ntpsnmpd/ntpsnmpd-opts.h
ntpsnmpd/ntpsnmpd.1ntpsnmpdman
ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
+ntpsnmpd/ntpsnmpd.html
ntpsnmpd/ntpsnmpd.man.in
ntpsnmpd/ntpsnmpd.mdoc.in
packageinfo.sh
+* ntp-wait, ntpd, ntpdc, ntpq, ntpsnmpd autogen documentation updates.
* mdoc2texi fixes: Handle_ArCmFlIc, Handle_Fn, HandleQ.
* ntp-keygen autogen documentation updates.
* ntpq autogen docs.
<title>ntpd: Network Time Protocol (NTP) Daemon User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpd: Network Time Protocol (NTP) Daemon User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<h1 class="settitle">ntpd: Network Time Protocol (NTP) Daemon User's Manual</h1>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Description">ntpd Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-Description">ntpd Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">ntpd: Network Time Protocol (NTP) Daemon User Manual</h2>
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
- <p>This document applies to version {No value for `VERSION'} of <code>ntpd</code>.
+ <p>This document applies to version 4.2.7p337 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
</ul>
<div class="node">
-<p><hr>
<a name="ntpd-Description"></a>
-<br>
+<p><hr>
+
+
</div>
<!-- node-name, next, previous, up -->
the daemon times out and exits without setting the clock.
<div class="node">
-<p><hr>
<a name="ntpd-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntpd</h3>
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntpd-usage">ntpd usage</a>: ntpd help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntpd-usage">ntpd usage</a>: ntpd help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntpd-ipv4">ntpd ipv4</a>: ipv4 option (-4)
<li><a accesskey="3" href="#ntpd-ipv6">ntpd ipv6</a>: ipv6 option (-6)
<li><a accesskey="4" href="#ntpd-authreq">ntpd authreq</a>: authreq option (-a)
</ul>
<div class="node">
+<a name="ntpd-usage"></a>
<p><hr>
-
<a name="ntpd-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpd-ipv4">ntpd ipv4</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-ipv4">ntpd ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
-<h4 class="subsection">ntpd help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntpd help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntpd-help-3"></a>
This is the automatically generated usage text for ntpd.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
-<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p336
+<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p337
USAGE: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
</pre>
<div class="node">
+<a name="ntpd-ipv4"></a>
<p><hr>
-
<a name="ntpd-ipv4"></a>Next: <a rel="next" accesskey="n" href="#ntpd-ipv6">ntpd ipv6</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-ipv6">ntpd ipv6</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-usage">ntpd usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv4 option (-4)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv4 namespace.
<div class="node">
+<a name="ntpd-ipv6"></a>
<p><hr>
-
<a name="ntpd-ipv6"></a>Next: <a rel="next" accesskey="n" href="#ntpd-authreq">ntpd authreq</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-authreq">ntpd authreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-ipv4">ntpd ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv6 option (-6)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv6 namespace.
<div class="node">
+<a name="ntpd-authreq"></a>
<p><hr>
-
<a name="ntpd-authreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-authnoreq">ntpd authnoreq</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-authnoreq">ntpd authnoreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-ipv6">ntpd ipv6</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">authreq option (-a)</h4>
multicast client and symmetric passive associations.
This is the default.
<div class="node">
+<a name="ntpd-authnoreq"></a>
<p><hr>
-
<a name="ntpd-authnoreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-configfile">ntpd configfile</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-configfile">ntpd configfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-authreq">ntpd authreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">authnoreq option (-A)</h4>
multicast client and symmetric passive associations.
This is almost never a good idea.
<div class="node">
+<a name="ntpd-configfile"></a>
<p><hr>
-
<a name="ntpd-configfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-driftfile">ntpd driftfile</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-driftfile">ntpd driftfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-authnoreq">ntpd authnoreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">configfile option (-c)</h4>
This is the “configuration file name” option.
This option takes an argument string.
The name and path of the configuration file,
-<span class="file">/etc/ntp.conf</span>
+<samp><span class="file">/etc/ntp.conf</span></samp>
by default.
<div class="node">
+<a name="ntpd-driftfile"></a>
<p><hr>
-
<a name="ntpd-driftfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-panicgate">ntpd panicgate</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-panicgate">ntpd panicgate</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-configfile">ntpd configfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">driftfile option (-f)</h4>
This is the “frequency drift file name” option.
This option takes an argument string.
The name and path of the frequency file,
-<span class="file">/etc/ntp.drift</span>
+<samp><span class="file">/etc/ntp.drift</span></samp>
by default.
This is the same operation as the
<code>driftfile</code> <kbd>driftfile</kbd>
configuration specification in the
-<span class="file">/etc/ntp.conf</span>
+<samp><span class="file">/etc/ntp.conf</span></samp>
file.
<div class="node">
+<a name="ntpd-panicgate"></a>
<p><hr>
-
<a name="ntpd-panicgate"></a>Next: <a rel="next" accesskey="n" href="#ntpd-jaildir">ntpd jaildir</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-jaildir">ntpd jaildir</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-driftfile">ntpd driftfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">panicgate option (-g)</h4>
<code>tinker</code>
configuration file directive for other options.
<div class="node">
+<a name="ntpd-jaildir"></a>
<p><hr>
-
<a name="ntpd-jaildir"></a>Next: <a rel="next" accesskey="n" href="#ntpd-interface">ntpd interface</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-interface">ntpd interface</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-panicgate">ntpd panicgate</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">jaildir option (-i)</h4>
<code>--enable-clockctl</code>) and Linux (configure with
<code>--enable-linuxcaps</code>).
<div class="node">
+<a name="ntpd-interface"></a>
<p><hr>
-
<a name="ntpd-interface"></a>Next: <a rel="next" accesskey="n" href="#ntpd-keyfile">ntpd keyfile</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-keyfile">ntpd keyfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-jaildir">ntpd jaildir</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">interface option (-I)</h4>
<p><a name="index-ntpd_002dinterface-12"></a>
This is the “listen on an interface name or address” option.
-This option takes an argument string <span class="file">iface</span>.
+This option takes an argument string <samp><span class="file">iface</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
This option is deprecated. Please consider using the configuration file
<code>interface</code> command, which is more versatile.
<div class="node">
+<a name="ntpd-keyfile"></a>
<p><hr>
-
<a name="ntpd-keyfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-logfile">ntpd logfile</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-logfile">ntpd logfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-interface">ntpd interface</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">keyfile option (-k)</h4>
This is the “path to symmetric keys” option.
This option takes an argument string.
Specify the name and path of the symmetric key file.
-<span class="file">/etc/ntp.keys</span>
+<samp><span class="file">/etc/ntp.keys</span></samp>
is the default.
This is the same operation as the
<code>keys</code> <kbd>keyfile</kbd>
configuration file directive.
<div class="node">
+<a name="ntpd-logfile"></a>
<p><hr>
-
<a name="ntpd-logfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-novirtualips">ntpd novirtualips</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-novirtualips">ntpd novirtualips</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-keyfile">ntpd keyfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">logfile option (-l)</h4>
<code>logfile</code> <kbd>logfile</kbd>
configuration file directive.
<div class="node">
+<a name="ntpd-novirtualips"></a>
<p><hr>
-
<a name="ntpd-novirtualips"></a>Next: <a rel="next" accesskey="n" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-logfile">ntpd logfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">novirtualips option (-L)</h4>
consider using the configuration file <code>interface</code> command, which
is more versatile.
<div class="node">
+<a name="ntpd-modifymmtimer"></a>
<p><hr>
-
<a name="ntpd-modifymmtimer"></a>Next: <a rel="next" accesskey="n" href="#ntpd-nice">ntpd nice</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-nice">ntpd nice</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-novirtualips">ntpd novirtualips</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">modifymmtimer option (-M)</h4>
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
<div class="node">
+<a name="ntpd-nice"></a>
<p><hr>
-
<a name="ntpd-nice"></a>Next: <a rel="next" accesskey="n" href="#ntpd-pidfile">ntpd pidfile</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-pidfile">ntpd pidfile</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-modifymmtimer">ntpd modifymmtimer</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">nice option (-N)</h4>
<code>ntpd</code>
at the highest priority.
<div class="node">
+<a name="ntpd-pidfile"></a>
<p><hr>
-
<a name="ntpd-pidfile"></a>Next: <a rel="next" accesskey="n" href="#ntpd-priority">ntpd priority</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-priority">ntpd priority</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-nice">ntpd nice</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">pidfile option (-p)</h4>
<code>pidfile</code> <kbd>pidfile</kbd>
configuration file directive.
<div class="node">
+<a name="ntpd-priority"></a>
<p><hr>
-
<a name="ntpd-priority"></a>Next: <a rel="next" accesskey="n" href="#ntpd-quit">ntpd quit</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-quit">ntpd quit</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-pidfile">ntpd pidfile</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">priority option (-P)</h4>
<code>sched_setscheduler(SCHED_FIFO)</code>
priority.
<div class="node">
+<a name="ntpd-quit"></a>
<p><hr>
-
<a name="ntpd-quit"></a>Next: <a rel="next" accesskey="n" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-priority">ntpd priority</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">quit option (-q)</h4>
options can be used with this option.
Note: The kernel time discipline is disabled with this option.
<div class="node">
+<a name="ntpd-propagationdelay"></a>
<p><hr>
-
<a name="ntpd-propagationdelay"></a>Next: <a rel="next" accesskey="n" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-quit">ntpd quit</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">propagationdelay option (-r)</h4>
This option takes an argument string.
Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
<div class="node">
+<a name="ntpd-saveconfigquit"></a>
<p><hr>
-
<a name="ntpd-saveconfigquit"></a>Next: <a rel="next" accesskey="n" href="#ntpd-statsdir">ntpd statsdir</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-statsdir">ntpd statsdir</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-propagationdelay">ntpd propagationdelay</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">saveconfigquit option</h4>
equivalent to the given filename and exit. This option was
designed for automated testing.
<div class="node">
+<a name="ntpd-statsdir"></a>
<p><hr>
-
<a name="ntpd-statsdir"></a>Next: <a rel="next" accesskey="n" href="#ntpd-trustedkey">ntpd trustedkey</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-trustedkey">ntpd trustedkey</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-saveconfigquit">ntpd saveconfigquit</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">statsdir option (-s)</h4>
<code>statsdir</code> <kbd>statsdir</kbd>
configuration file directive.
<div class="node">
+<a name="ntpd-trustedkey"></a>
<p><hr>
-
<a name="ntpd-trustedkey"></a>Next: <a rel="next" accesskey="n" href="#ntpd-user">ntpd user</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-user">ntpd user</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-statsdir">ntpd statsdir</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">trustedkey option (-t)</h4>
<p><a name="index-ntpd_002dtrustedkey-24"></a>
This is the “trusted key number” option.
-This option takes an argument string <span class="file">tkey</span>.
+This option takes an argument string <samp><span class="file">tkey</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Add the specified key number to the trusted key list.
<div class="node">
+<a name="ntpd-user"></a>
<p><hr>
-
<a name="ntpd-user"></a>Next: <a rel="next" accesskey="n" href="#ntpd-updateinterval">ntpd updateinterval</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-updateinterval">ntpd updateinterval</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-trustedkey">ntpd trustedkey</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">user option (-u)</h4>
<code>--enable-clockctl</code>) and Linux (configure with
<code>--enable-linuxcaps</code>).
<div class="node">
+<a name="ntpd-updateinterval"></a>
<p><hr>
-
<a name="ntpd-updateinterval"></a>Next: <a rel="next" accesskey="n" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-user">ntpd user</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">updateinterval option (-U)</h4>
has been detected by the system.
Use 0 to disable scanning. 60 seconds is the minimum time between scans.
<div class="node">
+<a name="ntpd-wait-sync"></a>
+<a name="ntpd-wait_002dsync"></a>
<p><hr>
-
<a name="ntpd-wait_002dsync"></a>Next: <a rel="next" accesskey="n" href="#ntpd-slew">ntpd slew</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-slew">ntpd slew</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-updateinterval">ntpd updateinterval</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">wait-sync option (-w)</h4>
This provides the option for a script starting <code>ntpd</code> to easily
wait for the first set of the clock before proceeding.
<div class="node">
+<a name="ntpd-slew"></a>
<p><hr>
-
<a name="ntpd-slew"></a>Next: <a rel="next" accesskey="n" href="#ntpd-usepcc">ntpd usepcc</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-usepcc">ntpd usepcc</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-wait_002dsync">ntpd wait-sync</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">slew option (-x)</h4>
configuration file directive for other options.
Note: The kernel time discipline is disabled with this option.
<div class="node">
+<a name="ntpd-usepcc"></a>
<p><hr>
-
<a name="ntpd-usepcc"></a>Next: <a rel="next" accesskey="n" href="#ntpd-pccfreq">ntpd pccfreq</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-pccfreq">ntpd pccfreq</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-slew">ntpd slew</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">usepcc option</h4>
they have the same frequency, the CPU counter (RDTSC on x86) is
used directly, saving the overhead of a system call.
<div class="node">
+<a name="ntpd-pccfreq"></a>
<p><hr>
-
<a name="ntpd-pccfreq"></a>Next: <a rel="next" accesskey="n" href="#ntpd-mdns">ntpd mdns</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-mdns">ntpd mdns</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-usepcc">ntpd usepcc</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">pccfreq option</h4>
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
<div class="node">
+<a name="ntpd-mdns"></a>
<p><hr>
-
<a name="ntpd-mdns"></a>Next: <a rel="next" accesskey="n" href="#ntpd-config">ntpd config</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-config">ntpd config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-pccfreq">ntpd pccfreq</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">mdns option (-m)</h4>
the server to be discovered via mDNS client lookup.
