steplimit\f[]=\f\*[I-Font]number\f[]
Adjustments less than \fBsteplimit\fP msec will be slewed.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
.in +4
.nf
.na
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
correction using \fBsettimeofday(2)\fP.
.TP
-.BR \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
+.NOP \f\*[B-Font]\-o\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-ntpversion\f[]=\f\*[I-Font]number\f[]
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
.in +4
.nf
.na
in the range 0 through 7
.fi
.in -4
-The default \fInumber\fP for this option is:
+The default
+\f\*[I-Font]number\f[]
+for this option is:
.ti +4
4
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
.TP
-.BR \-r ", " \-\-usereservedport
+.NOP \f\*[B-Font]\-r\f[], \f\*[B-Font]\-\-usereservedport\f[]
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
.TP
-.BR \-S ", " \-\-step
+.NOP \f\*[B-Font]\-S\f[], \f\*[B-Font]\-\-step\f[]
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
.TP
-.BR \-s ", " \-\-slew
+.NOP \f\*[B-Font]\-s\f[], \f\*[B-Font]\-\-slew\f[]
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
.TP
-.BR \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
+.NOP \f\*[B-Font]\-t\f[] \f\*[I-Font]seconds\f[], \f\*[B-Font]\-\-timeout\f[]=\f\*[I-Font]seconds\f[]
The number of seconds to wait for responses.
This option takes an integer number as its argument.
-The default \fIseconds\fP for this option is:
+The default
+\f\*[I-Font]seconds\f[]
+for this option is:
.ti +4
5
.sp
only waiting for a broadcast response a longer timeout is
likely needed.
.TP
-.BR \-\-wait, " \fB\-\-no\-wait\fP"
+.NOP \f\*[B-Font]\-\-wait\f[], \f\*[B-Font]\- Fl \-no\-wait\f[]
Wait for pending replies (if not setting the time).
The \fIno\-wait\fP form will disable the option.
This option is enabled by default.
.sp
If we are not setting the time, wait for all pending responses.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
rm \-f $list
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.TH sntp 1sntpman "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mHaqeU/ag-yHaqdU)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:24 PM by AutoGen 5.18.3pre5
+.\" From the definitions sntp-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]sntp\fP sntp
+\- standard Simple Network Time Protocol client program
.SH USAGE
-.TP
-.BR Li "sntp ntpserver.somewhere"
+.TP 7
+.NOP \f[C]sntp ntpserver.somewhere\f[]
is the simplest use of this program
and can be run as an unprivileged command
to check the current time and error in the local clock.
-.TP
-.BR Li "sntp \-a ntpserver.somewhere"
+.TP 7
+.NOP \f[C]sntp \-a ntpserver.somewhere\f[]
With suitable privilege,
run as a command
or from a
-.Xr cron 8
+\fCcron\fR(8)\f[]
job,
-.Ic "sntp \-a"
+\f\*[B-Font]sntp \-a\f[]
will reset the local clock from a synchronized specified server,
like the (deprecated)
-.Xr ntpdate 1ntpdatemdoc ,
+\fCntpdate\fR(1ntpdatemdoc)\f[],
or
-.Xr rdate 8
+\fCrdate\fR(8)\f[]
commands.
+.PP
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH AUTHORS
-.An "Johannes Maximilian Kuehn"
-.An "Harlan Stenn"
-.An "Dave Hart"
+.NOP "Johannes Maximilian Kuehn"
+.br
+.NOP "Harlan Stenn"
+.br
+.NOP "Dave Hart"
+.br
.SH "COPYRIGHT"
Copyright (C) 1970-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of
-.B .
-.PP
+This document corresponds to version 4.2.7p402 of
+\f\*[B-Font]sntp\fP.
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt SNTP 1sntpmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:34:08 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:31 PM by AutoGen 5.18.3pre5
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ hostname\-or\-IP ...]
.Pp
.Sh DESCRIPTION
of the host is reported.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of the following host names on the command line
to the IPv6 namespace.
-.It \-a " \fIauth\-keynumber\fP, " \-\-authentication "=" \fIauth\-keynumber\fP
+.It Fl a Ar auth\-keynumber , Fl \-authentication Ns = Ns Ar auth\-keynumber
Enable authentication with the key \fBauth\-keynumber\fP.
This option takes an integer number as its argument.
.sp
argument. The argument of this option is the \fBkeyid\fP, a
number specified in the \fBkeyfile\fP as this key's identifier.
See the \fBkeyfile\fP option (\fB\-k\fP) for more details.
-.It \-b " \fIbroadcast\-address\fP, " \-\-broadcast "=" \fIbroadcast\-address\fP
+.It Fl b Ar broadcast\-address , Fl \-broadcast Ns = Ns Ar broadcast\-address
Listen to the address specified for broadcast time sync.
This option may appear an unlimited number of times.
.sp
If specified \fBsntp\fP will listen to the specified address
for NTP broadcasts. The default maximum wait time
can (and probably should) be modified with \fB\-t\fP.
-.It \-c " \fIhost\-name\fP, " \-\-concurrent "=" \fIhost\-name\fP
+.It Fl c Ar host\-name , Fl \-concurrent Ns = Ns Ar host\-name
Concurrently query all IPs returned for host\-name.
This option may appear an unlimited number of times.
.sp
The \fB\-c\fP or \fB\-\-concurrent\fP flag says that any IPs
returned for the DNS lookup of the supplied host\-name are on
different machines, so we can send concurrent queries.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
+.It Fl g Ar milliseconds , Fl \-gap Ns = Ns Ar milliseconds
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
-The default \fImilliseconds\fP for this option is:
+The default
+.Ar milliseconds
+for this option is:
.ti +4
50
.sp
there is benefit to specifying a good number of servers to query,
separate the queries we send out by the specified number of
milliseconds.
-.It \-K " \fIfile\-name\fP, " \-\-kod "=" \fIfile\-name\fP
+.It Fl K Ar file\-name , Fl \-kod Ns = Ns Ar file\-name
KoD history filename.
-The default \fIfile\-name\fP for this option is:
+The default
+.Ar file\-name
+for this option is:
.ti +4
/var/db/ntp\-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
-.It \-k " \fIfile\-name\fP, " \-\-keyfile "=" \fIfile\-name\fP
+.It Fl k Ar file\-name , Fl \-keyfile Ns = Ns Ar file\-name
Look in this file for the key specified with \fB\-a\fP.
.sp
This option specifies the keyfile.
\fBsntp\fP will search for the key specified with \fB\-a\fP
\fIkeyno\fP in this file. See \fBntp.keys(5)\fP for more
information.
-.It \-l " \fIfile\-name\fP, " \-\-logfile "=" \fIfile\-name\fP
+.It Fl l Ar file\-name , Fl \-logfile Ns = Ns Ar file\-name
Log to specified logfile.
.sp
This option causes the client to write log messages to the specified
\fIlogfile\fP.
-.It \-M " \fInumber\fP, " \-\-steplimit "=" \fInumber\fP
+.It Fl M Ar number , Fl \-steplimit Ns = Ns Ar number
Adjustments less than \fBsteplimit\fP msec will be slewed.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+.Ar number
+is constrained to being:
.in +4
.nf
.na
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
correction using \fBsettimeofday(2)\fP.
-.It \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
+.It Fl o Ar number , Fl \-ntpversion Ns = Ns Ar number
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+.Ar number
+is constrained to being:
.in +4
.nf
.na
in the range 0 through 7
.fi
.in -4
-The default \fInumber\fP for this option is:
+The default
+.Ar number
+for this option is:
.ti +4
4
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
-.It \-r ", " \-\-usereservedport
+.It Fl r , Fl \-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
-.It \-S ", " \-\-step
+.It Fl S , Fl \-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
-.It \-s ", " \-\-slew
+.It Fl s , Fl \-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
-.It \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
+.It Fl t Ar seconds , Fl \-timeout Ns = Ns Ar seconds
The number of seconds to wait for responses.
This option takes an integer number as its argument.
-The default \fIseconds\fP for this option is:
+The default
+.Ar seconds
+for this option is:
.ti +4
5
.sp
more than enough for a unicast response. If \fBsntp\fP is
only waiting for a broadcast response a longer timeout is
likely needed.
-.It \-\-wait, " \fB\-\-no\-wait\fP"
+.It Fl \-wait , " Fl \-no\-wait"
Wait for pending replies (if not setting the time).
The \fIno\-wait\fP form will disable the option.
This option is enabled by default.
.sp
If we are not setting the time, wait for all pending responses.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of
+This document corresponds to version 4.2.7p402 of
.Nm .
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBsntp\fP
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p401 of <code>sntp</code>.
+ <p>This document applies to version 4.2.7p402 of <code>sntp</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
based on the reported precision of the server.
<code>'+/- 0.089'</code>
is the reported
-<em> synchronization distance</em>
+<em>synchronization</em> <em>distance</em>
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
<code>'+/- ?'</code>.
If the
-<em> host</em>
+<em>host</em>
is different from the
-<em> IP,</em>
+<em>IP</em>,
both will be displayed.
Otherwise, only the
-<em> IP</em>
+<em>IP</em>
is displayed.
Finally, the
-<em> stratum</em>
+<em>stratum</em>
of the host is reported.
<p>This section was generated by <strong>AutoGen</strong>,
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p401
+<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p402
Usage: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
-.TH sntp @SNTP_MS@ "30 Nov 2013" "4.2.7p401" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH sntp @SNTP_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:34:01 AM by AutoGen 5.18.3pre5
-.\" From the definitions sntp-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mHaqeU/ag-yHaqdU)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:24 PM by AutoGen 5.18.3pre5
+.\" From the definitions sntp-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-sntp \- standard Simple Network Time Protocol client program
+\f\*[B-Font]sntp\fP
+\- standard Simple Network Time Protocol client program
.SH SYNOPSIS
-.B sntp
+\f\*[B-Font]sntp\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..." " " "[ hostname-or-IP ...]"
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+[ hostname-or-IP ...]
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
-.B
+\f\*[B-Font]sntp\fP
can be used as an SNTP client to query a NTP or SNTP server and either display
the time or set the local system's time (given suitable privilege). It can be
run as an interactive command or from a
-.Ic cron
+\f\*[B-Font]cron\f[]
job.
NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
are defined and described by RFC 5905.
-.PP
+.sp \n(Ppu
+.ne 2
+
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
-.Ic "'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'"
+\f\*[B-Font]'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'\f[]
where the
-.Ic "'(+0800)'"
+\f\*[B-Font]'(+0800)'\f[]
means that to get to UTC from the reported local time one must
add 8 hours and 0 minutes,
the
-.Ic "'+4.567'"
+\f\*[B-Font]'+4.567'\f[]
indicates the local clock is 4.567 seconds behind the correct time
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic "'+/- 0.089'"
+\f\*[B-Font]'+/- 0.089'\f[]
is the reported
-.I synchronization distance
+\fIsynchronization\f[] \fIdistance\f[]
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic "'+/- ?'" .
+\f\*[B-Font]'+/- ?'\f[].
If the
-.I host
+\fIhost\f[]
is different from the
-.I IP ,
+\fIIP\f[],
both will be displayed.
Otherwise, only the
-.I IP
+\fIIP\f[]
is displayed.
Finally, the
-.I stratum
+\fIstratum\f[]
of the host is reported.
.SH "OPTIONS"
.TP
-.BR \-4 ", " \-\-ipv4
+.NOP \f\*[B-Font]\-4\f[], \f\*[B-Font]\-\-ipv4\f[]
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " \-\-ipv6
+.NOP \f\*[B-Font]\-6\f[], \f\*[B-Font]\-\-ipv6\f[]
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of the following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a " \fIauth\-keynumber\fP, " \-\-authentication "=" \fIauth\-keynumber\fP
+.NOP \f\*[B-Font]\-a\f[] \f\*[I-Font]auth\-keynumber\f[], \f\*[B-Font]\-\-authentication\f[]=\f\*[I-Font]auth\-keynumber\f[]
Enable authentication with the key \fBauth-keynumber\fP.
This option takes an integer number as its argument.
.sp
number specified in the \fBkeyfile\fP as this key's identifier.
See the \fBkeyfile\fP option (\fB-k\fP) for more details.
.TP
-.BR \-b " \fIbroadcast\-address\fP, " \-\-broadcast "=" \fIbroadcast\-address\fP
+.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]broadcast\-address\f[], \f\*[B-Font]\-\-broadcast\f[]=\f\*[I-Font]broadcast\-address\f[]
Listen to the address specified for broadcast time sync.
This option may appear an unlimited number of times.
.sp
for NTP broadcasts. The default maximum wait time
can (and probably should) be modified with \fB-t\fP.
.TP
-.BR \-c " \fIhost\-name\fP, " \-\-concurrent "=" \fIhost\-name\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]host\-name\f[], \f\*[B-Font]\-\-concurrent\f[]=\f\*[I-Font]host\-name\f[]
Concurrently query all IPs returned for host-name.
This option may appear an unlimited number of times.