<div class="node">
+<a name="ntpd-config"></a>
<p><hr>
-
<a name="ntpd-config"></a>Next: <a rel="next" accesskey="n" href="#ntpd-exit-status">ntpd exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-exit-status">ntpd exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-mdns">ntpd mdns</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntpd</h4>
first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntpd-exit-status"></a>
<p><hr>
-
<a name="ntpd-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Usage">ntpd Usage</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-Usage">ntpd Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-config">ntpd config</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
</dl>
<div class="node">
+<a name="ntpd-Usage"></a>
<p><hr>
-
<a name="ntpd-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Files">ntpd Files</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-Files">ntpd Files</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-exit-status">ntpd exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd Usage</h4>
<div class="node">
-<p><hr>
<a name="How-NTP-Operates"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">How NTP Operates</h3>
acceptable range,
<code>ntpd</code>
enters the same state as when the
-<span class="file">ntp.drift</span>
+<samp><span class="file">ntp.drift</span></samp>
file is not present.
The intent of this behavior
is to quickly correct the frequency and restore operation to the
<code>ntpd(8)</code>
that often addresses all of the problems mentioned above.
<div class="node">
-<p><hr>
+<a name="Starting-NTP-(Best-Current-Practice)"></a>
<a name="Starting-NTP-_0028Best-Current-Practice_0029"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Starting NTP (Best Current Practice)</h3>
<code>server</code> entries.
<p>If you can also keep a good
-<span class="file">ntp.drift</span>
+<samp><span class="file">ntp.drift</span></samp>
file then
<code>ntpd(8)</code>
will effectively "warm-start" and your system's clock will
it is as safe as it will ever be to start any process that require
stable time.
<div class="node">
-<p><hr>
<a name="Frequency-Discipline"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Frequency Discipline</h3>
<code>ntpd</code>
behavior at startup depends on whether the
frequency file, usually
-<span class="file">ntp.drift</span>,
+<samp><span class="file">ntp.drift</span></samp>,
,
exists.
This file
After that the current frequency offset is written to
the file at hourly intervals.
<div class="node">
-<p><hr>
<a name="Operating-Modes"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Operating Modes</h3>
page
(available as part of the HTML documentation
provided in
-<span class="file">/usr/share/doc/ntp</span>).
+<samp><span class="file">/usr/share/doc/ntp</span></samp>).
)
.
It normally operates continuously while
frequency is read from the file and initializes the kernel
frequency.
<div class="node">
-<p><hr>
<a name="Poll-Interval-Control"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Poll Interval Control</h3>
s, for example, the capture range is only 31 PPM.
If the intrinsic
error is greater than this, the drift file
-<span class="file">ntp.drift</span>
+<samp><span class="file">ntp.drift</span></samp>
will
have to be specially tailored to reduce the residual error below
this limit.
updated once per hour and is available to initialize the frequency
on subsequent daemon restarts.
<div class="node">
-<p><hr>
+<a name="The-huff-n'-puff-Filter"></a>
<a name="The-huff_002dn_0027_002dpuff-Filter"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">The huff-n'-puff Filter</h3>
<code>huffpuff</code> keyword, as described in
<code>ntp.conf(5)</code>.
<div class="node">
+<a name="ntpd-Files"></a>
<p><hr>
-
<a name="ntpd-Files"></a>Next: <a rel="next" accesskey="n" href="#ntpd-See-Also">ntpd See Also</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-See-Also">ntpd See Also</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-Usage">ntpd Usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd Files</h4>
<dl>
-<dt><span class="samp">Pa</span><dd>the default name of the configuration file
-<br><dt><span class="samp">Pa</span><dd>the default name of the drift file
-<br><dt><span class="samp">Pa</span><dd>the default name of the key file
+<dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the configuration file
+<br><dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the drift file
+<br><dt>‘<samp><span class="samp">Pa</span></samp>’<dd>the default name of the key file
<div class="node">
+<a name="ntpd-See-Also"></a>
<p><hr>
-
<a name="ntpd-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Bugs">ntpd Bugs</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-Bugs">ntpd Bugs</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-Files">ntpd Files</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd See Also</h4>
http://www.ntp.org/
.
A snapshot of this documentation is available in HTML format in
-<span class="file">/usr/share/doc/ntp</span>.
+<samp><span class="file">/usr/share/doc/ntp</span></samp>.
.
.Rs
.%A
RFC5908
.Re
<div class="node">
+<a name="ntpd-Bugs"></a>
<p><hr>
-
<a name="ntpd-Bugs"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Notes">ntpd Notes</a>,
+Next: <a rel="next" accesskey="n" href="#ntpd-Notes">ntpd Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpd-See-Also">ntpd See Also</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd Bugs</h4>
a busy primary server, rather than a high stratum workstation in
mind.
<div class="node">
+<a name="ntpd-Notes"></a>
<p><hr>
-
<a name="ntpd-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntpd-Bugs">ntpd Bugs</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpd-Bugs">ntpd Bugs</a>,
Up: <a rel="up" accesskey="u" href="#ntpd-Invocation">ntpd Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpd Notes</h4>
Portions of this document came from FreeBSD.
<div class="node">
-<p><hr>
<a name="Usage"></a>
-<br>
+<p><hr>
+
+
</div>
<!-- node-name, next, previous, up -->
@c %**start of header
@setfilename ntpd.info
@settitle ntpd: Network Time Protocol (NTP) Daemon User's Manual
-@include include/version.texi
+@include ../sntp/include/version.texi
@paragraphindent 2
@c %**end of header
<title>ntpdc: NTPD Control User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpdc: NTPD Control User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<h1 class="settitle">ntpdc: NTPD Control User's Manual</h1>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-Description">ntpdc Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-Description">ntpdc Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">ntpdc: NTPD Control User Manual</h2>
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
+ <div class="shortcontents">
+<h2>Short Contents</h2>
+<ul>
+<a href="#Top">ntpdc: NTPD Control User Manual</a>
+</ul>
+</div>
+
<ul class="menu">
<li><a accesskey="1" href="#ntpdc-Description">ntpdc Description</a>: Description
<li><a accesskey="2" href="#ntpdc-Invocation">ntpdc Invocation</a>: Invoking ntpdc
</ul>
<div class="node">
-<p><hr>
<a name="ntpdc-Description"></a>
-<br>
+<p><hr>
+
+
</div>
<!-- node-name, next, previous, up -->
error bound of the system clock relative to the server clock.
<div class="node">
-<p><hr>
<a name="ntpdc-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntpdc</h3>
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntpdc-usage">ntpdc usage</a>: ntpdc help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntpdc-usage">ntpdc usage</a>: ntpdc help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntpdc-ipv4">ntpdc ipv4</a>: ipv4 option (-4)
<li><a accesskey="3" href="#ntpdc-ipv6">ntpdc ipv6</a>: ipv6 option (-6)
<li><a accesskey="4" href="#ntpdc-command">ntpdc command</a>: command option (-c)
</ul>
<div class="node">
+<a name="ntpdc-usage"></a>
<p><hr>
-
<a name="ntpdc-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-ipv4">ntpdc ipv4</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-ipv4">ntpdc ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
-<h4 class="subsection">ntpdc help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntpdc help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntpdc-help-3"></a>
This is the automatically generated usage text for ntpdc.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p337
please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
</pre>
<div class="node">
+<a name="ntpdc-ipv4"></a>
<p><hr>
-
<a name="ntpdc-ipv4"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-ipv6">ntpdc ipv6</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-ipv6">ntpdc ipv6</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-usage">ntpdc usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv4 option (-4)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv4 namespace.
<div class="node">
+<a name="ntpdc-ipv6"></a>
<p><hr>
-
<a name="ntpdc-ipv6"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-command">ntpdc command</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-command">ntpdc command</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv4">ntpdc ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv6 option (-6)</h4>
<p>Force DNS resolution of following host names on the command line
to the IPv6 namespace.
<div class="node">
+<a name="ntpdc-command"></a>
<p><hr>
-
<a name="ntpdc-command"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-interactive">ntpdc interactive</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-interactive">ntpdc interactive</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-ipv6">ntpdc ipv6</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">command option (-c)</h4>
<p><a name="index-ntpdc_002dcommand-6"></a>
This is the “run a command and exit” option.
-This option takes an argument string <span class="file">cmd</span>.
+This option takes an argument string <samp><span class="file">cmd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
and is added to the list of commands to be executed on the specified
host(s).
<div class="node">
+<a name="ntpdc-interactive"></a>
<p><hr>
-
<a name="ntpdc-interactive"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-listpeers">ntpdc listpeers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-listpeers">ntpdc listpeers</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-command">ntpdc command</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">interactive option (-i)</h4>
<p>Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
<div class="node">
+<a name="ntpdc-listpeers"></a>
<p><hr>
-
<a name="ntpdc-listpeers"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-numeric">ntpdc numeric</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-numeric">ntpdc numeric</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-interactive">ntpdc interactive</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">listpeers option (-l)</h4>
<p>Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
<div class="node">
+<a name="ntpdc-numeric"></a>
<p><hr>
-
<a name="ntpdc-numeric"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-peers">ntpdc peers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-peers">ntpdc peers</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-listpeers">ntpdc listpeers</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">numeric option (-n)</h4>
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
<div class="node">
+<a name="ntpdc-peers"></a>
<p><hr>
-
<a name="ntpdc-peers"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-showpeers">ntpdc showpeers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-showpeers">ntpdc showpeers</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-numeric">ntpdc numeric</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">peers option (-p)</h4>
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
<div class="node">
+<a name="ntpdc-showpeers"></a>
<p><hr>
-
<a name="ntpdc-showpeers"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-config">ntpdc config</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-config">ntpdc config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-peers">ntpdc peers</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">showpeers option (-s)</h4>
of their state. This is equivalent to the 'dmpeers' interactive command.
<div class="node">
+<a name="ntpdc-config"></a>
<p><hr>
-
<a name="ntpdc-config"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-exit-status">ntpdc exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-exit-status">ntpdc exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-showpeers">ntpdc showpeers</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntpdc</h4>
<li>$PWD
</ul>
The environment variables <code>HOME</code>, and <code>PWD</code>
-are expanded and replaced when <span class="file">ntpdc</span> runs.
+are expanded and replaced when <samp><span class="file">ntpdc</span></samp> runs.
For any of these that are plain files, they are simply processed.
-For any that are directories, then a file named <span class="file">.ntprc</span> is searched for
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
within that directory and processed.
<p>Configuration files may be in a wide variety of formats.
first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntpdc-exit-status"></a>
<p><hr>
-
<a name="ntpdc-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-Usage">ntpdc Usage</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-Usage">ntpdc Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-config">ntpdc config</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpdc exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
-<br><dt><span class="samp">66 (EX_NOINPUT)</span><dd>A specified configuration file could not be loaded.
-<br><dt><span class="samp">70 (EX_SOFTWARE)</span><dd>libopts had an internal operational error. Please report
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded.
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</dl>
<div class="node">
+<a name="ntpdc-Usage"></a>
<p><hr>
-
<a name="ntpdc-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntpdc-See-Also">ntpdc See Also</a>,
+Next: <a rel="next" accesskey="n" href="#ntpdc-See-Also">ntpdc See Also</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpdc-exit-status">ntpdc exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpdc Usage</h4>
attempt to read interactive format commands from the standard
input.
<div class="node">
-<p><hr>
<a name="Interactive-Commands"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Interactive Commands</h3>
The output of a
command is normally sent to the standard output, but optionally the
output of individual commands may be sent to a file by appending a
-\&>,
+‘\&>,’
followed by a file name, to the command line.
<p>A number of interactive format commands are executed entirely
These are described
following.
<dl>
-<dt><span class="samp">Ic</span><br><dt><span class="samp">Ic</span><dd>A
-Ic\&?
+<dt>‘<samp><span class="samp">Ic</span></samp>’<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>A
+‘Ic\&?’
will print a list of all the command
keywords known to this incarnation of
<code>ntpdc</code>.
A
-Ic\&?
+‘Ic\&?’
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
<code>ntpq(8)</code>
than this manual
page.
-<br><dt><span class="samp">Ic</span><dd>Specify a time interval to be added to timestamps included in
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
(unreliable) server reconfiguration over long delay network paths
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-<br><dt><span class="samp">Ic</span><dd>Set the host to which future queries will be sent.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Set the host to which future queries will be sent.
Hostname may
be either a host name or a numeric address.
-<br><dt><span class="samp">Ic</span><dd>If
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>If
<code>yes</code> is specified, host names are printed in
information displays.
If
<code>yes</code>, unless
modified using the command line
<code>-n</code> switch.
-<br><dt><span class="samp">Ic</span><dd>This command allows the specification of a key number to be
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-<br><dt><span class="samp">Ic</span><dd>Exit
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Exit
<code>ntpdc</code>.
-<br><dt><span class="samp">Ic</span><dd>This command prompts you to type in a password (which will not
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-<br><dt><span class="samp">Ic</span><dd>Specify a timeout period for responses to server queries.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a timeout period for responses to server queries.
The
default is about 8000 milliseconds.
Note that since
a timeout will be twice the timeout value set.
<div class="node">
-<p><hr>
<a name="Control-Message-Commands"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Control Message Commands</h3>
in that they make no modification of the server configuration
state.
<dl>
-<dt><span class="samp">Ic</span><dd>Obtains and prints a brief list of the peers for which the
+<dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtains and prints a brief list of the peers for which the
server is maintaining state.
These should include all configured
peer associations as well as those peers whose stratum is such that
they are considered by the server to be possible future
synchronization candidates.
-<br><dt><span class="samp">Ic</span><dd>Obtains a list of peers for which the server is maintaining
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtains a list of peers for which the server is maintaining
state, along with a summary of that state.
Summary information
includes the address of the remote peer, the local interface
<p>The character in the left margin indicates the mode this peer
entry is operating in.
A
-\&+
+‘\&+’
denotes symmetric active, a
-\&-
+‘\&-’
indicates symmetric passive, a
-\&=
+‘\&=’
means the
remote server is being polled in client mode, a
-\&^
+‘\&^’
indicates that the server is broadcasting to this address, a
-\&~
+‘\&~’
denotes that the remote peer is sending broadcasts and a
-\&~
+‘\&~’
denotes that the remote peer is sending broadcasts and a
-\&*
+‘\&*’
marks the peer the server is currently synchronizing
to.
+ <p>The contents of the host field may be one of four forms.
+It may
+be a host name, an IP address, a reference clock implementation
+name with its parameter or
+.Fn
+REFCLK
+"implementation_number"
+"parameter"
+.
+On
+<code>hostnames</code> <code>no</code> only IP-addresses
+will be displayed.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>A slightly different peer summary list.
+Identical to the output
+of the
+<code>peers</code> command, except for the character in the
+leftmost column.
+Characters only appear beside peers which were
+included in the final stage of the clock selection algorithm.
+A
+‘\&.’
+indicates that this peer was cast off in the falseticker
+detection, while a
+‘\&+’
+indicates that the peer made it
+through.
+A
+‘\&*’
+denotes the peer the server is currently
+synchronizing with.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Shows a detailed display of the current peer variables for one
+or more peers.
+Most of these values are described in the NTP
+Version 2 specification.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Show per-peer statistic counters associated with the specified
+peer(s).
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print information concerning a peer clock.
+The
+values obtained provide information on the setting of fudge factors
+and other clock performance information.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print kernel phase-lock loop operating parameters.
+This information is available only if the kernel has been specially
+modified for a precision timekeeping function.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print the values of selected loop filter variables.
+The loop
+filter is the part of NTP which deals with adjusting the local
+system clock.
+The
+‘offset’
+is the last offset given to the
+loop filter by the packet processing code.
+The
+‘frequency’
+is the frequency error of the local clock in parts-per-million
+(ppm).
+The
+‘time_const’
+controls the stiffness of the
+phase-lock loop and thus the speed at which it can adapt to
+oscillator drift.
+The
+‘watchdogtimer’
+value is the number
+of seconds which have elapsed since the last sample offset was
+given to the loop filter.
+The
+<code>oneline</code> and
+<code>multiline</code> options specify the format in which this
+information is to be printed, with
+<code>multiline</code> as the
+default.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print a variety of system state variables, i.e., state related
+to the local server.
+All except the last four lines are described
+in the NTP Version 3 specification, RFC-1305.
+
+ <p>The
+‘systemflags’
+show various system flags, some of
+which can be set and cleared by the
+<code>enable</code> and
+<code>disable</code> configuration commands, respectively.
+These are
+the
+<code>auth</code>, <code>bclient</code>, <code>monitor</code>, <code>pll</code>, <code>pps</code> and
+<code>stats</code> flags.
+See the
+<code>ntpd(8)</code>
+documentation for the meaning of these flags.
+There
+are two additional flags which are read only, the
+<code>kernel_pll</code> and
+<code>kernel_pps</code>. These flags indicate
+the synchronization status when the precision time kernel
+modifications are in use.
+The
+‘kernel_pll’
+indicates that
+the local clock is being disciplined by the kernel, while the
+‘kernel_pps’
+indicates the kernel discipline is provided by the PPS
+signal.
+
+ <p>The
+‘stability’
+is the residual frequency error remaining
+after the system frequency correction is applied and is intended for
+maintenance and debugging.
+In most architectures, this value will
+initially decrease from as high as 500 ppm to a nominal value in
+the range .01 to 0.1 ppm.
+If it remains high for some time after
+starting the daemon, something may be wrong with the local clock,
+or the value of the kernel variable
+.Va
+kern.clockrate.tick
+may be
+incorrect.
+
+ <p>The
+‘broadcastdelay’
+shows the default broadcast delay,
+as set by the
+<code>broadcastdelay</code> configuration command.
+
+ <p>The
+‘authdelay’
+shows the default authentication delay,
+as set by the
+<code>authdelay</code> configuration command.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the protocol
+module.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters related to memory allocation
+code.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the input-output
+module.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Print statistics counters maintained in the timer/event queue
+support code.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print the server's restriction list.
+This list is
+(usually) printed in sorted order and may help to understand how
+the restrictions are applied.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain and print traffic counts collected and maintained by the
+monitor facility.
+The version number should not normally need to be
+specified.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Obtain debugging information for a reference clock driver.
+This
+information is provided only by some clock drivers and is mostly
+undecodable without a copy of the driver source in hand.
+
+<div class="node">
+<a name="Runtime-Configuration-Requests"></a>
+<p><hr>
+
+
+</div>
+
+<h3 class="section">Runtime Configuration Requests</h3>
+
+ <p>Runtime Configuration Requests
+All requests which cause state changes in the server are
+authenticated by the server using a configured NTP key (the
+facility can also be disabled by the server by not configuring a
+key).
+The key number and the corresponding key must also be made
+known to
+<code>ntpdc</code>.
+This can be done using the
+<code>keyid</code> and
+<code>passwd</code> commands, the latter of which will prompt at the terminal for a
+password to use as the encryption key.
+You will also be prompted
+automatically for both the key number and password the first time a
+command which would result in an authenticated request to the
+server is given.
+Authentication not only provides verification that
+the requester has permission to make such changes, but also gives
+an extra degree of protection again transmission errors.
+
+ <p>Authenticated requests always include a timestamp in the packet
+data, which is included in the computation of the authentication
+code.
+This timestamp is compared by the server to its receive time
+stamp.
+If they differ by more than a small amount the request is
+rejected.
+This is done for two reasons.
+First, it makes simple
+replay attacks on the server, by someone who might be able to
+overhear traffic on your LAN, much more difficult.
+Second, it makes
+it more difficult to request configuration changes to your server
+from topologically remote hosts.
+While the reconfiguration facility
+will work well with a server on the local host, and may work
+adequately between time-synchronized hosts on the same LAN, it will
+work very poorly for more distant hosts.
+As such, if reasonable
+passwords are chosen, care is taken in the distribution and
+protection of keys and appropriate source address restrictions are
+applied, the run time reconfiguration facility should provide an
+adequate level of security.
+
+ <p>The following commands all make authenticated requests.
+ <dl>
+<dt>‘<samp><span class="samp">Xo</span></samp>’<dd>[<kbd>keyid</kbd> ]
+[<kbd>version</kbd> ]
+[<code>prefer</code> ]
+Add a configured peer association at the given address and
+operating in symmetric active mode.
+Note that an existing
+association with the same peer may be deleted when this command is
+executed, or may simply be converted to conform to the new
+configuration, as appropriate.
+If the optional
+<kbd>keyid</kbd> is a
+nonzero integer, all outgoing packets to the remote server will
+have an authentication field attached encrypted with this key.
+If
+the value is 0 (or not given) no authentication will be done.
+The
+<kbd>version</kbd> can be 1, 2 or 3 and defaults to 3.
+The
+<code>prefer</code> keyword indicates a preferred peer (and thus will
+be used primarily for clock synchronisation if possible).
+The
+preferred peer also determines the validity of the PPS signal - if
+the preferred peer is suitable for synchronisation so is the PPS
+signal.
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>[<kbd>keyid</kbd> ]
+[<kbd>version</kbd> ]
+[<code>prefer</code> ]
+Identical to the addpeer command, except that the operating
+mode is client.
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>[<kbd>keyid</kbd> ]
+[<kbd>version</kbd> ]
+[<code>prefer</code> ]
+Identical to the addpeer command, except that the operating
+mode is broadcast.
+In this case a valid key identifier and key are
+required.
+The
+<kbd>peer_address</kbd> parameter can be the broadcast
+address of the local network or a multicast group address assigned
+to NTP.
+If a multicast address, a multicast-capable kernel is
+required.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command causes the configured bit to be removed from the
+specified peer(s).
+In many cases this will cause the peer
+association to be deleted.
+When appropriate, however, the
+association may persist in an unconfigured mode if the remote peer
+is willing to continue on in this fashion.
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>[<code>time1</code> ]
+[<code>time2</code> ]
+[<kbd>stratum</kbd> ]
+[<kbd>refid</kbd> ]
+This command provides a way to set certain data for a reference
+clock.
+See the source listing for further information.
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Oo
+<code>auth</code> | <code>Cm</code> <code>bclient</code> | <code>calibrate</code> | <code>Cm</code> <code>kernel</code> | <code>monitor</code> | <code>Cm</code> <code>ntp</code> | <code>pps</code> | <code>Cm</code> <code>stats</code> .Oc
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd>.Oo
+<code>auth</code> | <code>Cm</code> <code>bclient</code> | <code>calibrate</code> | <code>Cm</code> <code>kernel</code> | <code>monitor</code> | <code>Cm</code> <code>ntp</code> | <code>pps</code> | <code>Cm</code> <code>stats</code> .Oc
+These commands operate in the same way as the
+<code>enable</code> and
+<code>disable</code> configuration file commands of
+<code>ntpd(8)</code>.
+ <dl>
+<dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the server to synchronize with unconfigured peers only
+if the peer has been correctly authenticated using either public key
+or private key cryptography.
+The default for this flag is enable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the server to listen for a message from a broadcast or
+multicast server, as in the multicastclient command with
+default address.
+The default for this flag is disable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the calibrate feature for reference clocks.
+The default for this flag is disable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the kernel time discipline, if available.
+The default for this flag is enable if support is available, otherwise disable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the monitoring facility.
+See the
+<code>ntpdc(8)</code>.
+program and the monlist command or further information.
+The default for this flag is enable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables time and frequency discipline.
+In effect, this switch opens and closes the feedback loop,
+which is useful for testing.
+The default for this flag is enable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the pulse-per-second (PPS) signal when frequency
+and time is disciplined by the precision time kernel modifications.
+See the
+"AKernelModelforPrecisionTimekeeping"
+(available as part of the HTML documentation
+provided in
+<samp><span class="file">/usr/share/doc/ntp</span></samp>)
+)
+page for further information.
+The default for this flag is disable.
+<br><dt>‘<samp><span class="samp">Cm</span></samp>’<dd>Enables the statistics facility.
+See the
+<a href="#Monitoring">Monitoring</a>Monitoring
+Options
+section of
+<code>ntp.conf(5)</code>
+for further information.
+The default for this flag is disable.
+
+ <p>.It
+Xo
+Ic
+restrict
+Ar
+address
+Ar
+mask
+<kbd>flag</kbd> <kbd>Oo</kbd> <kbd>Ar</kbd>... <kbd>Oc</kbd> This command operates in the same way as the
+<code>restrict</code> configuration file commands of
+<code>ntpd(8)</code>.
+.It
+Xo
+Ic
+unrestrict
+Ar
+address
+Ar
+mask
+<kbd>flag</kbd> <kbd>Oo</kbd> <kbd>Ar</kbd>... <kbd>Oc</kbd> Unrestrict the matching entry from the restrict list.
+.It
+Xo
+Ic
+delrestrict
+Ar
+address
+Ar
+mask
+[<code>ntpport</code> ]
+Delete the matching entry from the restrict list.
+.It
+Ic
+readkeys
+Causes the current set of authentication keys to be purged and
+a new set to be obtained by rereading the keys file (which must
+have been specified in the
+<code>ntpd(8)</code>
+configuration file).
+This
+allows encryption keys to be changed without restarting the
+server.
+.It
+Ic
+trustedkey
+Ar
+keyid
+Oo
+Ar
+...
+Oc
+.It
+Ic
+untrustedkey
+Ar
+keyid
+Oo
+Ar
+...
+Oc
+These commands operate in the same way as the
+<code>trustedkey</code> and
+<code>untrustedkey</code> configuration file
+commands of
+<code>ntpd(8)</code>.
+.It
+Ic
+authinfo
+Returns information concerning the authentication module,
+including known keys and counts of encryptions and decryptions
+which have been done.
+.It
+Ic
+traps
+Display the traps set in the server.
+See the source listing for
+further information.
+.It
+Xo
+Ic
+addtrap
+Ar
+address
+[<kbd>port</kbd> ]
+[<kbd>interface</kbd> ]
+Set a trap for asynchronous messages.
+See the source listing
+for further information.
+.It
+Xo
+Ic
+clrtrap
+Ar
+address
+[<kbd>port</kbd> ]
+[<kbd>interface</kbd> ]
+Clear a trap for asynchronous messages.
+See the source listing
+for further information.
+.It
+Ic
+reset
+Clear the statistics counters in various modules of the server.
+See the source listing for further information.
+
+<div class="node">
+<a name="ntpdc-See-Also"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-Authors">ntpdc Authors</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-Usage">ntpdc Usage</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc See Also</h4>
+
+ <p><code>ntp.conf(5)</code>,
+<code>ntpd(8)</code>
+.Rs
+.%A
+David
+L.
+Mills
+.%T
+Network
+Time
+Protocol
+(Version
+3)
+.%O
+RFC1305
+.Re
+<div class="node">
+<a name="ntpdc-Authors"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpdc-Bugs">ntpdc Bugs</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-See-Also">ntpdc See Also</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc Authors</h4>
+
+ <p>The formatting directives in this document came from FreeBSD.
+<div class="node">
+<a name="ntpdc-Bugs"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#ntpdc-Authors">ntpdc Authors</a>,
+Up: <a rel="up" accesskey="u" href="#ntpdc-Invocation">ntpdc Invocation</a>
+
+</div>
+
+<h4 class="subsection">ntpdc Bugs</h4>
+
+ <p>The
+<code>ntpdc</code>
+utility is a crude hack.
+Much of the information it shows is
+deadly boring and could only be loved by its implementer.
+The
+program was designed so that new (and temporary) features were easy
+to hack in, at great expense to the program's ease of use.
+Despite
+this, the program is occasionally useful.
+
+ <p>Please report bugs to http://bugs.ntp.org .
+
+<div class="node">
+<a name="Usage"></a>
+<p><hr>
+
+
+</div>
+
+ <!-- node-name, next, previous, up -->
+<h3 class="section">Usage</h3>
+
+ <p>The simplest use of this program is as an unprivileged command to
+check the current time, offset, and error in the local clock.
+For example:
+
+ <pre class="example"> ntpdc ntpserver.somewhere
+</pre>
+ <p>With suitable privilege, it can be run as a command or in a
+<code>cron</code> job to reset the local clock from a reliable server, like
+the <code>ntpdate</code> and <code>rdate</code> commands.
+For example:
+
+ <pre class="example"> ntpdc -a ntpserver.somewhere
+</pre>
+ </body></html>
+
@c %**start of header
@setfilename ntpdc.info
@settitle ntpdc: NTPD Control User's Manual
-@include include/version.texi
+@include ../sntp/include/version.texi
@paragraphindent 2
@c %**end of header
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
#
-# It has been AutoGen-ed December 24, 2012 at 08:22:53 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 25, 2012 at 11:02:01 AM by AutoGen 5.16.2
# From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
than this manual
page.