.sp
returned for the DNS lookup of the supplied host-name are on
different machines, so we can send concurrent queries.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
+.NOP \f\*[B-Font]\-g\f[] \f\*[I-Font]milliseconds\f[], \f\*[B-Font]\-\-gap\f[]=\f\*[I-Font]milliseconds\f[]
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
-The default \fImilliseconds\fP for this option is:
+The default
+\f\*[I-Font]milliseconds\f[]
+for this option is:
.ti +4
50
.sp
separate the queries we send out by the specified number of
milliseconds.
.TP
-.BR \-K " \fIfile\-name\fP, " \-\-kod "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-K\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-kod\f[]=\f\*[I-Font]file\-name\f[]
KoD history filename.
-The default \fIfile\-name\fP for this option is:
+The default
+\f\*[I-Font]file\-name\f[]
+for this option is:
.ti +4
/var/db/ntp-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
.TP
-.BR \-k " \fIfile\-name\fP, " \-\-keyfile "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-k\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-keyfile\f[]=\f\*[I-Font]file\-name\f[]
Look in this file for the key specified with \fB-a\fP.
.sp
This option specifies the keyfile.
\fIkeyno\fP in this file. See \fBntp.keys(5)\fP for more
information.
.TP
-.BR \-l " \fIfile\-name\fP, " \-\-logfile "=" \fIfile\-name\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]file\-name\f[], \f\*[B-Font]\-\-logfile\f[]=\f\*[I-Font]file\-name\f[]
Log to specified logfile.
.sp
This option causes the client to write log messages to the specified
\fIlogfile\fP.
.TP
-.BR \-M " \fInumber\fP, " \-\-steplimit "=" \fInumber\fP
+.NOP \f\*[B-Font]\-M\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-steplimit\f[]=\f\*[I-Font]number\f[]
Adjustments less than \fBsteplimit\fP msec will be slewed.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
.in +4
.nf
.na
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
correction using \fBsettimeofday(2)\fP.
.TP
-.BR \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
+.NOP \f\*[B-Font]\-o\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-ntpversion\f[]=\f\*[I-Font]number\f[]
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+\f\*[I-Font]number\f[]
+is constrained to being:
.in +4
.nf
.na
in the range 0 through 7
.fi
.in -4
-The default \fInumber\fP for this option is:
+The default
+\f\*[I-Font]number\f[]
+for this option is:
.ti +4
4
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
.TP
-.BR \-r ", " \-\-usereservedport
+.NOP \f\*[B-Font]\-r\f[], \f\*[B-Font]\-\-usereservedport\f[]
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
.TP
-.BR \-S ", " \-\-step
+.NOP \f\*[B-Font]\-S\f[], \f\*[B-Font]\-\-step\f[]
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
.TP
-.BR \-s ", " \-\-slew
+.NOP \f\*[B-Font]\-s\f[], \f\*[B-Font]\-\-slew\f[]
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
.TP
-.BR \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
+.NOP \f\*[B-Font]\-t\f[] \f\*[I-Font]seconds\f[], \f\*[B-Font]\-\-timeout\f[]=\f\*[I-Font]seconds\f[]
The number of seconds to wait for responses.
This option takes an integer number as its argument.
-The default \fIseconds\fP for this option is:
+The default
+\f\*[I-Font]seconds\f[]
+for this option is:
.ti +4
5
.sp
only waiting for a broadcast response a longer timeout is
likely needed.
.TP
-.BR \-\-wait, " \fB\-\-no\-wait\fP"
+.NOP \f\*[B-Font]\-\-wait\f[], \f\*[B-Font]\- Fl \-no\-wait\f[]
Wait for pending replies (if not setting the time).
The \fIno\-wait\fP form will disable the option.
This option is enabled by default.
.sp
If we are not setting the time, wait for all pending responses.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
rm \-f $list
} 1>.doc 2>/dev/null
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.TH sntp @SNTP_MS@ "22 Dec 2013" "4.2.7p402" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-mHaqeU/ag-yHaqdU)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:24 PM by AutoGen 5.18.3pre5
+.\" From the definitions sntp-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]sntp\fP sntp
+\- standard Simple Network Time Protocol client program
.SH USAGE
-.TP
-.BR Li "sntp ntpserver.somewhere"
+.TP 7
+.NOP \f[C]sntp ntpserver.somewhere\f[]
is the simplest use of this program
and can be run as an unprivileged command
to check the current time and error in the local clock.
-.TP
-.BR Li "sntp \-a ntpserver.somewhere"
+.TP 7
+.NOP \f[C]sntp \-a ntpserver.somewhere\f[]
With suitable privilege,
run as a command
or from a
-.Xr cron 8
+\fCcron\fR(8)\f[]
job,
-.Ic "sntp \-a"
+\f\*[B-Font]sntp \-a\f[]
will reset the local clock from a synchronized specified server,
like the (deprecated)
-.Xr ntpdate @NTPDATE_MS@ ,
+\fCntpdate\fR(@NTPDATE_MS@)\f[],
or
-.Xr rdate 8
+\fCrdate\fR(8)\f[]
commands.
+.PP
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH AUTHORS
-.An "Johannes Maximilian Kuehn"
-.An "Harlan Stenn"
-.An "Dave Hart"
+.NOP "Johannes Maximilian Kuehn"
+.br
+.NOP "Harlan Stenn"
+.br
+.NOP "Dave Hart"
+.br
.SH "COPYRIGHT"
Copyright (C) 1970-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of
-.B .
-.PP
+This document corresponds to version 4.2.7p402 of
+\f\*[B-Font]sntp\fP.
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt SNTP @SNTP_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:34:08 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:31 PM by AutoGen 5.18.3pre5
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
[ hostname\-or\-IP ...]
.Pp
.Sh DESCRIPTION
of the host is reported.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " \-\-ipv4
+.It Fl 4 , Fl \-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " \-\-ipv6
+.It Fl 6 , Fl \-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of the following host names on the command line
to the IPv6 namespace.
-.It \-a " \fIauth\-keynumber\fP, " \-\-authentication "=" \fIauth\-keynumber\fP
+.It Fl a Ar auth\-keynumber , Fl \-authentication Ns = Ns Ar auth\-keynumber
Enable authentication with the key \fBauth\-keynumber\fP.
This option takes an integer number as its argument.
.sp
argument. The argument of this option is the \fBkeyid\fP, a
number specified in the \fBkeyfile\fP as this key's identifier.
See the \fBkeyfile\fP option (\fB\-k\fP) for more details.
-.It \-b " \fIbroadcast\-address\fP, " \-\-broadcast "=" \fIbroadcast\-address\fP
+.It Fl b Ar broadcast\-address , Fl \-broadcast Ns = Ns Ar broadcast\-address
Listen to the address specified for broadcast time sync.
This option may appear an unlimited number of times.
.sp
If specified \fBsntp\fP will listen to the specified address
for NTP broadcasts. The default maximum wait time
can (and probably should) be modified with \fB\-t\fP.
-.It \-c " \fIhost\-name\fP, " \-\-concurrent "=" \fIhost\-name\fP
+.It Fl c Ar host\-name , Fl \-concurrent Ns = Ns Ar host\-name
Concurrently query all IPs returned for host\-name.
This option may appear an unlimited number of times.
.sp
The \fB\-c\fP or \fB\-\-concurrent\fP flag says that any IPs
returned for the DNS lookup of the supplied host\-name are on
different machines, so we can send concurrent queries.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
+.It Fl g Ar milliseconds , Fl \-gap Ns = Ns Ar milliseconds
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
-The default \fImilliseconds\fP for this option is:
+The default
+.Ar milliseconds
+for this option is:
.ti +4
50
.sp
there is benefit to specifying a good number of servers to query,
separate the queries we send out by the specified number of
milliseconds.
-.It \-K " \fIfile\-name\fP, " \-\-kod "=" \fIfile\-name\fP
+.It Fl K Ar file\-name , Fl \-kod Ns = Ns Ar file\-name
KoD history filename.
-The default \fIfile\-name\fP for this option is:
+The default
+.Ar file\-name
+for this option is:
.ti +4
/var/db/ntp\-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
-.It \-k " \fIfile\-name\fP, " \-\-keyfile "=" \fIfile\-name\fP
+.It Fl k Ar file\-name , Fl \-keyfile Ns = Ns Ar file\-name
Look in this file for the key specified with \fB\-a\fP.
.sp
This option specifies the keyfile.
\fBsntp\fP will search for the key specified with \fB\-a\fP
\fIkeyno\fP in this file. See \fBntp.keys(5)\fP for more
information.
-.It \-l " \fIfile\-name\fP, " \-\-logfile "=" \fIfile\-name\fP
+.It Fl l Ar file\-name , Fl \-logfile Ns = Ns Ar file\-name
Log to specified logfile.
.sp
This option causes the client to write log messages to the specified
\fIlogfile\fP.
-.It \-M " \fInumber\fP, " \-\-steplimit "=" \fInumber\fP
+.It Fl M Ar number , Fl \-steplimit Ns = Ns Ar number
Adjustments less than \fBsteplimit\fP msec will be slewed.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+.Ar number
+is constrained to being:
.in +4
.nf
.na
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
correction using \fBsettimeofday(2)\fP.
-.It \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
+.It Fl o Ar number , Fl \-ntpversion Ns = Ns Ar number
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
+The value of
+.Ar number
+is constrained to being:
.in +4
.nf
.na
in the range 0 through 7
.fi
.in -4
-The default \fInumber\fP for this option is:
+The default
+.Ar number
+for this option is:
.ti +4
4
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
-.It \-r ", " \-\-usereservedport
+.It Fl r , Fl \-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
-.It \-S ", " \-\-step
+.It Fl S , Fl \-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
-.It \-s ", " \-\-slew
+.It Fl s , Fl \-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
-.It \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
+.It Fl t Ar seconds , Fl \-timeout Ns = Ns Ar seconds
The number of seconds to wait for responses.
This option takes an integer number as its argument.
-The default \fIseconds\fP for this option is:
+The default
+.Ar seconds
+for this option is:
.ti +4
5
.sp
more than enough for a unicast response. If \fBsntp\fP is
only waiting for a broadcast response a longer timeout is
likely needed.
-.It \-\-wait, " \fB\-\-no\-wait\fP"
+.It Fl \-wait , " Fl \-no\-wait"
Wait for pending replies (if not setting the time).
The \fIno\-wait\fP form will disable the option.
This option is enabled by default.
.sp
If we are not setting the time, wait for all pending responses.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of
+This document corresponds to version 4.2.7p402 of
.Nm .
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBsntp\fP
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi)
#
-# It has been AutoGen-ed November 30, 2013 at 11:33:28 AM by AutoGen 5.18.3pre5
+# It has been AutoGen-ed December 22, 2013 at 11:09:05 PM by AutoGen 5.18.3pre5
# From the definitions ntp-keygen-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@code{-q}
option the password for encrypted files sent to remote sites.
If no password is specified, the host name returned by the Unix
-@code{gethostname}()
+@code{gethostname()}
function, normally the DNS name of the host is used.
The
as described in the
@quotedblleft{}Cryptographic Data Files@quotedblright{}
section below.
-@node Running the Program
-@section Running the Program
-
-
+@subsubsection Running the Program
To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
@file{/usr/local/etc}
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
-@node Running the program
-@section Running the program
-
-
+@subsubsection Running the program
The safest way to run the
@code{ntp-keygen}
program is logged in directly as root.
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
-@node Running the program
-@section Running the program
-
-
+@subsubsection Running the program
The safest way to run the
@code{ntp-keygen}
program is logged in directly as root.
scheme than the default, run
@code{ntp-keygen}
with the
-@code{-S} @kbd{-type}
+@code{-S} @kbd{type}
option, where
@kbd{type}
is either
run
@code{ntp-keygen}
with the
-@code{-c} @kbd{-scheme}
+@code{-c} @kbd{scheme}
option and selected
@kbd{scheme}
as needed.
is restarted, it loads any new files and restarts the protocol.
Other dependent hosts will continue as usual until signatures are refreshed,
at which time the protocol is restarted.
-@node Identity Schemes
-@section Identity Schemes
-
-
+@subsubsection Identity Schemes
As mentioned on the Autonomous Authentication page,
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
On trusted host alice run
@code{ntp-keygen}
@code{-P}
-@code{-p} @kbd{-password}
+@code{-p} @kbd{password}
to generate the host key file
@file{ntpkey_RSAkey_}@kbd{alice.filestamp}
and trusted private certificate file
@code{ntp-keygen}
@code{-T}
@code{-I}
-@code{-p} @kbd{-password}
+@code{-p} @kbd{password}
to produce her parameter file
@file{ntpkey_IFFpar_}@kbd{alice.filestamp},
which includes both server and client keys.
@code{ntp-keygen}
@code{-T}
@code{-G}
-@code{-p} @kbd{-password}
+@code{-p} @kbd{password}
to produce her parameter file
@file{ntpkey_GQpar_}@kbd{alice.filestamp},
which includes both server and client keys.
and bob one of her clients.
On TA trish run
@code{ntp-keygen}
-@code{-V} @kbd{-n}
-@code{-p} @kbd{-password},
+@code{-V} @kbd{n}
+@code{-p} @kbd{password},
where
@kbd{n}
is the number of revokable keys (typically 5) to produce
@file{ntpkeys_MVkeyd_}@kbd{trish.filestamp}
where
@kbd{d}
-is the key number (0 \&<
+is the key number (0 <
@kbd{d}
-\&<
+<
@kbd{n}).
Copy the parameter file to alice and install a soft link
from the generic
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
-@node Command Line Options
-@section Command Line Options
-
-
+@subsubsection Command Line Options
@table @asis
-
-@item @code{-c} @kbd{-scheme}
+@item @code{-c} @kbd{scheme}
Select certificate message digest/signature encryption scheme.
The
@kbd{scheme}
can be one of the following:
-
+. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
or
@code{DSA-SHA1}.
Note that RSA schemes must be used with a RSA sign key and DSA
@item @code{-I}
Generate parameters for the IFF identification scheme,
obsoleting any that may exist.
-@item @code{-i} @kbd{-name}
+@item @code{-i} @kbd{name}
Set the suject name to
@kbd{name}.
This is used as the subject field in certificates
@item @code{-P}
Generate a private certificate.
By default, the program generates public certificates.
-@item @code{-p} @kbd{-password}
+@item @code{-p} @kbd{password}
Encrypt generated files containing private data with
@kbd{password}
and the DES-CBC algorithm.
@item @code{-q}
Set the password for reading files to password.
-@item @code{-S} @code{-Oo} @code{-Cm} @code{-RSA} @code{-} | @code{-DSA} @code{-Oc}
+@item @code{-S} @code{[@code{RSA} | @code{DSA}]}
Generate a new sign key of the designated type,
obsoleting any that may exist.
By default, the program uses the host key as the sign key.
-@item @code{-s} @kbd{-name}
+@item @code{-s} @kbd{name}
Set the issuer name to
@kbd{name}.
This is used for the issuer field in certificates
@item @code{-T}
Generate a trusted certificate.
By default, the program generates a non-trusted certificate.
-@item @code{-V} @kbd{-nkeys}
+@item @code{-V} @kbd{nkeys}
Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
@end table
-@node Random Seed File
-@section Random Seed File
-
-
+@subsubsection Random Seed File
All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
the internal pseudo-random number generator used
program,
the OpenSSL library will look for the file using the path specified
by the
-Ev RANDFILE
+.Ev RANDFILE
environment variable in the user home directory,
whether root or some other user.
If the
-Ev RANDFILE
+.Ev RANDFILE
environment variable is not present,
the library will look for the
@code{.rnd}
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
exits with a suitable error message.
-@node Cryptographic Data Files
-@section Cryptographic Data Files
-
-
+@subsubsection Cryptographic Data Files
All other file formats begin with two lines.
The first contains the file name, including the generated host name
and filestamp.
@exampleindent 0
@example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p401
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p402
Usage: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed November 30, 2013 at 11:33:10 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:08:49 PM by AutoGen 5.18.3pre5
* From the definitions ntp-keygen-opts.def
* and the template file options
*
* static const strings for ntp-keygen options
*/
static char const ntp_keygen_opt_strs[2357] =
-/* 0 */ "ntp-keygen (ntp) 4.2.7p401\n"
+/* 0 */ "ntp-keygen (ntp) 4.2.7p402\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2136 */ "no-load-opts\0"
/* 2149 */ "no\0"
/* 2152 */ "NTP_KEYGEN\0"
-/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p401\n"
+/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p402\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 2279 */ "$HOME\0"
/* 2285 */ ".\0"
/* 2287 */ ".ntprc\0"
/* 2294 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2328 */ "\n\0"
-/* 2330 */ "ntp-keygen (ntp) 4.2.7p401";
+/* 2330 */ "ntp-keygen (ntp) 4.2.7p402";
/**
* imbits option description:
translate option names.
*/
/* referenced via ntp_keygenOptions.pzCopyright */
- puts(_("ntp-keygen (ntp) 4.2.7p401\n\
+ puts(_("ntp-keygen (ntp) 4.2.7p402\n\
Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
puts(_("load options from a config file"));
/* referenced via ntp_keygenOptions.pzUsageTitle */
- puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p401\n\
+ puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p402\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"));
/* referenced via ntp_keygenOptions.pzExplain */
puts(_("\n"));
/* referenced via ntp_keygenOptions.pzFullVersion */
- puts(_("ntp-keygen (ntp) 4.2.7p401"));
+ puts(_("ntp-keygen (ntp) 4.2.7p402"));
/* referenced via ntp_keygenOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed November 30, 2013 at 11:33:10 AM by AutoGen 5.18.3pre5
+ * It has been AutoGen-ed December 22, 2013 at 11:08:48 PM by AutoGen 5.18.3pre5
* From the definitions ntp-keygen-opts.def
* and the template file options
*
/** count of all options for ntp-keygen */
#define OPTION_CT 26
/** ntp-keygen version */
-#define NTP_KEYGEN_VERSION "4.2.7p401"
+#define NTP_KEYGEN_VERSION "4.2.7p402"
/** Full ntp-keygen version text */
-#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p401"
+#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p402"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntp-keygen 1ntp-keygenman "30 Nov 2013" "ntp (4.2.7p401)" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntp-keygen 1ntp-keygenman "22 Dec 2013" "ntp (4.2.7p402)" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:33:23 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntp-keygen-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-SUaOhS/ag-5UaOgS)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:01 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp-keygen-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntp-keygen \- Create a NTP host key
+\f\*[B-Font]ntp-keygen\fP
+\- Create a NTP host key
.SH SYNOPSIS
-.B ntp-keygen
+\f\*[B-Font]ntp-keygen\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..."
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
This program generates cryptographic data files used by the NTPv4
authentication and identification schemes.
These files are used for cookie encryption,
digital signature and challenge/response identification algorithms
compatible with the Internet standard security infrastructure.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are in PEM-encoded printable ASCII format,
so they can be embedded as MIME attachments in mail to other sites
and certificate authorities.
By default, files are not encrypted.
-.PP
+.sp \n(Ppu
+.ne 2
+
When used to generate message digest keys, the program produces a file
containing ten pseudo-random printable ASCII strings suitable for the
MD5 message digest algorithm included in the distribution.
using secure means beyond the scope of NTP itself.
Besides the keys used for ordinary NTP associations, additional keys
can be defined as passwords for the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
The remaining generated files are compatible with other OpenSSL
applications and other Public Key Infrastructure (PKI) resources.
Certificates generated by this program are compatible with extant
X509v3 extension fields somewhat liberal.
However, the identity keys are probably not compatible with anything
other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some files used by this program are encrypted using a private password.
The
- p
+\f\*[B-Font]\-p\f[]
option specifies the password for local encrypted files and the
- q
+\f\*[B-Font]\-q\f[]
option the password for encrypted files sent to remote sites.
If no password is specified, the host name returned by the Unix
-.Fn gethostname
+\fBgethostname\fR()\f[]
function, normally the DNS name of the host is used.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-\fIpw\fR
+\f\*[I-Font]pw\f[]
option of the
-\fIcrypto\fR
+\f\*[I-Font]crypto\f[]
configuration command specifies the read
password for previously encrypted local files.
This must match the local password used by this program.
If not specified, the host name is used.
Thus, if files are generated by this program without password,
they can be read back by
-\fIntpd\fR
+\f\*[I-Font]ntpd\f[]
without password but only on the same host.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-\fIntp.keys ,\fR
+\f\*[I-Font]ntp.keys\f[],
is usually installed in
-.Pa /etc .
+\fI/etc\f[].
Other files and links are usually installed in
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
-\fIkeysdir\fR
+\f\*[I-Font]keysdir\f[]
configuration command in such cases.
Normally, this is in
-.Pa /etc .
-.PP
+\fI/etc\f[].
+.sp \n(Ppu
+.ne 2
+
This program directs commentary and error messages to the standard
error stream
-\fIstderr\fR
+\f\*[I-Font]stderr\f[]
and remote files to the standard output stream
-\fIstdout\fR
+\f\*[I-Font]stdout\f[]
where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-\fIntpkey\fR
+\f\*[I-Font]ntpkey\f[]
and include the file type, generating host and filestamp,
as described in the
-.Dq Cryptographic Data Files
+\*[Lq]Cryptographic Data Files\*[Rq]
section below.
.SS Running the Program
To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
-.Pa /usr/local/etc
+\fI/usr/local/etc\f[]
When run for the first time, or if all files with names beginning with
-\fIntpkey\fR
+\f\*[I-Font]ntpkey\f[]
have been removed, use the
-.B
+\f\*[B-Font]ntp-keygen\fP
command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
new expiration date one year hence.
-.PP
+.sp \n(Ppu
+.ne 2
+
Run the command on as many hosts as necessary.
Designate one of them as the trusted host (TH) using
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- T
+\f\*[B-Font]\-T\f[]
option and configure it to synchronize from reliable Internet servers.
Then configure the other hosts to synchronize to the TH directly or
indirectly.
ascendant host towards the TH to sign its certificate, which is then
provided to the immediately descendant host on request.
All group hosts should have acyclic certificate trails ending on the TH.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be
RSA type.
By default, the host key is also the sign key used to encrypt
signatures.
A different sign key can be assigned using the
- S
+\f\*[B-Font]\-S\f[]
option and this can be either RSA or DSA type.
By default, the signature
message digest type is MD5, but any combination of sign key type and
message digest type supported by the OpenSSL library can be specified
using the
- c
+\f\*[B-Font]\-c\f[]
option.
The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
least so that the certificate lifetime is within the current year.
After that and when the host is synchronized to a proventic source, the
certificate should be re-generated.
-.PP
+.sp \n(Ppu
+.ne 2
+
Additional information on trusted groups and identity schemes is on the
-.Dq Autokey Public-Key Authentication
+\*[Lq]Autokey Public-Key Authentication\*[Rq]
page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
configuration command
-.Ic crypto pw Ar password
+\f\*[B-Font]crypto\f[] \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]
specifies the read password for previously encrypted files.
The daemon expires on the spot if the password is missing
or incorrect.
the program.
If the previous write password is specified as the host name,
these files can be read by that host with no explicit password.
-.PP
+.sp \n(Ppu
+.ne 2
+
File names begin with the prefix
-.Cm ntpkey_
+\f\*[B-Font]ntpkey_\f[]
and end with the postfix
-\fI_hostname.filestamp ,\fR
+\f\*[I-Font]_hostname.filestamp\f[],
where
-\fIhostname\fR
+\f\*[I-Font]hostname\f[]
is the owner name, usually the string returned
by the Unix gethostname() routine, and
-\fIfilestamp\fR
+\f\*[I-Font]filestamp\f[]
is the NTP seconds when the file was generated, in decimal digits.
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-.Ic rm ntpkey\&*
+\f\*[B-Font]rm\f[] \f\*[B-Font]ntpkey\&*\f[]
command or all files generated
at a specific time can be removed by a
-.Ic rm
-\fI\&*filestamp\fR
+\f\*[B-Font]rm\f[]
+\f\*[I-Font]\&*filestamp\f[]
command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
and generation date and time as comments.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
Normally, the files for each host are generated by that host
and used only by that host, although exceptions exist
as noted later on this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, files containing private values,
including the host key, sign key and identification parameters,
are permitted root read/write-only;
Since uniqueness is insured by the hostname and
file name extensions, the files for a NFS server and
dependent clients can all be installed in the same shared directory.
-.PP
+.sp \n(Ppu
+.ne 2
+
The recommended practice is to keep the file name extensions
when installing a file and to install a soft link
from the generic names specified elsewhere on this page
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
.SS Running the program
The safest way to run the
-.B
+\f\*[B-Font]ntp-keygen\fP
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
then run the program.
When run for the first time,
or if all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
to the respective files.
If run again, the program uses the same host key file,
but generates a new certificate file and link.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be RSA type.
By default, the host key is also the sign key used to encrypt signatures.
When necessary, a different sign key can be specified and this can be
with the sign key.
Certificates using any digest algorithm are compatible with RSA sign keys;
however, only SHA and SHA1 certificates are compatible with DSA sign keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
Private/public key files and certificates are compatible with
other OpenSSL applications and very likely other libraries as well.
Certificates or certificate requests derived from them should be compatible
the interpretation of X509v3 extension fields somewhat liberal.
However, the identification parameter files, although encoded
as the other files, are probably not compatible with anything other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Running the program as other than root and using the Unix
-.Ic su
+\f\*[B-Font]su\f[]
command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
in the user home directory.
However, there should be only one
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
most conveniently
in the root directory, so it is convenient to define the
-.Cm $RANDFILE
+\f\*[B-Font]$RANDFILE\f[]
environment variable used by the OpenSSL library as the path to
-.Cm /.rnd .
-.PP
+\f\*[B-Font]/.rnd\f[].
+.sp \n(Ppu
+.ne 2
+
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa /etc
+\fI/etc\f[]
using the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily, cryptographic files are generated by the host that uses them,
but it is possible for a trusted agent (TA) to generate these files
for other hosts; however, in such cases files should always be encrypted.
as the subject and issuer fields, respectively, of the certificate.