@item Ic
-... @item Ic
+@code{...} @item Ic
@item Ic
The data carried by NTP mode 6 messages consists of a list of
items of the form
-@quoteleft{}variable_name=value,@quoteright{}
+@quoteleft{}variable_name=value@quoteright{},
+,
where the
@quoteleft{}=value@quoteright{}
is ignored, and can be omitted,
does not authenticate requests unless
they are write requests.
The command
-@quoteleft{}authenticateyes@quoteright{}
+@quoteleft{}authenticate yes@quoteright{}
causes
@code{ntpq}
to send authentication with all requests it
@code{ntpq}
thinks should have a decodable value but didn't are
marked with a trailing
-@quoteleft{}\&?.@quoteright{}
+@quoteleft{}\&?@quoteright{}.
+.
@item Xo
@code{debug} .Oo
@code{more} | @code{less} | @code{off} .Oc
so this command may be obsolete.
@item Ic
Set the host to which future queries will be sent.
-@kbd{hostname} may be either a host name or a numeric address.
+@code{hostname} may be either a host name or a numeric address.
@item Ic
If
@code{yes} is specified, host names are printed in
@code{ntpq}
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
-
-@end multitable
+@end table
This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpq} program.
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
- * It has been AutoGen-ed December 22, 2012 at 11:53:20 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 25, 2012 at 11:01:46 AM by AutoGen 5.16.2
* From the definitions ntpq-opts.def
* and the template file options
*
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
- * It has been AutoGen-ed December 22, 2012 at 11:53:20 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 25, 2012 at 11:01:46 AM by AutoGen 5.16.2
* From the definitions ntpq-opts.def
* and the template file options
*
-.TH ntpq 1ntpqman "22 Dec 2012" "4.2.7p337" "User Commands"
+.TH ntpq 1ntpqman "25 Dec 2012" "4.2.7p337" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:27 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 11:02:03 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
.\" Mixture of short (flag) options and long options
.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
.SH DESCRIPTION
+The
+.B
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+.B
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+If one or more request options is included on the command line
+when
+.B
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+.B
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+.B
+utility will prompt for
+commands if the standard input is a terminal device.
+.B
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+.B
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+Specifying a
+command line option other than
+i
+or
+n
+will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+.B
+will attempt to read
+interactive format commands from the standard input.
+.SS "Internal Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+A
+number of interactive format commands are executed entirely within
+the
+.B
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+.TP
+.BR Ic ? Op Ar command_keyword
+.TP
+.BR Ic help Op Ar command_keyword
+A
+.Ql \&?
+by itself will print a list of all the command
+keywords known to this incarnation of
+.Nm .
+A
+.Ql \&?
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+.Nm
+than this manual
+page.
+.TP
+.BR Ic addvars Ar variable_name Xo Op Ic =value
+.Ic ...
+.Xc
+.TP
+.BR Ic rmvars Ar variable_name Ic ...
+.TP
+.BR Ic clearvars
+The data carried by NTP mode 6 messages consists of a list of
+items of the form
+.Ql variable_name=value ,
+where the
+.Ql =value
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+.Nm
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+.Ic readlist
+and
+.Ic writelist
+commands described below.
+The
+.Ic addvars
+command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+.Ic rmvars
+command can be used to remove individual variables from the list,
+while the
+.Ic clearlist
+command removes all variables from the
+list.
+.TP
+.BR Ic authenticate Op yes | no
+Normally
+.Nm
+does not authenticate requests unless
+they are write requests.
+The command
+.Ql authenticate yes
+causes
+.Nm
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+.Ic peer
+display.
+The command
+.Ql authenticate
+causes
+.Nm
+to display whether or not
+.Nm
+is currently autheinticating requests.
+.TP
+.BR Ic cooked
+Causes output from query commands to be "cooked", so that
+variables which are recognized by
+.Nm
+will have their
+values reformatted for human consumption.
+Variables which
+.Nm
+thinks should have a decodable value but didn't are
+marked with a trailing
+.Ql \&? .
+.TP
+.BR Xo
+.Ic debug
+.Oo
+.Cm more |
+.Cm less |
+.Cm off
+.Oc
+.Xc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+.TP
+.BR Ic delay Ar milliseconds
+Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+.TP
+.BR Ic host Ar hostname
+Set the host to which future queries will be sent.
+\fIhostname\fR
+may be either a host name or a numeric address.
+.TP
+.BR Ic hostnames Op Cm yes | Cm no
+If
+.Cm yes
+is specified, host names are printed in
+information displays.
+If
+.Cm no
+is specified, numeric
+addresses are printed instead.
+The default is
+.Cm yes ,
+unless
+modified using the command line
+n
+switch.
+.TP
+.BR Ic keyid Ar keyid
+This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+.TP
+.BR Ic ntpversion Xo Oo
+.Cm 1 |
+.Cm 2 |
+.Cm 3 |
+.Cm 4
+.Oc
+.Xc
+Sets the NTP version number which
+.Nm
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+.TP
+.BR Ic quit
+Exit
+.Nm
+.TP
+.BR Ic passwd
+This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+.TP
+.BR Ic raw
+Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+.TP
+.BR Ic timeout Ar milliseconds
+Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+.Nm
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
.SH "OPTIONS"
.TP
.BR \-4 ", " -\-ipv4
-.Dd December 22 2012
+.Dd December 25 2012
.Dt NTPQ 1ntpqmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:32 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 11:01:58 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
[ host ...]
.Pp
.Sh DESCRIPTION
+The
+.Nm
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+.Nm
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+If one or more request options is included on the command line
+when
+.Nm
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+.Nm
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+.Nm
+utility will prompt for
+commands if the standard input is a terminal device.
+.Nm
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+.Nm
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+Specifying a
+command line option other than
+.Fl i
+or
+.Fl n
+will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+.Nm
+will attempt to read
+interactive format commands from the standard input.
+.Ss "Internal Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+A
+number of interactive format commands are executed entirely within
+the
+.Nm
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+.Bl -tag -width "? [command_keyword]" -compact -offset indent
+.It Ic ? Op Ar command_keyword
+.It Ic help Op Ar command_keyword
+A
+.Ql \&?
+by itself will print a list of all the command
+keywords known to this incarnation of
+.Nm .
+A
+.Ql \&?
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+.Nm
+than this manual
+page.
+.It Ic addvars Ar variable_name Xo Op Ic =value
+.Ic ...
+.Xc
+.It Ic rmvars Ar variable_name Ic ...
+.It Ic clearvars
+The data carried by NTP mode 6 messages consists of a list of
+items of the form
+.Ql variable_name=value ,
+where the
+.Ql =value
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+.Nm
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+.Ic readlist
+and
+.Ic writelist
+commands described below.
+The
+.Ic addvars
+command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+.Ic rmvars
+command can be used to remove individual variables from the list,
+while the
+.Ic clearlist
+command removes all variables from the
+list.
+.It Ic authenticate Op yes | no
+Normally
+.Nm
+does not authenticate requests unless
+they are write requests.
+The command
+.Ql authenticate yes
+causes
+.Nm
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+.Ic peer
+display.
+The command
+.Ql authenticate
+causes
+.Nm
+to display whether or not
+.Nm
+is currently autheinticating requests.
+.It Ic cooked
+Causes output from query commands to be "cooked", so that
+variables which are recognized by
+.Nm
+will have their
+values reformatted for human consumption.
+Variables which
+.Nm
+thinks should have a decodable value but didn't are
+marked with a trailing
+.Ql \&? .
+.It Xo
+.Ic debug
+.Oo
+.Cm more |
+.Cm less |
+.Cm off
+.Oc
+.Xc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+.It Ic delay Ar milliseconds
+Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+.It Ic host Ar hostname
+Set the host to which future queries will be sent.
+.Ar hostname
+may be either a host name or a numeric address.
+.It Ic hostnames Op Cm yes | Cm no
+If
+.Cm yes
+is specified, host names are printed in
+information displays.
+If
+.Cm no
+is specified, numeric
+addresses are printed instead.
+The default is
+.Cm yes ,
+unless
+modified using the command line
+.Fl n
+switch.
+.It Ic keyid Ar keyid
+This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+.It Ic ntpversion Xo Oo
+.Cm 1 |
+.Cm 2 |
+.Cm 3 |
+.Cm 4
+.Oc
+.Xc
+Sets the NTP version number which
+.Nm
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+.It Ic quit
+Exit
+.Nm
+.It Ic passwd
+This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+.It Ic raw
+Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+.It Ic timeout Ar milliseconds
+Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+.Nm
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
+.El
.Sh "OPTIONS"
.Bl -tag
.It \-4 ", " -\-ipv4
<div class="shortcontents">
<h2>Short Contents</h2>
<ul>
-<a href="#Top">Top</a>
<a href="#Top">ntpq: Network Time Protocol Query User Manual</a>
</ul>
</div>
<div class="node">
<a name="Top"></a>
<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-Description">ntpq Description</a>,
+Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
</div>
-<h2 class="unnumbered">Top</h2>
+<h2 class="unnumbered">ntpq: Network Time Protocol Query User Manual</h2>
+
+<p>The <code>ntpq</code> utility program is used to
+monitor the operational status
+and determine the performance of
+<code>ntpd</code>, the NTP daemon.
+
+ <p>This document applies to version 4.2.7p337 of <code>ntpq</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
<li><a accesskey="9" href="#Clock-Variables">Clock Variables</a>
</ul>
-<div class="node">
-<a name="Top"></a>
-<p><hr>
-Next: <a rel="next" accesskey="n" href="#ntpq-Description">ntpq Description</a>,
-Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
-Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-
-</div>
-
-<h2 class="unnumbered">ntpq: Network Time Protocol Query User Manual</h2>
-
-<p>The <code>ntpq</code> utility program is used to monitor NTP daemon <code>ntpd</code>
-operations and determine performance. It uses the standard NTP mode 6 control
-
- <p>This document applies to version {No value for `VERSION'} of <code>ntpq</code>.
-
-<ul class="menu">
-<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>: Description
-<li><a accesskey="2" href="#ntpq-Invocation">ntpq Invocation</a>: Invoking ntpq
-<li><a accesskey="3" href="#Usage">Usage</a>: Usage
-</ul>
-
<div class="node">
<a name="ntpq-Description"></a>
<p><hr>
<p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.
+<div class="node">
+<a name="ntpq-Invocation"></a>
+<p><hr>
+
+
+</div>
+
+<h3 class="section">Invoking ntpq</h3>
+
+<p><a name="index-ntpq-1"></a><a name="index-standard-NTP-query-program-2"></a>
+
+ <p>The
+<code>ntpq</code>
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+<code>ntpq</code>
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+
+ <p>If one or more request options is included on the command line
+when
+<code>ntpq</code>
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+<code>ntpq</code>
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+<code>ntpq</code>
+utility will prompt for
+commands if the standard input is a terminal device.
+
+ <p><code>ntpq</code>
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+<code>ntpq</code>
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+
+ <p>Specifying a
+command line option other than
+<code>-i</code> or
+<code>-n</code> will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+<code>ntpq</code>
+will attempt to read
+interactive format commands from the standard input.
+<div class="node">
+<a name="Internal-Commands"></a>
+<p><hr>
+
+
+</div>
+
+<h3 class="section">Internal Commands</h3>
+
+<p>Internal Commands
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+
+ <p>A
+number of interactive format commands are executed entirely within
+the
+<code>ntpq</code>
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+ <dl>
+<dt>‘<samp><span class="samp">Ic</span></samp>’<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>A
+‘\&?’
+by itself will print a list of all the command
+keywords known to this incarnation of
+<code>ntpq</code>.
+A
+‘\&?’
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+<code>ntpq</code>
+than this manual
+page.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd><code>...</code> <br><dt>‘<samp><span class="samp">Ic</span></samp>’<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>The data carried by NTP mode 6 messages consists of a list of
+items of the form
+‘variable_name=value’,
+,
+where the
+‘=value’
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+<code>ntpq</code>
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+<code>readlist</code> and
+<code>writelist</code> commands described below.
+The
+<code>addvars</code> command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+<code>rmvars</code> command can be used to remove individual variables from the list,
+while the
+<code>clearlist</code> command removes all variables from the
+list.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Normally
+<code>ntpq</code>
+does not authenticate requests unless
+they are write requests.
+The command
+‘authenticate yes’
+causes
+<code>ntpq</code>
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+<code>peer</code> display.
+The command
+‘authenticate’
+causes
+<code>ntpq</code>
+to display whether or not
+<code>ntpq</code>
+is currently autheinticating requests.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Causes output from query commands to be "cooked", so that
+variables which are recognized by
+<code>ntpq</code>
+will have their
+values reformatted for human consumption.
+Variables which
+<code>ntpq</code>
+thinks should have a decodable value but didn't are
+marked with a trailing
+‘\&?’.
+.
+<br><dt>‘<samp><span class="samp">Xo</span></samp>’<dd><code>debug</code> .Oo
+<code>more</code> | <code>less</code> | <code>off</code> .Oc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Set the host to which future queries will be sent.
+<code>hostname</code> may be either a host name or a numeric address.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>If
+<code>yes</code> is specified, host names are printed in
+information displays.
+If
+<code>no</code> is specified, numeric
+addresses are printed instead.
+The default is
+<code>yes</code>, unless
+modified using the command line
+<code>-n</code> switch.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd><code>1</code> | <code>2</code> | <code>3</code> | <code>4</code> .Oc
+Sets the NTP version number which
+<code>ntpq</code>
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Exit
+<code>ntpq</code>
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+<br><dt>‘<samp><span class="samp">Ic</span></samp>’<dd>Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+<code>ntpq</code>
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
+</dl>
+
+ <p>This section was generated by <strong>AutoGen</strong>,
+using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntpq</code> program.
+This software is released under the NTP license, <http://ntp.org/license>.