The owner name is also used for the host and sign key files,
while the trusted name is used for the identity files.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
Normally, the files for each host are generated by that host
and used only by that host, although exceptions exist
as noted later on this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, files containing private values,
including the host key, sign key and identification parameters,
are permitted root read/write-only;
Since uniqueness is insured by the hostname and
file name extensions, the files for a NFS server and
dependent clients can all be installed in the same shared directory.
-.PP
+.sp \n(Ppu
+.ne 2
+
The recommended practice is to keep the file name extensions
when installing a file and to install a soft link
from the generic names specified elsewhere on this page
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
.SS Running the program
The safest way to run the
-.B
+\f\*[B-Font]ntp-keygen\fP
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
then run the program.
When run for the first time,
or if all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
to the respective files.
If run again, the program uses the same host key file,
but generates a new certificate file and link.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be RSA type.
By default, the host key is also the sign key used to encrypt signatures.
When necessary, a different sign key can be specified and this can be
with the sign key.
Certificates using any digest algorithm are compatible with RSA sign keys;
however, only SHA and SHA1 certificates are compatible with DSA sign keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
Private/public key files and certificates are compatible with
other OpenSSL applications and very likely other libraries as well.
Certificates or certificate requests derived from them should be compatible
the interpretation of X509v3 extension fields somewhat liberal.
However, the identification parameter files, although encoded
as the other files, are probably not compatible with anything other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Running the program as other than root and using the Unix
-.Ic su
+\f\*[B-Font]su\f[]
command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
in the user home directory.
However, there should be only one
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
most conveniently
in the root directory, so it is convenient to define the
-.Cm $RANDFILE
+\f\*[B-Font]$RANDFILE\f[]
environment variable used by the OpenSSL library as the path to
-.Cm /.rnd .
-.PP
+\f\*[B-Font]/.rnd\f[].
+.sp \n(Ppu
+.ne 2
+
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa /etc
+\fI/etc\f[]
using the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily, cryptographic files are generated by the host that uses them,
but it is possible for a trusted agent (TA) to generate these files
for other hosts; however, in such cases files should always be encrypted.
Each cryptographic configuration involves selection of a signature scheme
and identification scheme, called a cryptotype,
as explained in the
-.Sx Authentication Options
+\fIAuthentication\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5 .
+\fCntp.conf\fR(5)\f[].
The default cryptotype uses RSA encryption, MD5 message digest
and TC identification.
First, configure a NTP subnet including one or more low-stratum
a certificate trail ending at a trusted host.
The trail is defined by static configuration file entries
or dynamic means described on the
-.Sx Automatic NTP Configuration Options
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5 .
-.PP
+\fCntp.conf\fR(5)\f[].
+.sp \n(Ppu
+.ne 2
+
On each trusted host as root, change to the keys directory.
To insure a fresh fileset, remove all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files.
Then run
-.B
- T
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
to generate keys and a trusted certificate.
On all other hosts do the same, but leave off the
- T
+\f\*[B-Font]\-T\f[]
flag to generate keys and nontrusted certificates.
When complete, start the NTP daemons beginning at the lowest stratum
and working up the tree.
It may take some time for Autokey to instantiate the certificate trails
throughout the subnet, but setting up the environment is completely automatic.
-.PP
+.sp \n(Ppu
+.ne 2
+
If it is necessary to use a different sign key or different digest/signature
scheme than the default, run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- S Ar type
+\f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
option, where
-\fItype\fR
+\f\*[I-Font]type\f[]
is either
-.Cm RSA
+\f\*[B-Font]RSA\f[]
or
-.Cm DSA .
+\f\*[B-Font]DSA\f[].
The most often need to do this is when a DSA-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- c Ar scheme
+\f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
option and selected
-\fIscheme\fR
+\f\*[I-Font]scheme\f[]
as needed.
f
-.B
+\f\*[B-Font]ntp-keygen\fP
is run again without these options, it generates a new certificate
using the same scheme and sign key.
-.PP
+.sp \n(Ppu
+.ne 2
+
After setting up the environment it is advisable to update certificates
from time to time, if only to extend the validity interval.
Simply run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the same flags as before to generate new certificates
using existing keys.
However, if the host or sign key is changed,
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
should be restarted.
When
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
is restarted, it loads any new files and restarts the protocol.
Other dependent hosts will continue as usual until signatures are refreshed,
at which time the protocol is restarted.
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
including PC, IFF, GQ and MV described on the
-.Qq Identification Schemes
+"Identification Schemes"
page
(maybe available at
-.Li http://www.eecis.udel.edu/%7emills/keygen.html ) .
+\f[C]http://www.eecis.udel.edu/%7emills/keygen.html\f[]).
These schemes are based on a TA, one or more trusted hosts
and some number of nontrusted hosts.
Trusted hosts prove identity using values provided by the TA,
The name of a trusted host is also the name of its sugroup
and also the subject and issuer name on its trusted certificate.
The TA is not necessarily a trusted host in this sense, but often is.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some schemes there are separate keys for servers and clients.
A server can also be a client of another server,
but a client can never be a server for another client.
both server and client keys.
Hosts that operate
only as clients have key files that contain only client keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
The PC scheme supports only one trusted host in the group.
On trusted host alice run
-.B
- P
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-P\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to generate the host key file
-.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
+\fIntpkey_RSAkey_\f[]\f\*[I-Font]alice.filestamp\f[]
and trusted private certificate file
-.Pa ntpkey_RSA-MD5_cert_ Ns Ar alice.filestamp .
+\fIntpkey_RSA-MD5_cert_\f[]\f\*[I-Font]alice.filestamp\f[].
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
-.Pa ntpkey_host_ Ns Ar bob
+\fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
to the host key file and soft link
-.Pa ntpkey_cert_ Ns Ar bob
+\fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
to the private certificate file.
Note the generic links are on bob, but point to files generated
by trusted host alice.
In this scheme it is not possible to refresh
either the keys or certificates without copying them
to all other hosts in the group.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the IFF scheme proceed as in the TC scheme to generate keys
and certificates for all group hosts, then for every trusted host in the group,
generate the IFF parameter file.
On trusted host alice run
-.B
- T
- I
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-I\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to produce her parameter file
-.Pa ntpkey_IFFpar_ Ns Ar alice.filestamp ,
+\fIntpkey_IFFpar_\f[]\f\*[I-Font]alice.filestamp\f[],
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
+\fIntpkey_iff_\f[]\f\*[I-Font]alice\f[]
to this file.
If there are no hosts restricted to operate only as clients,
there is nothing further to do.
As the IFF scheme is independent
of keys and certificates, these files can be refreshed as needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
If a rogue client has the parameter file, it could masquerade
as a legitimate server and present a middleman threat.
To eliminate this threat, the client keys can be extracted
from the parameter file and distributed to all restricted clients.
After generating the parameter file, on alice run
-.B
- e
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-e\f[]
and pipe the output to a file or mail program.
Copy or mail this file to all restricted clients.
On these clients install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
+\fIntpkey_iff_\f[]\f\*[I-Font]alice\f[]
to this file.
To further protect the integrity of the keys,
each file can be encrypted with a secret password.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the GQ scheme proceed as in the TC scheme to generate keys
and certificates for all group hosts, then for every trusted host
in the group, generate the IFF parameter file.
On trusted host alice run
-.B
- T
- G
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-G\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to produce her parameter file
-.Pa ntpkey_GQpar_ Ns Ar alice.filestamp ,
+\fIntpkey_GQpar_\f[]\f\*[I-Font]alice.filestamp\f[],
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-.Pa ntpkey_gq_ Ns Ar alice
+\fIntpkey_gq_\f[]\f\*[I-Font]alice\f[]
to this file.
In addition, on each host bob install a soft link
from generic
-.Pa ntpkey_gq_ Ns Ar bob
+\fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
to this file.
As the GQ scheme updates the GQ parameters file and certificate
at the same time, keys and certificates can be regenerated as needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the MV scheme, proceed as in the TC scheme to generate keys
and certificates for all group hosts.
For illustration assume trish is the TA, alice one of several trusted hosts
and bob one of her clients.
On TA trish run
-.B
- V Ar n
- p Ar password ,
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
where
-\fIn\fR
+\f\*[I-Font]n\f[]
is the number of revokable keys (typically 5) to produce
the parameter file
-.Pa ntpkeys_MVpar_ Ns Ar trish.filestamp
+\fIntpkeys_MVpar_\f[]\f\*[I-Font]trish.filestamp\f[]
and client key files
-.Pa ntpkeys_MVkeyd_ Ns Ar trish.filestamp
+\fIntpkeys_MVkeyd_\f[]\f\*[I-Font]trish.filestamp\f[]
where
-\fId\fR
+\f\*[I-Font]d\f[]
is the key number (0 \&<
-\fId\fR
+\f\*[I-Font]d\f[]
\&<
-\fIn ) .\fR
+\f\*[I-Font]n\f[]).
Copy the parameter file to alice and install a soft link
from the generic
-.Pa ntpkey_mv_ Ns Ar alice
+\fIntpkey_mv_\f[]\f\*[I-Font]alice\f[]
to this file.
Copy one of the client key files to alice for later distribution
to her clients.
since they all work the same way.
Alice copies the client key file to all of her cliens.
On client bob install a soft link from generic
-.Pa ntpkey_mvkey_ Ns Ar bob
+\fIntpkey_mvkey_\f[]\f\*[I-Font]bob\f[]
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
.SS Command Line Options
-.TP
-.BR Fl c Ar scheme
+.TP 7
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
Select certificate message digest/signature encryption scheme.
The
-\fIscheme\fR
+\f\*[I-Font]scheme\f[]
can be one of the following:
. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
or
-.Cm DSA-SHA1 .
+\f\*[B-Font]DSA-SHA1\f[].
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-.Cm RSA-MD5 .
-.TP
-.BR Fl d
+\f\*[B-Font]RSA-MD5\f[].
+.TP 7
+.NOP \f\*[B-Font]\-d\f[]
Enable debugging.
This option displays the cryptographic data produced in eye-friendly billboards.
-.TP
-.BR Fl e
+.TP 7
+.NOP \f\*[B-Font]\-e\f[]
Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
-.TP
-.BR Fl G
+.TP 7
+.NOP \f\*[B-Font]\-G\f[]
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.TP
-.BR Fl g
+.TP 7
+.NOP \f\*[B-Font]\-g\f[]
Generate keys for the GQ identification scheme
using the existing GQ parameters.
If the GQ parameters do not yet exist, create them first.
-.TP
-.BR Fl H
+.TP 7
+.NOP \f\*[B-Font]\-H\f[]
Generate new host keys, obsoleting any that may exist.
-.TP
-.BR Fl I
+.TP 7
+.NOP \f\*[B-Font]\-I\f[]
Generate parameters for the IFF identification scheme,
obsoleting any that may exist.
-.TP
-.BR Fl i Ar name
+.TP 7
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]name\f[]
Set the suject name to
-\fIname .\fR
+\f\*[I-Font]name\f[].
This is used as the subject field in certificates
and in the file name for host and sign keys.
-.TP
-.BR Fl M
+.TP 7
+.NOP \f\*[B-Font]\-M\f[]
Generate MD5 keys, obsoleting any that may exist.
-.TP
-.BR Fl P
+.TP 7
+.NOP \f\*[B-Font]\-P\f[]
Generate a private certificate.
By default, the program generates public certificates.
-.TP
-.BR Fl p Ar password
+.TP 7
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
Encrypt generated files containing private data with
-\fIpassword\fR
+\f\*[I-Font]password\f[]
and the DES-CBC algorithm.
-.TP
-.BR Fl q
+.TP 7
+.NOP \f\*[B-Font]\-q\f[]
Set the password for reading files to password.
-.TP
-.BR Fl S Oo Cm RSA | DSA Oc
+.TP 7
+.NOP \f\*[B-Font]\-S\f[] [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
Generate a new sign key of the designated type,
obsoleting any that may exist.
By default, the program uses the host key as the sign key.
-.TP
-.BR Fl s Ar name
+.TP 7
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]name\f[]
Set the issuer name to
-\fIname .\fR
+\f\*[I-Font]name\f[].
This is used for the issuer field in certificates
and in the file name for identity files.
-.TP
-.BR Fl T
+.TP 7
+.NOP \f\*[B-Font]\-T\f[]
Generate a trusted certificate.
By default, the program generates a non-trusted certificate.
-.TP
-.BR Fl V Ar nkeys
+.TP 7
+.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]nkeys\f[]
Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+.PP
.SS Random Seed File
All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
by the library routines.
The OpenSSL library uses a designated random seed file for this purpose.
The file must be available when starting the NTP daemon and
-.B
+\f\*[B-Font]ntp-keygen\fP
program.
If a site supports OpenSSL or its companion OpenSSH,
it is very likely that means to do this are already available.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is important to understand that entropy must be evolved
for each generation, for otherwise the random number sequence
would be predictable.
can be used to do this and some systems have built-in entropy sources.
Suitable means are described in the OpenSSL software documentation,
but are outside the scope of this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The entropy seed used by the OpenSSL library is contained in a file,
usually called
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
which must be available when starting the NTP daemon
or the
-.B
+\f\*[B-Font]ntp-keygen\fP
program.