+
+<ul class="menu">
+<li><a accesskey="1" href="#ntpq-usage">ntpq usage</a>: ntpq help/usage (<samp><span class="option">--help</span></samp>)
+<li><a accesskey="2" href="#ntpq-ipv4">ntpq ipv4</a>: ipv4 option (-4)
+<li><a accesskey="3" href="#ntpq-ipv6">ntpq ipv6</a>: ipv6 option (-6)
+<li><a accesskey="4" href="#ntpq-command">ntpq command</a>: command option (-c)
+<li><a accesskey="5" href="#ntpq-peers">ntpq peers</a>: peers option (-p)
+<li><a accesskey="6" href="#ntpq-interactive">ntpq interactive</a>: interactive option (-i)
+<li><a accesskey="7" href="#ntpq-numeric">ntpq numeric</a>: numeric option (-n)
+<li><a accesskey="8" href="#ntpq-old_002drv">ntpq old-rv</a>: old-rv option
+<li><a accesskey="9" href="#ntpq-config">ntpq config</a>: presetting/configuring ntpq
+<li><a href="#ntpq-exit-status">ntpq exit status</a>: exit status
+</ul>
+
+<div class="node">
+<a name="ntpq-usage"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-ipv4">ntpq ipv4</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">ntpq help/usage (<samp><span class="option">--help</span></samp>)</h4>
+
+<p><a name="index-ntpq-help-3"></a>
+This is the automatically generated usage text for ntpq.
+
+ <p>The text printed is the same whether selected with the <code>help</code> option
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
+the usage text by passing it through a pager program.
+<code>more-help</code> is disabled on platforms without a working
+<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
+with a status code of 0.
+
+<pre class="example">ntpq - standard NTP query program - Ver. 4.2.7p337
+USAGE: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
+ Flg Arg Option-Name Description
+ -4 no ipv4 Force IPv4 DNS name resolution
+ - prohibits these options:
+ ipv6
+ -6 no ipv6 Force IPv6 DNS name resolution
+ - prohibits these options:
+ ipv4
+ -c Str command run a command and exit
+ - may appear multiple times
+ -d no debug-level Increase debug verbosity level
+ - may appear multiple times
+ -D Num set-debug-level Set the debug verbosity level
+ - may appear multiple times
+ -p no peers Print a list of the peers
+ - prohibits these options:
+ interactive
+ -i no interactive Force ntpq to operate in interactive mode
+ - prohibits these options:
+ command
+ peers
+ -n no numeric numeric host addresses
+ no old-rv Always output status line with readvar
+ opt version Output version information and exit
+ -? no help Display extended usage information and exit
+ -! no more-help Extended usage information passed thru pager
+ -> opt save-opts Save the option state to a config file
+ -< Str load-opts Load options from a config file
+ - disabled as --no-load-opts
+ - may appear multiple times
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+The following option preset mechanisms are supported:
+ - reading file $HOME/.ntprc
+ - reading file ./.ntprc
+ - examining environment variables named NTPQ_*
+
+please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
+</pre>
+ <div class="node">
+<a name="ntpq-ipv4"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-ipv6">ntpq ipv6</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-usage">ntpq usage</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">ipv4 option (-4)</h4>
+
+<p><a name="index-ntpq_002dipv4-4"></a>
+This is the “force ipv4 dns name resolution” option.
+
+<p class="noindent">This option has some usage constraints. It:
+ <ul>
+<li>must not appear in combination with any of the following options:
+ipv6.
+</ul>
+
+ <p>Force DNS resolution of following host names on the command line
+to the IPv4 namespace.
+<div class="node">
+<a name="ntpq-ipv6"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-command">ntpq command</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-ipv4">ntpq ipv4</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">ipv6 option (-6)</h4>
+
+<p><a name="index-ntpq_002dipv6-5"></a>
+This is the “force ipv6 dns name resolution” option.
+
+<p class="noindent">This option has some usage constraints. It:
+ <ul>
+<li>must not appear in combination with any of the following options:
+ipv4.
+</ul>
+
+ <p>Force DNS resolution of following host names on the command line
+to the IPv6 namespace.
+<div class="node">
+<a name="ntpq-command"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-peers">ntpq peers</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-ipv6">ntpq ipv6</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">command option (-c)</h4>
+
+<p><a name="index-ntpq_002dcommand-6"></a>
+This is the “run a command and exit” option.
+This option takes an argument string <samp><span class="file">cmd</span></samp>.
+
+<p class="noindent">This option has some usage constraints. It:
+ <ul>
+<li>may appear an unlimited number of times.
+</ul>
+
+ <p>The following argument is interpreted as an interactive format command
+and is added to the list of commands to be executed on the specified
+host(s).
+<div class="node">
+<a name="ntpq-peers"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-interactive">ntpq interactive</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-command">ntpq command</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">peers option (-p)</h4>
+
+<p><a name="index-ntpq_002dpeers-7"></a>
+This is the “print a list of the peers” option.
+
+<p class="noindent">This option has some usage constraints. It:
+ <ul>
+<li>must not appear in combination with any of the following options:
+interactive.
+</ul>
+
+ <p>Print a list of the peers known to the server as well as a summary
+of their state. This is equivalent to the 'peers' interactive command.
+<div class="node">
+<a name="ntpq-interactive"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-numeric">ntpq numeric</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-peers">ntpq peers</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">interactive option (-i)</h4>
+
+<p><a name="index-ntpq_002dinteractive-8"></a>
+This is the “force ntpq to operate in interactive mode” option.
+
+<p class="noindent">This option has some usage constraints. It:
+ <ul>
+<li>must not appear in combination with any of the following options:
+command, peers.
+</ul>
+
+ <p>Force ntpq to operate in interactive mode. Prompts will be written
+to the standard output and commands read from the standard input.
+<div class="node">
+<a name="ntpq-numeric"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-old_002drv">ntpq old-rv</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-interactive">ntpq interactive</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">numeric option (-n)</h4>
+
+<p><a name="index-ntpq_002dnumeric-9"></a>
+This is the “numeric host addresses” option.
+Output all host addresses in dotted-quad numeric format rather than
+converting to the canonical host names.
+<div class="node">
+<a name="ntpq-old-rv"></a>
+<a name="ntpq-old_002drv"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-config">ntpq config</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-numeric">ntpq numeric</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">old-rv option</h4>
+
+<p><a name="index-ntpq_002dold_002drv-10"></a>
+This is the “always output status line with readvar” option.
+By default, ntpq now suppresses the associd=... line that
+precedes the output of "readvar" (alias "rv") when a single
+variable is requested, such as ntpq -c "rv 0 offset". This
+option causes ntpq to include both lines of output for a
+single-variable readvar. Using an environment variable to
+preset this option in a script will enable both older and
+newer ntpq to behave identically in this regard.
+
+<div class="node">
+<a name="ntpq-config"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpq-exit-status">ntpq exit status</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-old_002drv">ntpq old-rv</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">presetting/configuring ntpq</h4>
+
+<p>Any option that is not marked as <i>not presettable</i> may be preset by
+loading values from configuration ("rc" or "ini") files, and values from environment variables named <code>NTPQ</code> and <code>NTPQ_<OPTION_NAME></code>. <code><OPTION_NAME></code> must be one of
+the options listed above in upper case and segmented with underscores.
+The <code>NTPQ</code> variable will be tokenized and parsed like
+the command line. The remaining variables are tested for existence and their
+values are treated like option arguments.
+
+<p class="noindent"><code>libopts</code> will search in 2 places for configuration files:
+ <ul>
+<li>$HOME
+<li>$PWD
+</ul>
+ The environment variables <code>HOME</code>, and <code>PWD</code>
+are expanded and replaced when <samp><span class="file">ntpq</span></samp> runs.
+For any of these that are plain files, they are simply processed.
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
+within that directory and processed.
+
+ <p>Configuration files may be in a wide variety of formats.
+The basic format is an option name followed by a value (argument) on the
+same line. Values may be separated from the option name with a colon,
+equal sign or simply white space. Values may be continued across multiple
+lines by escaping the newline with a backslash.
+
+ <p>Multiple programs may also share the same initialization file.
+Common options are collected at the top, followed by program specific
+segments. The segments are separated by lines like:
+<pre class="example"> [NTPQ]
+</pre>
+ <p class="noindent">or by
+<pre class="example"> <?program ntpq>
+</pre>
+ <p class="noindent">Do not mix these styles within one configuration file.
+
+ <p>Compound values and carefully constructed string values may also be
+specified using XML syntax:
+<pre class="example"> <option-name>
+ <sub-opt>...&lt;...&gt;...</sub-opt>
+ </option-name>
+</pre>
+ <p class="noindent">yielding an <code>option-name.sub-opt</code> string value of
+<pre class="example"> "...<...>..."
+</pre>
+ <p><code>AutoOpts</code> does not track suboptions. You simply note that it is a
+hierarchicly valued option. <code>AutoOpts</code> does provide a means for searching
+the associated name/value pair list (see: optionFindValue).
+
+ <p>The command line options relating to configuration and/or usage help are:
+
+<h5 class="subsubheading">version (-)</h5>
+
+<p>Print the program version to standard out, optionally with licensing
+information, then exit 0. The optional argument specifies how much licensing
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
+first letter of the argument is examined:
+
+ <dl>
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
+</dl>
+
+<div class="node">
+<a name="ntpq-exit-status"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#ntpq-config">ntpq config</a>,
+Up: <a rel="up" accesskey="u" href="#Internal-Commands">Internal Commands</a>
+
+</div>
+
+<h4 class="subsection">ntpq exit status</h4>
+
+<p>One of the following exit values will be returned:
+ <dl>
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded.
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
+</dl>
+
<div class="node">
<a name="Usage"></a>
<p><hr>
</td><td valign="top" width="23%"><code>/usr/local/etc</code>
</td><td valign="top" width="5%"><code>-k</code>
</td><td valign="top" width="15%"><code>keysdir</code>
+<br></td></tr></table>
<div class="node">
<a name="Internal-Commands"></a>
<p>Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a <code>></code>, followed by a file name, to the command line. A number of interactive format commands are executed entirely within the <code>ntpq</code> program itself and do not result in NTP mode-6 requests being sent to a server. These are described following.
<dl>
-<dt><code><a name="help"></a>? [</code><kbd>command_keyword</kbd><code><dt>help [</code><kbd>command_keyword</kbd><code>]<dd>A ? by itself will print a list of all the command keywords known to ntpq. A ? followed by a command keyword will print function and usage information about the command.
+<dt><code><a name="help"></a>? [</code><kbd>command_keyword</kbd><code>]</code><dt><code>help [</code><kbd>command_keyword</kbd><code>]</code><dd>A <code>?</code> by itself will print a list of all the command keywords known to <code>ntpq</code>. A <code>?</code> followed by a command keyword will print function and usage information about the command.
- <br><dt><a name="addvars"></a>>addvars </code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code>] [...]<dt>rmvars </code><kbd>name</kbd><code> [...]<dt>clearvars</dt><dd>The arguments to these commands consist of a list of items of the form
-</code><kbd>name</kbd><code> = </code><kbd>value</kbd><code>, where the = </code><kbd>value</kbd><code> is ignored,
+ <br><dt><code><a name="addvars"></a>>addvars </code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code>] [...]</code><dt><code>rmvars </code><kbd>name</kbd><code> [...]</code><dt><code>clearvars</dt></code><dd>The arguments to these commands consist of a list of items of the form
+<kbd>name</kbd><code> = </code><kbd>value</kbd>, where the <code>= </code><kbd>value</kbd> is ignored,
and can be omitted in read requests.
-ntpq maintains an internal list in which data to be included
-in control messages can be assembled, and sent using the readlist
-and writelist commands described below.
-The addvars command allows variables and optional values
+<code>ntpq</code> maintains an internal list in which data to be included
+in control messages can be assembled, and sent using the <code>readlist</code>
+and <code>writelist</code> commands described below.
+The <code>addvars</code> command allows variables and optional values
to be added to the list.
If more than one variable is to be added
the list should be comma-separated and not contain white space.
-The rmvars command can be used to remove individual variables
+The <code>rmvars</code> command can be used to remove individual variables
from the list,
-while the clearlist command removes all variables from the list.
+while the <code>clearlist</code> command removes all variables from the list.
- <br><dt><a name="cooked"></a>cooked<dd>Display server messages in prettyprint format.
+ <br><dt><code><a name="cooked"></a>cooked</code><dd>Display server messages in prettyprint format.
- <br><dt><a name="debug"></a>debug more | less | off<dd>Turns internal query program debugging on and off.
+ <br><dt><code><a name="debug"></a>debug more | less | off</code><dd>Turns internal query program debugging on and off.
- <br><dt><a name="delay"></a>delay </code><kbd>milliseconds</kbd><code><dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.
+ <br><dt><code><a name="delay"></a>delay </code><kbd>milliseconds</kbd><dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.
- <br><dt><a name="host"></a>host </code><kbd>name</kbd><code><dd>Set the host to which future queries will be sent.
+ <br><dt><code><a name="host"></a>host </code><kbd>name</kbd><dd>Set the host to which future queries will be sent.
The name may be either a DNS name or a numeric address.
- <br><dt><a name="hostnames"></a>hostnames [yes | no]<dd>If yes is specified, host names are printed in information displays.
-If no is specified, numeric addresses are printed instead.
-The default is yes,
-unless modified using the command line -n switch.
+ <br><dt><code><a name="hostnames"></a>hostnames [yes | no]</code><dd>If <code>yes</code> is specified, host names are printed in information displays.
+If <code>no</code> is specified, numeric addresses are printed instead.
+The default is <code>yes</code>,
+unless modified using the command line <code>-n</code> switch.
- <br><dt><a name="keyid"></a>keyid </code><kbd>keyid</kbd><code><dd>This command specifies the key number to be used
+ <br><dt><code><a name="keyid"></a>keyid </code><kbd>keyid</kbd><dd>This command specifies the key number to be used
to authenticate configuration requests.
-This must correspond to a key ID configured in ntp.conf for this purpose.
+This must correspond to a key ID configured in <code>ntp.conf</code> for this purpose.
- <br><dt><a name="keytype"></a>keytype<dd>Specify the digest algorithm to use for authenticated requests,
-with default MD5.
+ <br><dt><code><a name="keytype"></a>keytype</code><dd>Specify the digest algorithm to use for authenticated requests,
+with default <code>MD5</code>.
If the OpenSSL library is installed,
digest can be be any message digest algorithm supported by the library.
-The current selections are: MD2, MD4, MD5, MDC2, RIPEMD160, SHA and SHA1.
+The current selections are: <code>MD2</code>, <code>MD4</code>, <code>MD5</code>, <code>MDC2</code>, <code>RIPEMD160</code>, <code>SHA</code> and <code>SHA1</code>.
- <br><dt><a name="ntpversion"></a>ntpversion 1 | 2 | 3 | 4<dd>Sets the NTP version number which ntpq claims in packets.
+ <br><dt><code><a name="ntpversion"></a>ntpversion 1 | 2 | 3 | 4</code><dd>Sets the NTP version number which <code>ntpq</code> claims in packets.
Defaults to 2.
Note that mode-6 control messages (and modes, for that matter)
didn't exist in NTP version 1.
- <br><dt><a name="passwd"></a>passwd<dd>This command prompts for a password to authenticate requests.
-The password must correspond to the key ID configured in ntp.conf for this purpose.
+ <br><dt><code><a name="passwd"></a>passwd</code><dd>This command prompts for a password to authenticate requests.
+The password must correspond to the key ID configured in <code>ntp.conf</code> for this purpose.
- <br><dt><a name="quit"></a>quit<dd>Exit ntpq.
+ <br><dt><code><a name="quit"></a>quit</code><dd>Exit <code>ntpq</code>.
- <br><dt><a name="raw"></a>raw<dd>Display server messages as received and without reformatting.
+ <br><dt><code><a name="raw"></a>raw</code><dd>Display server messages as received and without reformatting.
- <br><dt><a name="timeout"></a>timeout </code><kbd>millseconds</kbd><code><dd>Specify a timeout period for responses to server queries.
+ <br><dt><code><a name="timeout"></a>timeout </code><kbd>millseconds</kbd><dd>Specify a timeout period for responses to server queries.
The default is about 5000 milliseconds.
-Note that since ntpq retries each query once after a timeout
+Note that since <code>ntpq</code> retries each query once after a timeout
the total waiting time for a timeout will be twice the timeout value set.
</dl>
- <p></code><div class="node">
+
+<div class="node">
<a name="Control-Message-Commands"></a>
<p><hr>
Next: <a rel="next" accesskey="n" href="#Status-Words-and-Kiss-Codes">Status Words and Kiss Codes</a>,
<dt><code>associations</code><dd>Display a list of mobilized associations in the form:
<br>
<code>ind assid status conf reach auth condition last_event cnt</code>
-</dl>
- <p><br></td></tr><tr align="left"><th valign="top" width="23%">Variable </th><th valign="top" width="23%">Description
-<p><br></th></tr><tr align="left"><td valign="top" width="23%"><code>ind</code>
-</td><td valign="top" width="23%">index on this list
+ <p><table summary=""><tr align="left"><th valign="top" width="10%">Variable </th><th valign="top" width="40%">Description
+
+ <p><br></th></tr><tr align="left"><td valign="top" width="10%"><code>ind</code>
+</td><td valign="top" width="40%">index on this list
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>assid</code>
-</td><td valign="top" width="23%">association ID
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>assid</code>
+</td><td valign="top" width="40%">association ID
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>status</code>
-</td><td valign="top" width="
23%"><a href="decode.html#peer">peer status word</a>
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>status</code>
+</td><td valign="top" width="
40%"><a href="decode.html#peer">peer status word</a>
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>conf</code>
-</td><td valign="top" width="23%"><code>yes</code>: persistent, <code>no</code>: ephemeral
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>conf</code>
+</td><td valign="top" width="40%"><code>yes</code>: persistent, <code>no</code>: ephemeral
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>reach</code>
-</td><td valign="top" width="23%"><code>yes</code>: reachable, <code>no</code>: unreachable
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>reach</code>
+</td><td valign="top" width="40%"><code>yes</code>: reachable, <code>no</code>: unreachable
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>auth</code>
-</td><td valign="top" width="23%"><code>ok</code>, <code>yes</code>, <code>bad</code> and <code>none</code>
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>auth</code>
+</td><td valign="top" width="40%"><code>ok</code>, <code>yes</code>, <code>bad</code> and <code>none</code>
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>condition</code>
-</td><td valign="top" width="
23%">selection status (see the <code>select</code> field of the <a href="decode.html#peer">peer status word</a>)
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>condition</code>
+</td><td valign="top" width="
40%">selection status (see the <code>select</code> field of the <a href="decode.html#peer">peer status word</a>)
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>last_event</code>
-</td><td valign="top" width="
23%">event report (see the <code>event</code> field of the <a href="decode.html#peer">peer status word</a>)
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>last_event</code>
+</td><td valign="top" width="
40%">event report (see the <code>event</code> field of the <a href="decode.html#peer">peer status word</a>)
-<p><br></td></tr><tr align="left"><td valign="top" width="23%"><code>cnt</code>
+ <p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>cnt</code>
event count (see the <code>count</code> field of the <a href="decode.html#peer">peer status word</a>)
- <br></td></tr></table>
+ <br></td></tr></table>
- <p><a name="cv"></a>clockvar <kbd>assocID</kbd> [<kbd>name</kbd> [ = <kbd>value</kbd> [...]] [...]]
- cv <kbd>assocID</kbd> [<kbd>name</kbd> [ = <kbd>value</kbd> [...] ][...]]
-Display a list of See <a href="#clock">clock variables</a> for those associations supporting a reference clock.
+ <br><dt><code><a name="cv"></a>clockvar </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...]] [...]]</code><dt><code>cv </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...] ][...]]</code><dd>Display a list of <a href="#clock">clock variables</a> for those associations supporting a reference clock.
- <p><a name="g_t_003aconfig"></a>:config [...]
-Send the remainder of the command line, including whitespace, to the server
+ <br><dt><code><a name="g_t_003aconfig"></a>:config [...]</code><dd>Send the remainder of the command line, including whitespace, to the server
as a run-time configuration command in the same format
as the configuration file.
This command is experimental until further notice and clarification.
Authentication is of course required.
- <p><a name="config_002dfrom_002dfile"></a>config-from-file <kbd>filename</kbd>
-Send the each line of <kbd>filename</kbd> to the server as
+ <br><dt><code><a name="config_002dfrom_002dfile"></a>config-from-file </code><kbd>filename</kbd><dd>Send the each line of <kbd>filename</kbd> to the server as
run-time configuration commands in the same format as the configuration file.
This command is experimental until further notice and clarification.
Authentication is required.
- <p><a name="ifstats"></a>ifstats
-Display statistics for each local network address.
+ <br><dt><code><a name="ifstats"></a>ifstats</code><dd>Display statistics for each local network address.
Authentication is required.
- <p><a name="iostats"></a>iostats
-Display network and reference clock I/O statistics.
+ <br><dt><code><a name="iostats"></a>iostats</code><dd>Display network and reference clock I/O statistics.
- <p><a name="kerninfo"></a>kerninfo
-Display kernel loop and PPS statistics.
+ <br><dt><code><a name="kerninfo"></a>kerninfo</code><dd>Display kernel loop and PPS statistics.
As with other ntpq output, times are in milliseconds.
The precision value displayed is in milliseconds as well,
unlike the precision system variable.
- <p><a name="lassoc"></a>lassociations
-Perform the same function as the associations command,
+ <br><dt><code><a name="lassoc"></a>lassociations</code><dd>Perform the same function as the associations command,
except display mobilized and unmobilized associations.
- <p><a name="monstats"></a>monstats
-Display monitor facility statistics.
+ <br><dt><code><a name="monstats"></a>monstats</code><dd>Display monitor facility statistics.
- <p><a name="mrulist"></a>mrulist [limited | kod | mincount=<kbd>count</kbd> | laddr=<kbd>localaddr</kbd> | sort=<kbd>sortorder</kbd> | resany=<kbd>hexmask</kbd> | resall=<kbd>hexmask</kbd>]
-Obtain and print traffic counts collected and maintained by
+ <br><dt><code><a name="mrulist"></a>mrulist [limited | kod | mincount=</code><kbd>count</kbd><code> | laddr=</code><kbd>localaddr</kbd><code> | sort=</code><kbd>sortorder</kbd><code> | resany=</code><kbd>hexmask</kbd><code> | resall=</code><kbd>hexmask</kbd><code>]</code><dd>Obtain and print traffic counts collected and maintained by
the monitor facility.
With the exception of <code>sort=</code><kbd>sortorder</kbd>,
the options filter the list returned by <code>ntpd</code>.
any of those preceded by a minus sign (hyphen) to reverse the sort order.
The output columns are:
- <p><table summary=""><tr align="left"><th valign="top" width="10%">Column </th><th valign="top" width="40%">Description
+
<p><table summary=""><tr align="left"><th valign="top" width="10%">Column </th><th valign="top" width="40%">Description
-<p><br></th></tr><tr align="left"><td valign="top" width="10%"><code>lstint</code>
+
<p><br></th></tr><tr align="left"><td valign="top" width="10%"><code>lstint</code>
</td><td valign="top" width="40%">
Interval in s between the receipt of the most recent packet from this
address and the completion of the retrieval of the MRU list by <code>ntpq</code>
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>avgint</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>avgint</code>
</td><td valign="top" width="40%">
Average interval in s between packets from this address.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>rstr</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>rstr</code>
</td><td valign="top" width="40%">
Restriction flags associated with this address.
Most are copied unchanged from the matching <code>restrict</code> command,
however 0x400 (kod) and 0x20 (limited) flags are cleared unless
the last packet from this address triggered a rate control response.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>r</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>r</code>
</td><td valign="top" width="40%">
Rate control indicator, either a period, <code>L</code> or <code>K</code> for
no rate control response, rate limiting by discarding, or
rate limiting with a KoD response, respectively.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>m</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>m</code>
</td><td valign="top" width="40%">
Packet mode.
<br></td></tr><tr align="left"><td valign="top" width="10%"><code>v</code>
</td><td valign="top" width="40%">
Packet version number.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>count</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>count</code>
</td><td valign="top" width="40%">
Packets received from this address.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>rport</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>rport</code>
</td><td valign="top" width="40%">
Source port of last packet from this address.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>remote address</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>remote address</code>
</td><td valign="top" width="40%">
DNS name, numeric address, or address followed by claimed DNS name which
could not be verified in parentheses.
- <br></td></tr></table>
+ <br></td></tr></table>
- <p><a name="mreadvar"></a><code>mreadvar </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code>
- <a name="mrv"></a><code>mrv </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code>
-Perform the same function as the <code>readvar</code> command,
+ <br><dt><code><a name="mreadvar"></a>mreadvar </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dt><code><a name="mrv"></a>mrv </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dd>Perform the same function as the <code>readvar</code> command,
except for a range of association IDs.
This range is determined from the association list cached by
the most recent <code>associations</code> command.
- <p><a name="passoc"></a><code>passociations</code>
-Perform the same function as the <code>associations command</code>, except that
+ <br><dt><code><a name="passoc"></a>passociations</code><dd>Perform the same function as the <code>associations command</code>, except that
it uses previously stored data rather than making a new query.
- <p><a name="pe"></a><code>peers</code>
-Display a list of peers in the form:
+ <br><dt><code><a name="pe"></a>peers</code><dd>Display a list of peers in the form:
<br>
<code>[tally]remote refid st t when pool reach delay offset jitter</code>
- <p><table summary=""><tr align="left"><th valign="top" width="10%">Variable </th><th valign="top" width="20%">Description
+
<p><table summary=""><tr align="left"><th valign="top" width="10%">Variable </th><th valign="top" width="20%">Description
<br></th></tr><tr align="left"><td valign="top" width="10%"><code>[tally]</code>
</td><td valign="top" width="20%">
single-character code indicating current value of the <code>select</code> field
of the <a href="decode.html#peer">peer status word</a>.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>remote</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>remote</code>
</td><td valign="top" width="20%">
host name (or IP number) of peer
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>refid</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>refid</code>
</td><td valign="top" width="20%">
association ID or <a href="decode.html#kiss">kiss code</a>.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>st</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>st</code>
</td><td valign="top" width="20%">
stratum
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>t</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>t</code>
</td><td valign="top" width="20%">
<code>u</code>: unicast or manycast client,
<code>b</code>: broadcast or multicast client,
<code>B</code>: broadcast server,
<code>M</code>: multicast server.
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>when</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>when</code>
</td><td valign="top" width="20%">
sec/min/hr since last received packet
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>poll</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>poll</code>
</td><td valign="top" width="20%">
poll interval (log(2) s)
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>reach</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>reach</code>
</td><td valign="top" width="20%">
reach shift register (octal)
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>delay</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>delay</code>
</td><td valign="top" width="20%">
roundtrip delay
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>offset</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>offset</code>
</td><td valign="top" width="20%">
offset of server relative to this host
-<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>jitter</code>
+
<p><br></td></tr><tr align="left"><td valign="top" width="10%"><code>jitter</code>
</td><td valign="top" width="20%">
jitter
- <br></td></tr></table>
+ <br></td></tr></table>
- <p><a name="rv"></a>readvar <kbd>assocID</kbd> <kbd>name</kbd> [ = <kbd>value</kbd> ] [,...]
- rv <kbd>assocID</kbd> [ <kbd>name</kbd> ] [,...]
-Display the specified variables.
+ <br><dt><code><a name="rv"></a>readvar </code><kbd>assocID</kbd> <kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> ] [,...]</code><dt><code>rv </code><kbd>assocID</kbd><code> [ </code><kbd>name</kbd><code> ] [,...]</code><dd>Display the specified variables.
If <kbd>assocID</kbd> is zero,
the variables are from the <a href="#system">system variables</a> name space,
otherwise they are from the <a href="#peer">peer variables</a> name space.
where YYYY is the year, MM the month of year, DD the day of month and
TTTT the time of day.
- <p><a name="saveconfig"></a><code>saveconfig </code><kbd>filename</kbd>
-Write the current configuration, including any runtime modifications
+ <br><dt><code><a name="saveconfig"></a>saveconfig </code><kbd>filename</kbd><dd>Write the current configuration, including any runtime modifications
given with <code>:config</code> or <code>config-from-file</code>,
to the ntpd host's file <kbd>filename</kbd>.