The NTP daemon will first look for the file
using the path specified by the
-.Ic randfile
+\f\*[B-Font]randfile\f[]
subcommand of the
-.Ic crypto
+\f\*[B-Font]crypto\f[]
configuration command.
If not specified in this way, or when starting the
-.B
+\f\*[B-Font]ntp-keygen\fP
program,
the OpenSSL library will look for the file using the path specified
by the
-.Ev RANDFILE
+RANDFILE
environment variable in the user home directory,
whether root or some other user.
If the
-.Ev RANDFILE
+RANDFILE
environment variable is not present,
the library will look for the
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
file in the user home directory.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
and filestamp.
The second contains the datestamp in conventional Unix date format.
Lines beginning with # are considered comments and ignored by the
-.B
+\f\*[B-Font]ntp-keygen\fP
program and
-.Xr ntpd 1ntpdmdoc
+\fCntpd\fR(1ntpdmdoc)\f[]
daemon.
Cryptographic values are encoded first using ASN.1 rules,
then encrypted if necessary, and finally written PEM-encoded
printable ASCII format preceded and followed by MIME content identifier lines.
-.PP
+.sp \n(Ppu
+.ne 2
+
The format of the symmetric keys file is somewhat different
than the other files in the interest of backward compatibility.
Since DES-CBC is deprecated in NTPv4, the only key format of interest
is MD5 alphanumeric strings.
Following hte heard the keys are
entered one per line in the format
-.D1 Ar keyno type key
+.in +4
+\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
+.in -4
where
-\fIkeyno\fR
+\f\*[I-Font]keyno\f[]
is a positive integer in the range 1-65,535,
-\fItype\fR
+\f\*[I-Font]type\f[]
is the string MD5 defining the key format and
-\fIkey\fR
+\f\*[I-Font]key\f[]
is the key itself,
which is a printable ASCII string 16 characters or less in length.
Each character is chosen from the 93 printable characters
in the range 0x21 through 0x7f excluding space and the
-.Ql #
+\[oq]#\[cq]
character.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that the keys used by the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
programs
are checked against passwords requested by the programs
and entered by hand, so it is generally appropriate to specify these keys
in human readable ASCII format.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program generates a MD5 symmetric keys file
-.Pa ntpkey_MD5key_ Ns Ar hostname.filestamp .
+\fIntpkey_MD5key_\f[]\f\*[I-Font]hostname.filestamp\f[].
Since the file contains private shared keys,
it should be visible only to root and distributed by secure means
to other subnet hosts.
The NTP daemon loads the file
-.Pa ntp.keys ,
+\fIntp.keys\f[],
so
-.B
+\f\*[B-Font]ntp-keygen\fP
installs a soft link from this name to the generated file.
Subsequently, similar soft links must be installed by manual
or automated means on the other subnet hosts.
While this file is not used with the Autokey Version 2 protocol,
it is needed to authenticate some remote configuration commands
used by the
-.Xr ntpq 1ntpqmdoc
+\fCntpq\fR(1ntpqmdoc)\f[]
and
-.Xr ntpdc 1ntpdcmdoc
+\fCntpdc\fR(1ntpdcmdoc)\f[]
utilities.
.SH "OPTIONS"
.TP
-.BR \-b " \fIimbits\fP, " \-\-imbits "=" \fIimbits\fP
+.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
identity modulus bits.
This option takes an integer number as its argument.
-The value of \fIimbits\fP is constrained to being:
+The value of
+\f\*[I-Font]imbits\f[]
+is constrained to being:
.in +4
.nf
.na
.sp
The number of bits in the identity modulus. The default is 256.
.TP
-.BR \-c " \fIscheme\fP, " \-\-certificate "=" \fIscheme\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
certificate scheme.
.sp
scheme is one of
schemes must be used with a DSA sign key. The default without
this option is RSA-MD5.
.TP
-.BR \-C " \fIcipher\fP, " \-\-cipher "=" \fIcipher\fP
+.NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
privatekey cipher.
.sp
Select the cipher which is used to encrypt the files containing
equivalent to "@code{-C des-ede3-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-e ", " \-\-id\-key
+.NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
.TP
-.BR \-G ", " \-\-gq\-params
+.NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
.TP
-.BR \-H ", " \-\-host\-key
+.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
.TP
-.BR \-I ", " \-\-iffkey
+.NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
.TP
-.BR \-i " \fIgroup\fP, " \-\-ident "=" \fIgroup\fP
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
set Autokey group name.
.sp
Set the optional Autokey group name to name. This is used in
'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
\fBntpd\fP's configuration file.
.TP
-.BR \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
.TP
-.BR \-M ", " \-\-md5key
+.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.TP
-.BR \-m " \fImodulus\fP, " \-\-modulus "=" \fImodulus\fP
+.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
modulus.
This option takes an integer number as its argument.
-The value of \fImodulus\fP is constrained to being:
+The value of
+\f\*[I-Font]modulus\f[]
+is constrained to being:
.in +4
.nf
.na
.sp
The number of bits in the prime modulus. The default is 512.
.TP
-.BR \-P ", " \-\-pvt\-cert
+.NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
public certificates.
.TP
-.BR \-p " \fIpasswd\fP, " \-\-pvt\-passwd "=" \fIpasswd\fP
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-pvt\-passwd\f[]=\f\*[I-Font]passwd\f[]
output private password.
.sp
Encrypt generated files containing private data with the specified
password and the cipher selected with \fB-C/--cipher\fP.
.TP
-.BR \-q " \fIpasswd\fP, " \-\-get\-pvt\-passwd "=" \fIpasswd\fP
+.NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-get\-pvt\-passwd\f[]=\f\*[I-Font]passwd\f[]
input private password.
.sp
Set the password for reading files to the specified password.
.TP
-.BR \-S " \fIsign\fP, " \-\-sign\-key "=" \fIsign\fP
+.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
generate sign key (RSA or DSA).
.sp
Generate a new sign key of the designated type, obsoleting any
that may exist. By default, the program uses the host key as the
sign key.
.TP
-.BR \-s " \fIhost@group\fP, " \-\-subject\-name "=" \fIhost@group\fP
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
set host and optionally group name.
.sp
Set the Autokey host name, and optionally, group name specified
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
.TP
-.BR \-T ", " \-\-trusted\-cert
+.NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
a non-trusted certificate.
.TP
-.BR \-V " \fInum\fP, " \-\-mv\-params "=" \fInum\fP
+.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
generate <num> MV parameters.
This option takes an integer number as its argument.
.sp
Generate parameters and keys for the Mu-Varadharajan (MV)
identification scheme.
.TP
-.BR \-v " \fInum\fP, " \-\-mv\-keys "=" \fInum\fP
+.NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
update <num> MV keys.
This option takes an integer number as its argument.
.sp
This option has not been fully documented.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntp-keygen 1ntp-keygenman "22 Dec 2013" "ntp (4.2.7p402)" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-SUaOhS/ag-5UaOgS)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:01 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp-keygen-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntp-keygen\fP ntp-keygen
+\- Create a NTP host key
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
The
- p Ar password
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
option specifies the write password and
- q Ar password
+\f\*[B-Font]\-q\f[] \f\*[I-Font]password\f[]
option the read password for previously encrypted files.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program prompts for the password if it reads an encrypted file
and the password is missing or incorrect.
If an encrypted file is read successfully and
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
from one to several minutes with modern architectures
such as UltraSPARC and up to tens of minutes to an hour
with older architectures such as SPARC IPC.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please report bugs to http://bugs.ntp.org .
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:33:31 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:08 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
.Pp
All arguments must be options.
.Pp
utilities.
.Sh "OPTIONS"
.Bl -tag
-.It \-b " \fIimbits\fP, " \-\-imbits "=" \fIimbits\fP
+.It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits
identity modulus bits.
This option takes an integer number as its argument.
-The value of \fIimbits\fP is constrained to being:
+The value of
+.Ar imbits
+is constrained to being:
.in +4
.nf
.na
.in -4
.sp
The number of bits in the identity modulus. The default is 256.
-.It \-c " \fIscheme\fP, " \-\-certificate "=" \fIscheme\fP
+.It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme
certificate scheme.
.sp
scheme is one of
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
this option is RSA\-MD5.
-.It \-C " \fIcipher\fP, " \-\-cipher "=" \fIcipher\fP
+.It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher
privatekey cipher.
.sp
Select the cipher which is used to encrypt the files containing
private keys. The default is three\-key triple DES in CBC mode,
equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-e ", " \-\-id\-key
+.It Fl e , Fl \-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
-.It \-G ", " \-\-gq\-params
+.It Fl G , Fl \-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.It \-H ", " \-\-host\-key
+.It Fl H , Fl \-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
-.It \-I ", " \-\-iffkey
+.It Fl I , Fl \-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
-.It \-i " \fIgroup\fP, " \-\-ident "=" \fIgroup\fP
+.It Fl i Ar group , Fl \-ident Ns = Ns Ar group
set Autokey group name.
.sp
Set the optional Autokey group name to name. This is used in
issuer names in the form \fBhost@group\fP and should match the
\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
\fBntpd\fP's configuration file.
-.It \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
+.It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
-.It \-M ", " \-\-md5key
+.It Fl M , Fl \-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
-.It \-m " \fImodulus\fP, " \-\-modulus "=" \fImodulus\fP
+.It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus
modulus.
This option takes an integer number as its argument.
-The value of \fImodulus\fP is constrained to being:
+The value of
+.Ar modulus
+is constrained to being:
.in +4
.nf
.na
.in -4
.sp
The number of bits in the prime modulus. The default is 512.
-.It \-P ", " \-\-pvt\-cert
+.It Fl P , Fl \-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
public certificates.
-.It \-p " \fIpasswd\fP, " \-\-pvt\-passwd "=" \fIpasswd\fP
+.It Fl p Ar passwd , Fl \-pvt\-passwd Ns = Ns Ar passwd
output private password.
.sp
Encrypt generated files containing private data with the specified
password and the cipher selected with \fB\-C/\-\-cipher\fP.
-.It \-q " \fIpasswd\fP, " \-\-get\-pvt\-passwd "=" \fIpasswd\fP
+.It Fl q Ar passwd , Fl \-get\-pvt\-passwd Ns = Ns Ar passwd
input private password.
.sp
Set the password for reading files to the specified password.
-.It \-S " \fIsign\fP, " \-\-sign\-key "=" \fIsign\fP
+.It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign
generate sign key (RSA or DSA).
.sp
Generate a new sign key of the designated type, obsoleting any
that may exist. By default, the program uses the host key as the
sign key.
-.It \-s " \fIhost@group\fP, " \-\-subject\-name "=" \fIhost@group\fP
+.It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group
set host and optionally group name.
.sp
Set the Autokey host name, and optionally, group name specified
subject and issuer fields, as with \fB\-i group\fP. The group name, or
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
-.It \-T ", " \-\-trusted\-cert
+.It Fl T , Fl \-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
a non\-trusted certificate.
-.It \-V " \fInum\fP, " \-\-mv\-params "=" \fInum\fP
+.It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num
generate <num> MV parameters.
This option takes an integer number as its argument.
.sp
Generate parameters and keys for the Mu\-Varadharajan (MV)
identification scheme.
-.It \-v " \fInum\fP, " \-\-mv\-keys "=" \fInum\fP
+.It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num
update <num> MV keys.
This option takes an integer number as its argument.
.sp
This option has not been fully documented.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP
printable ASCII format so they can be embedded as MIME attachments in
mail to other sites.
- <p>This document applies to version 4.2.7p401 of <code>ntp-keygen</code>.
+ <p>This document applies to version 4.2.7p402 of <code>ntp-keygen</code>.
<div class="node">
<p><hr>
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p400
+<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p401
Usage: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
-.TH ntp-keygen @NTP_KEYGEN_MS@ "30 Nov 2013" "ntp (4.2.7p401)" "User Commands"
+.de1 NOP
+. it 1 an-trap
+. if \\n[.$] \,\\$*\/
+..
+.ie t \
+.ds B-Font [CB]
+.ds I-Font [CI]
+.ds R-Font [CR]
+.el \
+.ds B-Font B
+.ds I-Font I
+.ds R-Font R
+.TH ntp-keygen @NTP_KEYGEN_MS@ "22 Dec 2013" "ntp (4.2.7p402)" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
-.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:33:23 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntp-keygen-opts.def
-.\" and the template file agman-cmd.tpl
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-SUaOhS/ag-5UaOgS)
.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:01 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp-keygen-opts.def
+.\" and the template file agman-cmd.tpl
.SH NAME
-ntp-keygen \- Create a NTP host key
+\f\*[B-Font]ntp-keygen\fP
+\- Create a NTP host key
.SH SYNOPSIS
-.B ntp-keygen
+\f\*[B-Font]ntp-keygen\fP
.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP "[[=| ]\fIvalue\fP]]..."
-.PP
+[\f\*[B-Font]\-flags\f[]]
+[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
+[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
+.sp \n(Ppu
+.ne 2
+
All arguments must be options.
-.PP
+.sp \n(Ppu
+.ne 2
+
.SH DESCRIPTION
This program generates cryptographic data files used by the NTPv4
authentication and identification schemes.