This command will be rejected by the server unless
The filename used is stored in system variable <code>savedconfig</code>.
Authentication is required.
- <p><a name="writevar"></a>writevar <kbd>assocID</kbd> <kbd>name</kbd> = <kbd>value</kbd> [,...]
-Write the specified variables.
+ <br><dt><code><a name="writevar"></a>writevar </code><kbd>assocID</kbd> <kbd>name</kbd><code> = </code><kbd>value</kbd><code> [,...]</code><dd>Write the specified variables.
If the <kbd>assocID</kbd> is zero, the variables are from the
<a href="#system">system variables</a> name space, otherwise they are from the
<a href="#peer">peer variables</a> name space.
The <kbd>assocID</kbd> is required,
as the same name can occur in both spaces.
- <p><a name="sysinfo_0022_003e_0040code_007bsysinfo_007d-Display-operational-summary_002e-_0040item-_0040anchor_007bsysstats_007d-_0040code_007bsysstats_007d-Print-statistics-counters-maintained-in-the-protocol-module_002e-_0040end-table-_0040node-Status-Words-and-Kiss-Codes"></a> System Variables, Control Message Commands, Top
-<!-- node-name, next, previous, up -->
+ <br><dt><code><a name="sysinfo"></a>sysinfo</code><dd>Display operational summary.
+
+ <br><dt><code><a name="sysstats"></a>sysstats</code><dd>Print statistics counters maintained in the protocol module.
+ </dl>
+
+<div class="node">
+<a name="Status-Words-and-Kiss-Codes"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#System-Variables">System Variables</a>,
+Previous: <a rel="previous" accesskey="p" href="#Control-Message-Commands">Control Message Commands</a>,
+Up: <a rel="up" accesskey="u" href="#Top">Top</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
<h3 class="section">Status Words and Kiss Codes</h3>
<p>The current state of the operating program is shown
-.TH ntpq @NTPQ_MS@ "22 Dec 2012" "4.2.7p337" "User Commands"
+.TH ntpq @NTPQ_MS@ "25 Dec 2012" "4.2.7p337" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:27 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 11:02:03 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
.\" Mixture of short (flag) options and long options
.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." [ host ...]
.SH DESCRIPTION
+The
+.B
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+.B
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+If one or more request options is included on the command line
+when
+.B
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+.B
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+.B
+utility will prompt for
+commands if the standard input is a terminal device.
+.B
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+.B
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+Specifying a
+command line option other than
+i
+or
+n
+will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+.B
+will attempt to read
+interactive format commands from the standard input.
+.SS "Internal Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+A
+number of interactive format commands are executed entirely within
+the
+.B
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+.TP
+.BR Ic ? Op Ar command_keyword
+.TP
+.BR Ic help Op Ar command_keyword
+A
+.Ql \&?
+by itself will print a list of all the command
+keywords known to this incarnation of
+.Nm .
+A
+.Ql \&?
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+.Nm
+than this manual
+page.
+.TP
+.BR Ic addvars Ar variable_name Xo Op Ic =value
+.Ic ...
+.Xc
+.TP
+.BR Ic rmvars Ar variable_name Ic ...
+.TP
+.BR Ic clearvars
+The data carried by NTP mode 6 messages consists of a list of
+items of the form
+.Ql variable_name=value ,
+where the
+.Ql =value
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+.Nm
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+.Ic readlist
+and
+.Ic writelist
+commands described below.
+The
+.Ic addvars
+command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+.Ic rmvars
+command can be used to remove individual variables from the list,
+while the
+.Ic clearlist
+command removes all variables from the
+list.
+.TP
+.BR Ic authenticate Op yes | no
+Normally
+.Nm
+does not authenticate requests unless
+they are write requests.
+The command
+.Ql authenticate yes
+causes
+.Nm
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+.Ic peer
+display.
+The command
+.Ql authenticate
+causes
+.Nm
+to display whether or not
+.Nm
+is currently autheinticating requests.
+.TP
+.BR Ic cooked
+Causes output from query commands to be "cooked", so that
+variables which are recognized by
+.Nm
+will have their
+values reformatted for human consumption.
+Variables which
+.Nm
+thinks should have a decodable value but didn't are
+marked with a trailing
+.Ql \&? .
+.TP
+.BR Xo
+.Ic debug
+.Oo
+.Cm more |
+.Cm less |
+.Cm off
+.Oc
+.Xc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+.TP
+.BR Ic delay Ar milliseconds
+Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+.TP
+.BR Ic host Ar hostname
+Set the host to which future queries will be sent.
+\fIhostname\fR
+may be either a host name or a numeric address.
+.TP
+.BR Ic hostnames Op Cm yes | Cm no
+If
+.Cm yes
+is specified, host names are printed in
+information displays.
+If
+.Cm no
+is specified, numeric
+addresses are printed instead.
+The default is
+.Cm yes ,
+unless
+modified using the command line
+n
+switch.
+.TP
+.BR Ic keyid Ar keyid
+This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+.TP
+.BR Ic ntpversion Xo Oo
+.Cm 1 |
+.Cm 2 |
+.Cm 3 |
+.Cm 4
+.Oc
+.Xc
+Sets the NTP version number which
+.Nm
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+.TP
+.BR Ic quit
+Exit
+.Nm
+.TP
+.BR Ic passwd
+This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+.TP
+.BR Ic raw
+Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+.TP
+.BR Ic timeout Ar milliseconds
+Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+.Nm
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
.SH "OPTIONS"
.TP
.BR \-4 ", " -\-ipv4
-.Dd December 22 2012
+.Dd December 25 2012
.Dt NTPQ @NTPQ_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:32 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 11:01:58 AM by AutoGen 5.16.2
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
[ host ...]
.Pp
.Sh DESCRIPTION
+The
+.Nm
+utility program is used to query NTP servers which
+implement the standard NTP mode 6 control message formats defined
+in Appendix B of the NTPv3 specification RFC1305, requesting
+information about current state and/or changes in that state.
+The same formats are used in NTPv4, although some of the
+variables have changed and new ones added. The description on this
+page is for the NTPv4 variables.
+The program may be run either in interactive mode or controlled using
+command line arguments.
+Requests to read and write arbitrary
+variables can be assembled, with raw and pretty-printed output
+options being available.
+The
+.Nm
+utility can also obtain and print a
+list of peers in a common format by sending multiple queries to the
+server.
+If one or more request options is included on the command line
+when
+.Nm
+is executed, each of the requests will be sent
+to the NTP servers running on each of the hosts given as command
+line arguments, or on localhost by default.
+If no request options
+are given,
+.Nm
+will attempt to read commands from the
+standard input and execute these on the NTP server running on the
+first host given on the command line, again defaulting to localhost
+when no other host is specified.
+The
+.Nm
+utility will prompt for
+commands if the standard input is a terminal device.
+.Nm
+uses NTP mode 6 packets to communicate with the
+NTP server, and hence can be used to query any compatible server on
+the network which permits it.
+Note that since NTP is a UDP protocol
+this communication will be somewhat unreliable, especially over
+large distances in terms of network topology.
+The
+.Nm
+utility makes
+one attempt to retransmit requests, and will time requests out if
+the remote host is not heard from within a suitable timeout
+time.
+Specifying a
+command line option other than
+.Fl i
+or
+.Fl n
+will
+cause the specified query (queries) to be sent to the indicated
+host(s) immediately.
+Otherwise,
+.Nm
+will attempt to read
+interactive format commands from the standard input.
+.Ss "Internal Commands"
+Interactive format commands consist of a keyword followed by zero
+to four arguments.
+Only enough characters of the full keyword to
+uniquely identify the command need be typed.
+A
+number of interactive format commands are executed entirely within
+the
+.Nm
+utility itself and do not result in NTP mode 6
+requests being sent to a server.
+These are described following.
+.Bl -tag -width "? [command_keyword]" -compact -offset indent
+.It Ic ? Op Ar command_keyword
+.It Ic help Op Ar command_keyword
+A
+.Ql \&?
+by itself will print a list of all the command
+keywords known to this incarnation of
+.Nm .
+A
+.Ql \&?
+followed by a command keyword will print function and usage
+information about the command.
+This command is probably a better
+source of information about
+.Nm
+than this manual
+page.
+.It Ic addvars Ar variable_name Xo Op Ic =value
+.Ic ...
+.Xc
+.It Ic rmvars Ar variable_name Ic ...
+.It Ic clearvars
+The data carried by NTP mode 6 messages consists of a list of
+items of the form
+.Ql variable_name=value ,
+where the
+.Ql =value
+is ignored, and can be omitted,
+in requests to the server to read variables.
+The
+.Nm
+utility maintains an internal list in which data to be included in control
+messages can be assembled, and sent using the
+.Ic readlist
+and
+.Ic writelist
+commands described below.
+The
+.Ic addvars
+command allows variables and their optional values to be added to
+the list.
+If more than one variable is to be added, the list should
+be comma-separated and not contain white space.
+The
+.Ic rmvars
+command can be used to remove individual variables from the list,
+while the
+.Ic clearlist
+command removes all variables from the
+list.
+.It Ic authenticate Op yes | no
+Normally
+.Nm
+does not authenticate requests unless
+they are write requests.
+The command
+.Ql authenticate yes
+causes
+.Nm
+to send authentication with all requests it
+makes.
+Authenticated requests causes some servers to handle
+requests slightly differently, and can occasionally melt the CPU in
+fuzzballs if you turn authentication on before doing a
+.Ic peer
+display.
+The command
+.Ql authenticate
+causes
+.Nm
+to display whether or not
+.Nm
+is currently autheinticating requests.
+.It Ic cooked
+Causes output from query commands to be "cooked", so that
+variables which are recognized by
+.Nm
+will have their
+values reformatted for human consumption.
+Variables which
+.Nm
+thinks should have a decodable value but didn't are
+marked with a trailing
+.Ql \&? .
+.It Xo
+.Ic debug
+.Oo
+.Cm more |
+.Cm less |
+.Cm off
+.Oc
+.Xc
+With no argument, displays the current debug level.
+Otherwise, the debug level is changed to the indicated level.
+.It Ic delay Ar milliseconds
+Specify a time interval to be added to timestamps included in
+requests which require authentication.
+This is used to enable
+(unreliable) server reconfiguration over long delay network paths
+or between machines whose clocks are unsynchronized.
+Actually the
+server does not now require timestamps in authenticated requests,
+so this command may be obsolete.
+.It Ic host Ar hostname
+Set the host to which future queries will be sent.
+.Ar hostname
+may be either a host name or a numeric address.
+.It Ic hostnames Op Cm yes | Cm no
+If
+.Cm yes
+is specified, host names are printed in
+information displays.
+If
+.Cm no
+is specified, numeric
+addresses are printed instead.
+The default is
+.Cm yes ,
+unless
+modified using the command line
+.Fl n
+switch.
+.It Ic keyid Ar keyid
+This command allows the specification of a key number to be
+used to authenticate configuration requests.
+This must correspond
+to a key number the server has been configured to use for this
+purpose.
+.It Ic ntpversion Xo Oo
+.Cm 1 |
+.Cm 2 |
+.Cm 3 |
+.Cm 4
+.Oc
+.Xc
+Sets the NTP version number which
+.Nm
+claims in
+packets.
+Defaults to 3, and note that mode 6 control messages (and
+modes, for that matter) didn't exist in NTP version 1.
+There appear
+to be no servers left which demand version 1.
+With no argument, displays the current NTP version that will be used
+when communicating with servers.
+.It Ic quit
+Exit
+.Nm
+.It Ic passwd
+This command prompts you to type in a password (which will not
+be echoed) which will be used to authenticate configuration
+requests.
+The password must correspond to the key configured for
+use by the NTP server for this purpose if such requests are to be
+successful.
+.It Ic raw
+Causes all output from query commands is printed as received
+from the remote server.
+The only formating/interpretation done on
+the data is to transform nonascii data into a printable (but barely
+understandable) form.
+.It Ic timeout Ar milliseconds
+Specify a timeout period for responses to server queries.
+The
+default is about 5000 milliseconds.
+Note that since
+.Nm
+retries each query once after a timeout, the total waiting time for
+a timeout will be twice the timeout value set.
+.El
.Sh "OPTIONS"
.Bl -tag
.It \-4 ", " -\-ipv4
@c %**start of header
@setfilename ntpq.info
@settitle ntpq: Network Time Protocol Query User's Manual
-@include include/version.texi
+@include ../sntp/include/version.texi
@paragraphindent 2
@c %**end of header
@shortcontents
+@node Top, ntpq Description, (dir), (dir)
+@top ntpq: Network Time Protocol Query User Manual
+
+The @code{ntpq} utility program is used to
+monitor the operational status
+and determine the performance of
+@code{ntpd}, the NTP daemon.
+
+This document applies to version @value{VERSION} of @code{ntpq}.
+
@menu
* ntpq Description::
* ntpq Invocation:: Invoking ntpq
* Clock Variables::
@end menu
-@node Top, ntpq Description, (dir), (dir)
-@top ntpq: Network Time Protocol Query User Manual
-
-The @code{ntpq} utility program is used to monitor NTP daemon @code{ntpd}
-operations and determine performance. It uses the standard NTP mode 6 control
-
-This document applies to version @value{VERSION} of @code{ntpq}.
-
-@menu
-* ntpq Description:: Description
-* ntpq Invocation:: Invoking ntpq
-* Usage:: Usage
-@end menu
-
@node ntpq Description, Usage, Top, Top
@comment node-name, next, previous, up
@section Description
@tab @code{/usr/local/etc}
@tab @code{-k}
@tab @code{keysdir}
-
+@end multitable
@node Internal Commands, Control Message Commands, Usage, Top
@comment node-name, next, previous, up
@table @code
-@item @anchor{help} @code{? [@kbd{command_keyword}
-@itemx @code{help [@kbd{command_keyword}]}
+@item @anchor{help} @code{? [}@kbd{command_keyword}@code{]}
+@itemx @code{help [}@kbd{command_keyword}@code{]}
A @code{?} by itself will print a list of all the command keywords known to @code{ntpq}. A @code{?} followed by a command keyword will print function and usage information about the command.