These files are used for cookie encryption,
digital signature and challenge/response identification algorithms
compatible with the Internet standard security infrastructure.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are in PEM-encoded printable ASCII format,
so they can be embedded as MIME attachments in mail to other sites
and certificate authorities.
By default, files are not encrypted.
-.PP
+.sp \n(Ppu
+.ne 2
+
When used to generate message digest keys, the program produces a file
containing ten pseudo-random printable ASCII strings suitable for the
MD5 message digest algorithm included in the distribution.
using secure means beyond the scope of NTP itself.
Besides the keys used for ordinary NTP associations, additional keys
can be defined as passwords for the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utility programs.
-.PP
+.sp \n(Ppu
+.ne 2
+
The remaining generated files are compatible with other OpenSSL
applications and other Public Key Infrastructure (PKI) resources.
Certificates generated by this program are compatible with extant
X509v3 extension fields somewhat liberal.
However, the identity keys are probably not compatible with anything
other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Some files used by this program are encrypted using a private password.
The
- p
+\f\*[B-Font]\-p\f[]
option specifies the password for local encrypted files and the
- q
+\f\*[B-Font]\-q\f[]
option the password for encrypted files sent to remote sites.
If no password is specified, the host name returned by the Unix
-.Fn gethostname
+\fBgethostname\fR()\f[]
function, normally the DNS name of the host is used.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-\fIpw\fR
+\f\*[I-Font]pw\f[]
option of the
-\fIcrypto\fR
+\f\*[I-Font]crypto\f[]
configuration command specifies the read
password for previously encrypted local files.
This must match the local password used by this program.
If not specified, the host name is used.
Thus, if files are generated by this program without password,
they can be read back by
-\fIntpd\fR
+\f\*[I-Font]ntpd\f[]
without password but only on the same host.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-\fIntp.keys ,\fR
+\f\*[I-Font]ntp.keys\f[],
is usually installed in
-.Pa /etc .
+\fI/etc\f[].
Other files and links are usually installed in
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
-\fIkeysdir\fR
+\f\*[I-Font]keysdir\f[]
configuration command in such cases.
Normally, this is in
-.Pa /etc .
-.PP
+\fI/etc\f[].
+.sp \n(Ppu
+.ne 2
+
This program directs commentary and error messages to the standard
error stream
-\fIstderr\fR
+\f\*[I-Font]stderr\f[]
and remote files to the standard output stream
-\fIstdout\fR
+\f\*[I-Font]stdout\f[]
where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-\fIntpkey\fR
+\f\*[I-Font]ntpkey\f[]
and include the file type, generating host and filestamp,
as described in the
-.Dq Cryptographic Data Files
+\*[Lq]Cryptographic Data Files\*[Rq]
section below.
.SS Running the Program
To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
-.Pa /usr/local/etc
+\fI/usr/local/etc\f[]
When run for the first time, or if all files with names beginning with
-\fIntpkey\fR
+\f\*[I-Font]ntpkey\f[]
have been removed, use the
-.B
+\f\*[B-Font]ntp-keygen\fP
command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
new expiration date one year hence.
-.PP
+.sp \n(Ppu
+.ne 2
+
Run the command on as many hosts as necessary.
Designate one of them as the trusted host (TH) using
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- T
+\f\*[B-Font]\-T\f[]
option and configure it to synchronize from reliable Internet servers.
Then configure the other hosts to synchronize to the TH directly or
indirectly.
ascendant host towards the TH to sign its certificate, which is then
provided to the immediately descendant host on request.
All group hosts should have acyclic certificate trails ending on the TH.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be
RSA type.
By default, the host key is also the sign key used to encrypt
signatures.
A different sign key can be assigned using the
- S
+\f\*[B-Font]\-S\f[]
option and this can be either RSA or DSA type.
By default, the signature
message digest type is MD5, but any combination of sign key type and
message digest type supported by the OpenSSL library can be specified
using the
- c
+\f\*[B-Font]\-c\f[]
option.
The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
least so that the certificate lifetime is within the current year.
After that and when the host is synchronized to a proventic source, the
certificate should be re-generated.
-.PP
+.sp \n(Ppu
+.ne 2
+
Additional information on trusted groups and identity schemes is on the
-.Dq Autokey Public-Key Authentication
+\*[Lq]Autokey Public-Key Authentication\*[Rq]
page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
configuration command
-.Ic crypto pw Ar password
+\f\*[B-Font]crypto\f[] \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]
specifies the read password for previously encrypted files.
The daemon expires on the spot if the password is missing
or incorrect.
the program.
If the previous write password is specified as the host name,
these files can be read by that host with no explicit password.
-.PP
+.sp \n(Ppu
+.ne 2
+
File names begin with the prefix
-.Cm ntpkey_
+\f\*[B-Font]ntpkey_\f[]
and end with the postfix
-\fI_hostname.filestamp ,\fR
+\f\*[I-Font]_hostname.filestamp\f[],
where
-\fIhostname\fR
+\f\*[I-Font]hostname\f[]
is the owner name, usually the string returned
by the Unix gethostname() routine, and
-\fIfilestamp\fR
+\f\*[I-Font]filestamp\f[]
is the NTP seconds when the file was generated, in decimal digits.
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-.Ic rm ntpkey\&*
+\f\*[B-Font]rm\f[] \f\*[B-Font]ntpkey\&*\f[]
command or all files generated
at a specific time can be removed by a
-.Ic rm
-\fI\&*filestamp\fR
+\f\*[B-Font]rm\f[]
+\f\*[I-Font]\&*filestamp\f[]
command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
and generation date and time as comments.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
Normally, the files for each host are generated by that host
and used only by that host, although exceptions exist
as noted later on this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, files containing private values,
including the host key, sign key and identification parameters,
are permitted root read/write-only;
Since uniqueness is insured by the hostname and
file name extensions, the files for a NFS server and
dependent clients can all be installed in the same shared directory.
-.PP
+.sp \n(Ppu
+.ne 2
+
The recommended practice is to keep the file name extensions
when installing a file and to install a soft link
from the generic names specified elsewhere on this page
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
.SS Running the program
The safest way to run the
-.B
+\f\*[B-Font]ntp-keygen\fP
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
then run the program.
When run for the first time,
or if all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
to the respective files.
If run again, the program uses the same host key file,
but generates a new certificate file and link.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be RSA type.
By default, the host key is also the sign key used to encrypt signatures.
When necessary, a different sign key can be specified and this can be
with the sign key.
Certificates using any digest algorithm are compatible with RSA sign keys;
however, only SHA and SHA1 certificates are compatible with DSA sign keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
Private/public key files and certificates are compatible with
other OpenSSL applications and very likely other libraries as well.
Certificates or certificate requests derived from them should be compatible
the interpretation of X509v3 extension fields somewhat liberal.
However, the identification parameter files, although encoded
as the other files, are probably not compatible with anything other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Running the program as other than root and using the Unix
-.Ic su
+\f\*[B-Font]su\f[]
command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
in the user home directory.
However, there should be only one
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
most conveniently
in the root directory, so it is convenient to define the
-.Cm $RANDFILE
+\f\*[B-Font]$RANDFILE\f[]
environment variable used by the OpenSSL library as the path to
-.Cm /.rnd .
-.PP
+\f\*[B-Font]/.rnd\f[].
+.sp \n(Ppu
+.ne 2
+
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa /etc
+\fI/etc\f[]
using the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily, cryptographic files are generated by the host that uses them,
but it is possible for a trusted agent (TA) to generate these files
for other hosts; however, in such cases files should always be encrypted.
as the subject and issuer fields, respectively, of the certificate.
The owner name is also used for the host and sign key files,
while the trusted name is used for the identity files.
-.PP
+.sp \n(Ppu
+.ne 2
+
All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
Normally, the files for each host are generated by that host
and used only by that host, although exceptions exist
as noted later on this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
Normally, files containing private values,
including the host key, sign key and identification parameters,
are permitted root read/write-only;
Since uniqueness is insured by the hostname and
file name extensions, the files for a NFS server and
dependent clients can all be installed in the same shared directory.
-.PP
+.sp \n(Ppu
+.ne 2
+
The recommended practice is to keep the file name extensions
when installing a file and to install a soft link
from the generic names specified elsewhere on this page
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program uses the same timestamp extension for all files generated
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
.SS Running the program
The safest way to run the
-.B
+\f\*[B-Font]ntp-keygen\fP
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-.Pa /usr/local/etc ,
+\fI/usr/local/etc\f[],
then run the program.
When run for the first time,
or if all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
to the respective files.
If run again, the program uses the same host key file,
but generates a new certificate file and link.
-.PP
+.sp \n(Ppu
+.ne 2
+
The host key is used to encrypt the cookie when required and so must be RSA type.
By default, the host key is also the sign key used to encrypt signatures.
When necessary, a different sign key can be specified and this can be
with the sign key.
Certificates using any digest algorithm are compatible with RSA sign keys;
however, only SHA and SHA1 certificates are compatible with DSA sign keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
Private/public key files and certificates are compatible with
other OpenSSL applications and very likely other libraries as well.
Certificates or certificate requests derived from them should be compatible
the interpretation of X509v3 extension fields somewhat liberal.
However, the identification parameter files, although encoded
as the other files, are probably not compatible with anything other than Autokey.
-.PP
+.sp \n(Ppu
+.ne 2
+
Running the program as other than root and using the Unix
-.Ic su
+\f\*[B-Font]su\f[]
command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
in the user home directory.
However, there should be only one
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
most conveniently
in the root directory, so it is convenient to define the
-.Cm $RANDFILE
+\f\*[B-Font]$RANDFILE\f[]
environment variable used by the OpenSSL library as the path to
-.Cm /.rnd .
-.PP
+\f\*[B-Font]/.rnd\f[].
+.sp \n(Ppu
+.ne 2
+
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-.Pa /etc
+\fI/etc\f[]
using the
-.Ic keysdir
+\f\*[B-Font]keysdir\f[]
command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
-.PP
+.sp \n(Ppu
+.ne 2
+
Ordinarily, cryptographic files are generated by the host that uses them,
but it is possible for a trusted agent (TA) to generate these files
for other hosts; however, in such cases files should always be encrypted.
Each cryptographic configuration involves selection of a signature scheme
and identification scheme, called a cryptotype,
as explained in the
-.Sx Authentication Options
+\fIAuthentication\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5 .
+\fCntp.conf\fR(5)\f[].
The default cryptotype uses RSA encryption, MD5 message digest
and TC identification.
First, configure a NTP subnet including one or more low-stratum
a certificate trail ending at a trusted host.
The trail is defined by static configuration file entries
or dynamic means described on the
-.Sx Automatic NTP Configuration Options
+\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[]
section of
-.Xr ntp.conf 5 .
-.PP
+\fCntp.conf\fR(5)\f[].
+.sp \n(Ppu
+.ne 2
+
On each trusted host as root, change to the keys directory.
To insure a fresh fileset, remove all
-.Cm ntpkey
+\f\*[B-Font]ntpkey\f[]
files.
Then run
-.B
- T
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
to generate keys and a trusted certificate.
On all other hosts do the same, but leave off the
- T
+\f\*[B-Font]\-T\f[]
flag to generate keys and nontrusted certificates.
When complete, start the NTP daemons beginning at the lowest stratum
and working up the tree.
It may take some time for Autokey to instantiate the certificate trails
throughout the subnet, but setting up the environment is completely automatic.
-.PP
+.sp \n(Ppu
+.ne 2
+
If it is necessary to use a different sign key or different digest/signature
scheme than the default, run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- S Ar type
+\f\*[B-Font]\-S\f[] \f\*[I-Font]type\f[]
option, where
-\fItype\fR
+\f\*[I-Font]type\f[]
is either
-.Cm RSA
+\f\*[B-Font]RSA\f[]
or
-.Cm DSA .
+\f\*[B-Font]DSA\f[].
The most often need to do this is when a DSA-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the
- c Ar scheme
+\f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
option and selected
-\fIscheme\fR
+\f\*[I-Font]scheme\f[]
as needed.
f
-.B
+\f\*[B-Font]ntp-keygen\fP
is run again without these options, it generates a new certificate
using the same scheme and sign key.
-.PP
+.sp \n(Ppu
+.ne 2
+
After setting up the environment it is advisable to update certificates
from time to time, if only to extend the validity interval.
Simply run
-.B
+\f\*[B-Font]ntp-keygen\fP
with the same flags as before to generate new certificates
using existing keys.
However, if the host or sign key is changed,
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
should be restarted.
When
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
is restarted, it loads any new files and restarts the protocol.
Other dependent hosts will continue as usual until signatures are refreshed,
at which time the protocol is restarted.
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
including PC, IFF, GQ and MV described on the
-.Qq Identification Schemes
+"Identification Schemes"
page
(maybe available at
-.Li http://www.eecis.udel.edu/%7emills/keygen.html ) .
+\f[C]http://www.eecis.udel.edu/%7emills/keygen.html\f[]).
These schemes are based on a TA, one or more trusted hosts
and some number of nontrusted hosts.
Trusted hosts prove identity using values provided by the TA,
The name of a trusted host is also the name of its sugroup
and also the subject and issuer name on its trusted certificate.
The TA is not necessarily a trusted host in this sense, but often is.
-.PP
+.sp \n(Ppu
+.ne 2
+
In some schemes there are separate keys for servers and clients.
A server can also be a client of another server,
but a client can never be a server for another client.
both server and client keys.
Hosts that operate
only as clients have key files that contain only client keys.
-.PP
+.sp \n(Ppu
+.ne 2
+
The PC scheme supports only one trusted host in the group.
On trusted host alice run
-.B
- P
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-P\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to generate the host key file
-.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
+\fIntpkey_RSAkey_\f[]\f\*[I-Font]alice.filestamp\f[]
and trusted private certificate file
-.Pa ntpkey_RSA-MD5_cert_ Ns Ar alice.filestamp .
+\fIntpkey_RSA-MD5_cert_\f[]\f\*[I-Font]alice.filestamp\f[].
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
-.Pa ntpkey_host_ Ns Ar bob
+\fIntpkey_host_\f[]\f\*[I-Font]bob\f[]
to the host key file and soft link
-.Pa ntpkey_cert_ Ns Ar bob
+\fIntpkey_cert_\f[]\f\*[I-Font]bob\f[]
to the private certificate file.
Note the generic links are on bob, but point to files generated
by trusted host alice.
In this scheme it is not possible to refresh
either the keys or certificates without copying them
to all other hosts in the group.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the IFF scheme proceed as in the TC scheme to generate keys
and certificates for all group hosts, then for every trusted host in the group,
generate the IFF parameter file.
On trusted host alice run
-.B
- T
- I
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-I\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to produce her parameter file
-.Pa ntpkey_IFFpar_ Ns Ar alice.filestamp ,
+\fIntpkey_IFFpar_\f[]\f\*[I-Font]alice.filestamp\f[],
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
+\fIntpkey_iff_\f[]\f\*[I-Font]alice\f[]
to this file.
If there are no hosts restricted to operate only as clients,
there is nothing further to do.
As the IFF scheme is independent
of keys and certificates, these files can be refreshed as needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
If a rogue client has the parameter file, it could masquerade
as a legitimate server and present a middleman threat.
To eliminate this threat, the client keys can be extracted
from the parameter file and distributed to all restricted clients.
After generating the parameter file, on alice run
-.B
- e
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-e\f[]
and pipe the output to a file or mail program.
Copy or mail this file to all restricted clients.
On these clients install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
+\fIntpkey_iff_\f[]\f\*[I-Font]alice\f[]
to this file.
To further protect the integrity of the keys,
each file can be encrypted with a secret password.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the GQ scheme proceed as in the TC scheme to generate keys
and certificates for all group hosts, then for every trusted host
in the group, generate the IFF parameter file.
On trusted host alice run
-.B
- T
- G
- p Ar password
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-T\f[]
+\f\*[B-Font]\-G\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
to produce her parameter file
-.Pa ntpkey_GQpar_ Ns Ar alice.filestamp ,
+\fIntpkey_GQpar_\f[]\f\*[I-Font]alice.filestamp\f[],
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-.Pa ntpkey_gq_ Ns Ar alice
+\fIntpkey_gq_\f[]\f\*[I-Font]alice\f[]
to this file.
In addition, on each host bob install a soft link
from generic
-.Pa ntpkey_gq_ Ns Ar bob
+\fIntpkey_gq_\f[]\f\*[I-Font]bob\f[]
to this file.
As the GQ scheme updates the GQ parameters file and certificate
at the same time, keys and certificates can be regenerated as needed.
-.PP
+.sp \n(Ppu
+.ne 2
+
For the MV scheme, proceed as in the TC scheme to generate keys
and certificates for all group hosts.
For illustration assume trish is the TA, alice one of several trusted hosts
and bob one of her clients.
On TA trish run
-.B
- V Ar n
- p Ar password ,
+\f\*[B-Font]ntp-keygen\fP
+\f\*[B-Font]\-V\f[] \f\*[I-Font]n\f[]
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[],
where
-\fIn\fR
+\f\*[I-Font]n\f[]
is the number of revokable keys (typically 5) to produce
the parameter file
-.Pa ntpkeys_MVpar_ Ns Ar trish.filestamp
+\fIntpkeys_MVpar_\f[]\f\*[I-Font]trish.filestamp\f[]
and client key files
-.Pa ntpkeys_MVkeyd_ Ns Ar trish.filestamp
+\fIntpkeys_MVkeyd_\f[]\f\*[I-Font]trish.filestamp\f[]
where
-\fId\fR
+\f\*[I-Font]d\f[]
is the key number (0 \&<
-\fId\fR
+\f\*[I-Font]d\f[]
\&<
-\fIn ) .\fR
+\f\*[I-Font]n\f[]).
Copy the parameter file to alice and install a soft link
from the generic
-.Pa ntpkey_mv_ Ns Ar alice
+\fIntpkey_mv_\f[]\f\*[I-Font]alice\f[]
to this file.
Copy one of the client key files to alice for later distribution
to her clients.
since they all work the same way.
Alice copies the client key file to all of her cliens.
On client bob install a soft link from generic
-.Pa ntpkey_mvkey_ Ns Ar bob
+\fIntpkey_mvkey_\f[]\f\*[I-Font]bob\f[]
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
.SS Command Line Options
-.TP
-.BR Fl c Ar scheme
+.TP 7
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[]
Select certificate message digest/signature encryption scheme.
The
-\fIscheme\fR
+\f\*[I-Font]scheme\f[]
can be one of the following:
. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
or
-.Cm DSA-SHA1 .
+\f\*[B-Font]DSA-SHA1\f[].
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-.Cm RSA-MD5 .
-.TP
-.BR Fl d
+\f\*[B-Font]RSA-MD5\f[].
+.TP 7
+.NOP \f\*[B-Font]\-d\f[]
Enable debugging.
This option displays the cryptographic data produced in eye-friendly billboards.
-.TP
-.BR Fl e
+.TP 7
+.NOP \f\*[B-Font]\-e\f[]
Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
-.TP
-.BR Fl G
+.TP 7
+.NOP \f\*[B-Font]\-G\f[]
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.TP
-.BR Fl g
+.TP 7
+.NOP \f\*[B-Font]\-g\f[]
Generate keys for the GQ identification scheme
using the existing GQ parameters.
If the GQ parameters do not yet exist, create them first.
-.TP
-.BR Fl H
+.TP 7
+.NOP \f\*[B-Font]\-H\f[]
Generate new host keys, obsoleting any that may exist.
-.TP
-.BR Fl I
+.TP 7
+.NOP \f\*[B-Font]\-I\f[]
Generate parameters for the IFF identification scheme,
obsoleting any that may exist.
-.TP
-.BR Fl i Ar name
+.TP 7
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]name\f[]
Set the suject name to
-\fIname .\fR
+\f\*[I-Font]name\f[].
This is used as the subject field in certificates
and in the file name for host and sign keys.
-.TP
-.BR Fl M
+.TP 7
+.NOP \f\*[B-Font]\-M\f[]
Generate MD5 keys, obsoleting any that may exist.
-.TP
-.BR Fl P
+.TP 7
+.NOP \f\*[B-Font]\-P\f[]
Generate a private certificate.
By default, the program generates public certificates.
-.TP
-.BR Fl p Ar password
+.TP 7
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
Encrypt generated files containing private data with
-\fIpassword\fR
+\f\*[I-Font]password\f[]
and the DES-CBC algorithm.
-.TP
-.BR Fl q
+.TP 7
+.NOP \f\*[B-Font]\-q\f[]
Set the password for reading files to password.
-.TP
-.BR Fl S Oo Cm RSA | DSA Oc
+.TP 7
+.NOP \f\*[B-Font]\-S\f[] [\f\*[B-Font]RSA\f[] | \f\*[B-Font]DSA\f[]]
Generate a new sign key of the designated type,
obsoleting any that may exist.
By default, the program uses the host key as the sign key.
-.TP
-.BR Fl s Ar name
+.TP 7
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]name\f[]
Set the issuer name to
-\fIname .\fR
+\f\*[I-Font]name\f[].
This is used for the issuer field in certificates
and in the file name for identity files.
-.TP
-.BR Fl T
+.TP 7
+.NOP \f\*[B-Font]\-T\f[]
Generate a trusted certificate.
By default, the program generates a non-trusted certificate.
-.TP
-.BR Fl V Ar nkeys
+.TP 7
+.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]nkeys\f[]
Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+.PP
.SS Random Seed File
All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
by the library routines.
The OpenSSL library uses a designated random seed file for this purpose.
The file must be available when starting the NTP daemon and
-.B
+\f\*[B-Font]ntp-keygen\fP
program.
If a site supports OpenSSL or its companion OpenSSH,
it is very likely that means to do this are already available.
-.PP
+.sp \n(Ppu
+.ne 2
+
It is important to understand that entropy must be evolved
for each generation, for otherwise the random number sequence
would be predictable.
can be used to do this and some systems have built-in entropy sources.
Suitable means are described in the OpenSSL software documentation,
but are outside the scope of this page.
-.PP
+.sp \n(Ppu
+.ne 2
+
The entropy seed used by the OpenSSL library is contained in a file,
usually called
-.Cm .rnd ,
+\f\*[B-Font].rnd\f[],
which must be available when starting the NTP daemon
or the
-.B
+\f\*[B-Font]ntp-keygen\fP
program.
The NTP daemon will first look for the file
using the path specified by the
-.Ic randfile
+\f\*[B-Font]randfile\f[]
subcommand of the
-.Ic crypto
+\f\*[B-Font]crypto\f[]
configuration command.
If not specified in this way, or when starting the
-.B
+\f\*[B-Font]ntp-keygen\fP
program,
the OpenSSL library will look for the file using the path specified
by the
-.Ev RANDFILE
+RANDFILE
environment variable in the user home directory,
whether root or some other user.
If the
-.Ev RANDFILE
+RANDFILE
environment variable is not present,
the library will look for the
-.Cm .rnd
+\f\*[B-Font].rnd\f[]
file in the user home directory.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
and filestamp.
The second contains the datestamp in conventional Unix date format.
Lines beginning with # are considered comments and ignored by the
-.B
+\f\*[B-Font]ntp-keygen\fP
program and
-.Xr ntpd @NTPD_MS@
+\fCntpd\fR(@NTPD_MS@)\f[]
daemon.
Cryptographic values are encoded first using ASN.1 rules,
then encrypted if necessary, and finally written PEM-encoded
printable ASCII format preceded and followed by MIME content identifier lines.
-.PP
+.sp \n(Ppu
+.ne 2
+
The format of the symmetric keys file is somewhat different
than the other files in the interest of backward compatibility.
Since DES-CBC is deprecated in NTPv4, the only key format of interest
is MD5 alphanumeric strings.
Following hte heard the keys are
entered one per line in the format
-.D1 Ar keyno type key
+.in +4
+\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
+.in -4
where
-\fIkeyno\fR
+\f\*[I-Font]keyno\f[]
is a positive integer in the range 1-65,535,
-\fItype\fR
+\f\*[I-Font]type\f[]
is the string MD5 defining the key format and
-\fIkey\fR
+\f\*[I-Font]key\f[]
is the key itself,
which is a printable ASCII string 16 characters or less in length.
Each character is chosen from the 93 printable characters
in the range 0x21 through 0x7f excluding space and the
-.Ql #
+\[oq]#\[cq]
character.
-.PP
+.sp \n(Ppu
+.ne 2
+
Note that the keys used by the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
programs
are checked against passwords requested by the programs
and entered by hand, so it is generally appropriate to specify these keys
in human readable ASCII format.
-.PP
+.sp \n(Ppu
+.ne 2
+
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program generates a MD5 symmetric keys file
-.Pa ntpkey_MD5key_ Ns Ar hostname.filestamp .
+\fIntpkey_MD5key_\f[]\f\*[I-Font]hostname.filestamp\f[].
Since the file contains private shared keys,
it should be visible only to root and distributed by secure means
to other subnet hosts.
The NTP daemon loads the file
-.Pa ntp.keys ,
+\fIntp.keys\f[],
so
-.B
+\f\*[B-Font]ntp-keygen\fP
installs a soft link from this name to the generated file.
Subsequently, similar soft links must be installed by manual
or automated means on the other subnet hosts.
While this file is not used with the Autokey Version 2 protocol,
it is needed to authenticate some remote configuration commands
used by the
-.Xr ntpq @NTPQ_MS@
+\fCntpq\fR(@NTPQ_MS@)\f[]
and
-.Xr ntpdc @NTPDC_MS@
+\fCntpdc\fR(@NTPDC_MS@)\f[]
utilities.
.SH "OPTIONS"
.TP
-.BR \-b " \fIimbits\fP, " \-\-imbits "=" \fIimbits\fP
+.NOP \f\*[B-Font]\-b\f[] \f\*[I-Font]imbits\f[], \f\*[B-Font]\-\-imbits\f[]=\f\*[I-Font]imbits\f[]
identity modulus bits.
This option takes an integer number as its argument.
-The value of \fIimbits\fP is constrained to being:
+The value of
+\f\*[I-Font]imbits\f[]
+is constrained to being:
.in +4
.nf
.na
.sp
The number of bits in the identity modulus. The default is 256.
.TP
-.BR \-c " \fIscheme\fP, " \-\-certificate "=" \fIscheme\fP
+.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]scheme\f[], \f\*[B-Font]\-\-certificate\f[]=\f\*[I-Font]scheme\f[]
certificate scheme.
.sp
scheme is one of
schemes must be used with a DSA sign key. The default without
this option is RSA-MD5.
.TP
-.BR \-C " \fIcipher\fP, " \-\-cipher "=" \fIcipher\fP
+.NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
privatekey cipher.
.sp
Select the cipher which is used to encrypt the files containing
equivalent to "@code{-C des-ede3-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
.TP
-.BR \-d ", " \-\-debug\-level
+.NOP \f\*[B-Font]\-d\f[], \f\*[B-Font]\-\-debug\-level\f[]
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.TP
-.BR \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-set\-debug\-level\f[]=\f\*[I-Font]number\f[]
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
.TP
-.BR \-e ", " \-\-id\-key
+.NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-id\-key\f[]
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
.TP
-.BR \-G ", " \-\-gq\-params
+.NOP \f\*[B-Font]\-G\f[], \f\*[B-Font]\-\-gq\-params\f[]
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
.TP
-.BR \-H ", " \-\-host\-key
+.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-host\-key\f[]
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
.TP
-.BR \-I ", " \-\-iffkey
+.NOP \f\*[B-Font]\-I\f[], \f\*[B-Font]\-\-iffkey\f[]
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
.TP
-.BR \-i " \fIgroup\fP, " \-\-ident "=" \fIgroup\fP
+.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]group\f[], \f\*[B-Font]\-\-ident\f[]=\f\*[I-Font]group\f[]
set Autokey group name.
.sp
Set the optional Autokey group name to name. This is used in
'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
\fBntpd\fP's configuration file.
.TP
-.BR \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
+.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]lifetime\f[], \f\*[B-Font]\-\-lifetime\f[]=\f\*[I-Font]lifetime\f[]
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
.TP
-.BR \-M ", " \-\-md5key
+.NOP \f\*[B-Font]\-M\f[], \f\*[B-Font]\-\-md5key\f[]
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.TP
-.BR \-m " \fImodulus\fP, " \-\-modulus "=" \fImodulus\fP
+.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]modulus\f[], \f\*[B-Font]\-\-modulus\f[]=\f\*[I-Font]modulus\f[]
modulus.
This option takes an integer number as its argument.
-The value of \fImodulus\fP is constrained to being:
+The value of
+\f\*[I-Font]modulus\f[]
+is constrained to being:
.in +4
.nf
.na
.sp
The number of bits in the prime modulus. The default is 512.
.TP
-.BR \-P ", " \-\-pvt\-cert
+.NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pvt\-cert\f[]
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
public certificates.
.TP
-.BR \-p " \fIpasswd\fP, " \-\-pvt\-passwd "=" \fIpasswd\fP
+.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-pvt\-passwd\f[]=\f\*[I-Font]passwd\f[]
output private password.
.sp
Encrypt generated files containing private data with the specified
password and the cipher selected with \fB-C/--cipher\fP.
.TP
-.BR \-q " \fIpasswd\fP, " \-\-get\-pvt\-passwd "=" \fIpasswd\fP
+.NOP \f\*[B-Font]\-q\f[] \f\*[I-Font]passwd\f[], \f\*[B-Font]\-\-get\-pvt\-passwd\f[]=\f\*[I-Font]passwd\f[]
input private password.
.sp
Set the password for reading files to the specified password.
.TP
-.BR \-S " \fIsign\fP, " \-\-sign\-key "=" \fIsign\fP
+.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]sign\f[], \f\*[B-Font]\-\-sign\-key\f[]=\f\*[I-Font]sign\f[]
generate sign key (RSA or DSA).
.sp
Generate a new sign key of the designated type, obsoleting any
that may exist. By default, the program uses the host key as the
sign key.
.TP
-.BR \-s " \fIhost@group\fP, " \-\-subject\-name "=" \fIhost@group\fP
+.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]host@group\f[], \f\*[B-Font]\-\-subject\-name\f[]=\f\*[I-Font]host@group\f[]
set host and optionally group name.
.sp
Set the Autokey host name, and optionally, group name specified
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
.TP
-.BR \-T ", " \-\-trusted\-cert
+.NOP \f\*[B-Font]\-T\f[], \f\*[B-Font]\-\-trusted\-cert\f[]
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
a non-trusted certificate.
.TP
-.BR \-V " \fInum\fP, " \-\-mv\-params "=" \fInum\fP
+.NOP \f\*[B-Font]\-V\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-params\f[]=\f\*[I-Font]num\f[]
generate <num> MV parameters.
This option takes an integer number as its argument.
.sp
Generate parameters and keys for the Mu-Varadharajan (MV)
identification scheme.
.TP
-.BR \-v " \fInum\fP, " \-\-mv\-keys "=" \fInum\fP
+.NOP \f\*[B-Font]\-v\f[] \f\*[I-Font]num\f[], \f\*[B-Font]\-\-mv\-keys\f[]=\f\*[I-Font]num\f[]
update <num> MV keys.
This option takes an integer number as its argument.
.sp
This option has not been fully documented.
.TP
-.BR \-? , " \-\-help"
+.NOP \f\*[B-Font]\-\&?\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
-.BR \-! , " \-\-more-help"
+.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
-.BR \-> " [\fIcfgfile\fP]," " \-\-save-opts" "[=\fIcfgfile\fP]"
+.NOP \f\*[B-Font]\->\f[] [\f\*[I-Font]cfgfile\f[]], \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
-.BR \-< " \fIcfgfile\fP," " \-\-load-opts" "=\fIcfgfile\fP," " \-\-no-load-opts"
+.NOP \f\*[B-Font]\-<\f[] \f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no-load-opts\fP is handled early,
out of order.
.TP
-.BR \-\-version "[={\fIv|c|n\fP}]"
+.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
+.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s) and values from
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.TH ntp-keygen @NTP_KEYGEN_MS@ "22 Dec 2013" "ntp (4.2.7p402)" "User Commands"
+.\"
+.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-SUaOhS/ag-5UaOgS)
+.\"
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:01 PM by AutoGen 5.18.3pre5
+.\" From the definitions ntp-keygen-opts.def
+.\" and the template file agman-cmd.tpl
+.SH NAME
+\f\*[B-Font]ntp-keygen\fP ntp-keygen
+\- Create a NTP host key
cvt_prog='/usr/local/gnu/share/autogen/texi2man'
cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
`/`basename "$cvt_prog"`
sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
The
- p Ar password
+\f\*[B-Font]\-p\f[] \f\*[I-Font]password\f[]
option specifies the write password and
- q Ar password
+\f\*[B-Font]\-q\f[] \f\*[I-Font]password\f[]
option the read password for previously encrypted files.
The
-.B
+\f\*[B-Font]ntp-keygen\fP
program prompts for the password if it reads an encrypted file
and the password is missing or incorrect.
If an encrypted file is read successfully and
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
-.BR 0 " (EXIT_SUCCESS)"
+.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
-.BR 1 " (EXIT_FAILURE)"
+.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
-.BR 66 " (EX_NOINPUT)"
+.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
-.BR 70 " (EX_SOFTWARE)"
+.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
+.PP
.SH "AUTHORS"
The University of Delaware
.SH "COPYRIGHT"
from one to several minutes with modern architectures
such as UltraSPARC and up to tens of minutes to an hour
with older architectures such as SPARC IPC.
-.PP
+.sp \n(Ppu
+.ne 2
+
Please report bugs to http://bugs.ntp.org .
-.PP
+.sp \n(Ppu
+.ne 2
+
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
-.PP
+.sp \n(Ppu
+.ne 2
+
This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
option definitions.
-.Dd November 30 2013
+.Dd December 22 2013
.Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed November 30, 2013 at 11:33:31 AM by AutoGen 5.18.3pre5
+.\" It has been AutoGen-ed December 22, 2013 at 11:09:08 PM by AutoGen 5.18.3pre5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nm
.\" Mixture of short (flag) options and long options
.Op Fl flags
-.Op Fl flag Ar value
-.Op Fl \-option\-name Ar value
+.Op Fl flag Op Ar value
+.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
.Pp
All arguments must be options.
.Pp
utilities.
.Sh "OPTIONS"
.Bl -tag
-.It \-b " \fIimbits\fP, " \-\-imbits "=" \fIimbits\fP
+.It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits
identity modulus bits.
This option takes an integer number as its argument.
-The value of \fIimbits\fP is constrained to being:
+The value of
+.Ar imbits
+is constrained to being:
.in +4
.nf
.na
.in -4
.sp
The number of bits in the identity modulus. The default is 256.
-.It \-c " \fIscheme\fP, " \-\-certificate "=" \fIscheme\fP
+.It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme
certificate scheme.
.sp
scheme is one of
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
this option is RSA\-MD5.
-.It \-C " \fIcipher\fP, " \-\-cipher "=" \fIcipher\fP
+.It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher
privatekey cipher.
.sp
Select the cipher which is used to encrypt the files containing
private keys. The default is three\-key triple DES in CBC mode,
equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
-.It \-d ", " \-\-debug\-level
+.It Fl d , Fl \-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
+.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.It \-e ", " \-\-id\-key
+.It Fl e , Fl \-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
-.It \-G ", " \-\-gq\-params
+.It Fl G , Fl \-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.It \-H ", " \-\-host\-key
+.It Fl H , Fl \-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
-.It \-I ", " \-\-iffkey
+.It Fl I , Fl \-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
-.It \-i " \fIgroup\fP, " \-\-ident "=" \fIgroup\fP
+.It Fl i Ar group , Fl \-ident Ns = Ns Ar group
set Autokey group name.
.sp
Set the optional Autokey group name to name. This is used in
issuer names in the form \fBhost@group\fP and should match the
\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
\fBntpd\fP's configuration file.
-.It \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
+.It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
-.It \-M ", " \-\-md5key
+.It Fl M , Fl \-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
-.It \-m " \fImodulus\fP, " \-\-modulus "=" \fImodulus\fP
+.It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus
modulus.
This option takes an integer number as its argument.
-The value of \fImodulus\fP is constrained to being:
+The value of
+.Ar modulus
+is constrained to being:
.in +4
.nf
.na
.in -4
.sp
The number of bits in the prime modulus. The default is 512.
-.It \-P ", " \-\-pvt\-cert
+.It Fl P , Fl \-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
public certificates.
-.It \-p " \fIpasswd\fP, " \-\-pvt\-passwd "=" \fIpasswd\fP
+.It Fl p Ar passwd , Fl \-pvt\-passwd Ns = Ns Ar passwd
output private password.
.sp
Encrypt generated files containing private data with the specified
password and the cipher selected with \fB\-C/\-\-cipher\fP.
-.It \-q " \fIpasswd\fP, " \-\-get\-pvt\-passwd "=" \fIpasswd\fP
+.It Fl q Ar passwd , Fl \-get\-pvt\-passwd Ns = Ns Ar passwd
input private password.
.sp
Set the password for reading files to the specified password.
-.It \-S " \fIsign\fP, " \-\-sign\-key "=" \fIsign\fP
+.It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign
generate sign key (RSA or DSA).
.sp
Generate a new sign key of the designated type, obsoleting any
that may exist. By default, the program uses the host key as the
sign key.
-.It \-s " \fIhost@group\fP, " \-\-subject\-name "=" \fIhost@group\fP
+.It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group
set host and optionally group name.
.sp
Set the Autokey host name, and optionally, group name specified
subject and issuer fields, as with \fB\-i group\fP. The group name, or
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
-.It \-T ", " \-\-trusted\-cert
+.It Fl T , Fl \-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
a non\-trusted certificate.
-.It \-V " \fInum\fP, " \-\-mv\-params "=" \fInum\fP
+.It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num
generate <num> MV parameters.
This option takes an integer number as its argument.
.sp
Generate parameters and keys for the Mu\-Varadharajan (MV)
identification scheme.
-.It \-v " \fInum\fP, " \-\-mv\-keys "=" \fInum\fP
+.It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num
update <num> MV keys.
This option takes an integer number as its argument.
.sp
This option has not been fully documented.
-.It \-? , " \-\-help"
+.It Fl \&? , Fl \-help
Display usage information and exit.
-.It \-! , " \-\-more\-help"
+.It Fl \&! , Fl \-more\-help
Pass the extended usage information through a pager.
-.It \-> " [\fIcfgfile\fP]," " \-\-save\-opts" "[=\fIcfgfile\fP]"
+.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc
Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
-.It \-< " \fIcfgfile\fP," " \-\-load\-opts" "=\fIcfgfile\fP," " \-\-no\-load\-opts"
+.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts
Load options from \fIcfgfile\fP.
The \fIno\-load\-opts\fP form will disable the loading
of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
-.It \-\-version "[={\fIv|c|n\fP}]"
+.It Fl \-version Op Brq Ar v|c|n
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.Pp
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version 4.2.7p401 of NTP.
+This document corresponds to version 4.2.7p402 of NTP.
Portions of this document came from FreeBSD.
.Pp
This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP
projects / thirdparty / ntp.git / commitdiff