@item @anchor{addvars} >@code{addvars @kbd{name} [ = @kbd{value}] [...]}
Display a list of mobilized associations in the form:
@*
@code{ind assid status conf reach auth condition last_event cnt}
-@end table
@multitable @columnfractions .1 .4
@headitem Variable @tab Description
@item @anchor{cv} clockvar @kbd{assocID} [@kbd{name} [ = @kbd{value} [...]] [...]]
@itemx cv @kbd{assocID} [@kbd{name} [ = @kbd{value} [...] ][...]]
-Display a list of @xref{clock,,clock variables} for those associations supporting a reference clock.
+Display a list of @ref{clock,,clock variables} for those associations supporting a reference clock.
@item @anchor{:config} :config [...]
Send the remainder of the command line, including whitespace, to the server
The @code{@kbd{assocID}} is required,
as the same name can occur in both spaces.
-@item @anchor{sysinfo">@code{sysinfo}
+@item @anchor{sysinfo} @code{sysinfo}
Display operational summary.
@item @anchor{sysstats} @code{sysstats}
ntpsnmpd.1ntpsnmpdmdoc \
ntpsnmpd.man.in \
ntpsnmpd.mdoc.in \
+ ntpsnmpd.html \
+ ntpsnmpd.texi \
ntpv4-mib.mib \
$(NULL)
BUILT_SOURCES= ntpsnmpd-opts.c ntpsnmpd-opts.h
CLEANFILES=
DISTCLEANFILES= config.log $(man_MANS)
+
+html_DATA= \
+ $(srcdir)/ntpsnmpd.html \
+ $(NULL)
+
noinst_DATA= \
$(srcdir)/invoke-ntpsnmpd.menu \
$(srcdir)/invoke-ntpsnmpd.texi \
$(srcdir)/ntpsnmpd.mdoc.in \
$(NULL)
+install-data-local: install-html
+
man1_MANS=
man8_MANS=
man_MANS= ntpsnmpd.$(NTPSNMPD_MS)
$(run_ag) -Tagtexi-cmd.tpl -DLEVEL=section ntpsnmpd-opts.def
$(top_srcdir)/scripts/check--help $@
+$(srcdir)/ntpsnmpd.html: $(srcdir)/ntpsnmpd.texi $(top_srcdir)/sntp/include/version.texi
+ cd $(srcdir) && ( makeinfo --force --html --no-split -o ntpsnmpd.html ntpsnmpd.texi || true )
+
include $(top_srcdir)/bincheck.mf
include $(top_srcdir)/sntp/check-libntp.mf
include $(top_srcdir)/check-libopts.mf
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
#
-# It has been AutoGen-ed December 22, 2012 at 11:53:47 AM by AutoGen 5.16.2
+# It has been AutoGen-ed December 25, 2012 at 10:18:52 AM by AutoGen 5.16.2
# From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
+@code{ntpsnmpd}
+is an SNMP MIB agent designed to interface with
+@code{ntpd(1ntpdmdoc)}.
This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{ntpsnmpd} program.
* ntpsnmpd agentxsocket:: agentxsocket option
* ntpsnmpd config:: presetting/configuring ntpsnmpd
* ntpsnmpd exit status:: exit status
+* ntpsnmpd Usage:: Usage
* ntpsnmpd Notes:: Notes
* ntpsnmpd Authors:: Authors
@end menu
This is the ``the socket address ntpsnmpd uses to connect to net-snmpd'' option.
This option takes an argument string.
[<transport-specifier>:]<transport-address>
-The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+The default "agent X socket" is the Unix Domain socket
+@file{unix:/var/agentx/master}.
+Another common alternative is @file{tcp:localhost:705}.
@node ntpsnmpd config
libopts had an internal operational error. Please report
it to autogen-users@@lists.sourceforge.net. Thank you.
@end table
+@node ntpsnmpd Usage
+@subsection ntpsnmpd Usage
+@code{ntpsnmpd}
+currently uses a private MIB OID,
+@quoteleft{}enterprises.5597@quoteright{},
+,
+which is the Meinberg top level OEM OID, and
+@quoteleft{}99@quoteright{}
+is the temporary working space for this project.
+The final OID has to be registered with IANA
+and this is done by the RFC Editor
+when the NTPv4 MIB RFC is standardized.
+
+If you have
+@code{snmpwalk(1)}
+installed you can run
+.Dl
+%
+snmpwalk
+-v2c
+-c
+public
+localhost
+enterprises.5597.99
+to see a list of all currently supported NTP MIB objects
+and their current values.
@node ntpsnmpd Notes
@subsection ntpsnmpd Notes
+The following objects are currently supported:
+
+@table @samp
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+@item Li
+please fill me in...
+
+@end multitable
+
This document corresponds to version @VERSION@ of NTP.
@node ntpsnmpd Authors
@subsection ntpsnmpd Authors
+1@*
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
- * It has been AutoGen-ed December 22, 2012 at 11:53:35 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 25, 2012 at 10:18:44 AM by AutoGen 5.16.2
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
descrip = "The socket address ntpsnmpd uses to connect to net-snmpd";
doc = <<- _EndOfDoc_
[<transport-specifier>:]<transport-address>
- The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+ The default "agent X socket" is the Unix Domain socket
+ @file{unix:/var/agentx/master}.
+ Another common alternative is @file{tcp:localhost:705}.
_EndOfDoc_;
};
ds-type = 'DESCRIPTION';
ds-format = 'mdoc';
ds-text = <<- _END_PROG_MDOC_DESCRIP
+ .Nm
+ is an SNMP MIB agent designed to interface with
+ .Xr ntpd 1ntpdmdoc .
_END_PROG_MDOC_DESCRIP;
};
_END_PROG_INFO_DESCRIP;
*/
-/*
doc-section = {
ds-type = 'USAGE';
ds-format = 'mdoc';
ds-text = <<- _END_MDOC_USAGE
+ .Nm
+ currently uses a private MIB OID,
+ .Ql enterprises.5597 ,
+ which is the Meinberg top level OEM OID, and
+ .Ql 99
+ is the temporary working space for this project.
+ The final OID has to be registered with IANA
+ and this is done by the RFC Editor
+ when the NTPv4 MIB RFC is standardized.
+ .Pp
+ If you have
+ .Xr snmpwalk 1
+ installed you can run
+ .Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+ to see a list of all currently supported NTP MIB objects
+ and their current values.
_END_MDOC_USAGE;
};
-*/
doc-section = {
ds-type = 'NOTES';
ds-format = 'mdoc';
ds-text = <<- _END_MDOC_NOTES
+The following objects are currently supported:
+.Pp
+.Bl -tag -width ".Li ntpEntSoftwareVersionVal" -compact -offset indent
+.It Li ntpEntSoftwareName
+please fill me in...
+.It Li ntpEntSoftwareVersion
+please fill me in...
+.It Li ntpEntSoftwareVersionVal
+please fill me in...
+.It Li ntpEntSoftwareVendor
+please fill me in...
+.It Li ntpEntSystemType
+please fill me in...
+.It Li ntpEntTimeResolution
+please fill me in...
+.It Li ntpEntTimeResolutionVal
+please fill me in...
+.It Li ntpEntTimePrecision
+please fill me in...
+.It Li ntpEntTimePrecisionVal
+please fill me in...
+.It Li ntpEntTimeDistance
+please fill me in...
+.El
+.Pp
This document corresponds to version @VERSION@ of NTP.
_END_MDOC_NOTES;
};
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
- * It has been AutoGen-ed December 22, 2012 at 11:53:35 AM by AutoGen 5.16.2
+ * It has been AutoGen-ed December 25, 2012 at 10:18:44 AM by AutoGen 5.16.2
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
-.TH ntpsnmpd 1ntpsnmpdman "22 Dec 2012" "4.2.7p337" "User Commands"
+.TH ntpsnmpd 1ntpsnmpdman "25 Dec 2012" "4.2.7p337" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:44 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 10:18:54 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
All arguments must be options.
.PP
.SH DESCRIPTION
+.B
+is an SNMP MIB agent designed to interface with
+.Xr ntpd 1ntpdmdoc .
.SH "OPTIONS"
.TP
.BR \-n ", " -\-nofork
unix:/var/agentx/master
.sp
[<transport-specifier>:]<transport-address>
-The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+The default "agent X socket" is the Unix Domain socket
+\fIunix:/var/agentx/master\fP.
+Another common alternative is \fItcp:localhost:705\fP.
.TP
.BR \-? , " \-\-help"
Display usage information and exit.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.SH USAGE
+.B
+currently uses a private MIB OID,
+.Ql enterprises.5597 ,
+which is the Meinberg top level OEM OID, and
+.Ql 99
+is the temporary working space for this project.
+The final OID has to be registered with IANA
+and this is done by the RFC Editor
+when the NTPv4 MIB RFC is standardized.
+.PP
+If you have
+.Xr snmpwalk 1
+installed you can run
+.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+to see a list of all currently supported NTP MIB objects
+and their current values.
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.SH AUTHORS
+.An "Heiko Gerstung"
.SH "COPYRIGHT"
Copyright (C) 1970-2012 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
+The following objects are currently supported:
+.PP
+.TP
+.BR Li ntpEntSoftwareName
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVersion
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVersionVal
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVendor
+please fill me in...
+.TP
+.BR Li ntpEntSystemType
+please fill me in...
+.TP
+.BR Li ntpEntTimeResolution
+please fill me in...
+.TP
+.BR Li ntpEntTimeResolutionVal
+please fill me in...
+.TP
+.BR Li ntpEntTimePrecision
+please fill me in...
+.TP
+.BR Li ntpEntTimePrecisionVal
+please fill me in...
+.TP
+.BR Li ntpEntTimeDistance
+please fill me in...
+.PP
+This document corresponds to version @VERSION@ of NTP.
.PP
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd December 22 2012
+.Dd December 25 2012
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:49 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 10:18:49 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
All arguments must be options.
.Pp
.Sh DESCRIPTION
+.Nm
+is an SNMP MIB agent designed to interface with
+.Xr ntpd 1ntpdmdoc .
.Sh "OPTIONS"
.Bl -tag
.It \-n ", " -\-nofork
unix:/var/agentx/master
.sp
[<transport\-specifier>:]<transport\-address>
-The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+The default "agent X socket" is the Unix Domain socket
+\fIunix:/var/agentx/master\fP.
+Another common alternative is \fItcp:localhost:705\fP.
.It \-? , " \-\-help"
Display usage information and exit.
.It \-! , " \-\-more-help"
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.Sh USAGE
+.Nm
+currently uses a private MIB OID,
+.Ql enterprises.5597 ,
+which is the Meinberg top level OEM OID, and
+.Ql 99
+is the temporary working space for this project.
+The final OID has to be registered with IANA
+and this is done by the RFC Editor
+when the NTPv4 MIB RFC is standardized.
+.Pp
+If you have
+.Xr snmpwalk 1
+installed you can run
+.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+to see a list of all currently supported NTP MIB objects
+and their current values.
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "FILES"
it to autogen-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
+.An "Heiko Gerstung"
.Sh "COPYRIGHT"
Copyright (C) 1970-2012 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
+The following objects are currently supported:
+.Pp
+.Bl -tag -width ".Li ntpEntSoftwareVersionVal" -compact -offset indent
+.It Li ntpEntSoftwareName
+please fill me in...
+.It Li ntpEntSoftwareVersion
+please fill me in...
+.It Li ntpEntSoftwareVersionVal
+please fill me in...
+.It Li ntpEntSoftwareVendor
+please fill me in...
+.It Li ntpEntSystemType
+please fill me in...
+.It Li ntpEntTimeResolution
+please fill me in...
+.It Li ntpEntTimeResolutionVal
+please fill me in...
+.It Li ntpEntTimePrecision
+please fill me in...
+.It Li ntpEntTimePrecisionVal
+please fill me in...
+.It Li ntpEntTimeDistance
+please fill me in...
+.El
+.Pp
+This document corresponds to version @VERSION@ of NTP.
.Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
--- /dev/null
+<html lang="en">
+<head>
+<title>ntpsnmpd: Network Time Protocol SNMP Daemon User's Manual</title>
+<meta http-equiv="Content-Type" content="text/html">
+<meta name="description" content="ntpsnmpd: Network Time Protocol SNMP Daemon User's Manual">
+<meta name="generator" content="makeinfo 4.13">
+<link title="Top" rel="top" href="#Top">
+<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
+<meta http-equiv="Content-Style-Type" content="text/css">
+<style type="text/css"><!--
+ pre.display { font-family:inherit }
+ pre.format { font-family:inherit }
+ pre.smalldisplay { font-family:inherit; font-size:smaller }
+ pre.smallformat { font-family:inherit; font-size:smaller }
+ pre.smallexample { font-size:smaller }
+ pre.smalllisp { font-size:smaller }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
+--></style>
+</head>
+<body>
+<h1 class="settitle">ntpsnmpd: Network Time Protocol SNMP Daemon User's Manual</h1>
+ <div class="shortcontents">
+<h2>Short Contents</h2>
+<ul>
+<a href="#Top">ntpsnmpd: Network Time Protocol Query User Manual</a>
+</ul>
+</div>
+
+
+
+<div class="node">
+<a name="Top"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ntpsnmpd-Description">ntpsnmpd Description</a>,
+Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
+Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
+
+</div>
+
+<h2 class="unnumbered">ntpsnmpd: Network Time Protocol Query User Manual</h2>
+
+<p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code>
+operations and determine performance. It uses the standard NTP mode 6 control
+
+ <p>This document applies to version 4.2.7p337 of <code>ntpsnmpd</code>.
+
+<ul class="menu">
+<li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description
+<li><a accesskey="2" href="#ntpsnmpd-Invocation">ntpsnmpd Invocation</a>: Invoking ntpsnmpd
+<li><a accesskey="3" href="#Usage">Usage</a>: Usage
+</ul>
+
+<div class="node">
+<a name="ntpsnmpd-Description"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#Usage">Usage</a>,
+Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
+Up: <a rel="up" accesskey="u" href="#Top">Top</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h3 class="section">Description</h3>
+
+<p>The <code>ntpsnmpd</code> utility program provides an SNMP MIB agent for <code>ntpd</code>.
+
+<div class="node">
+<a name="Usage"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#Internal-Commands">Internal Commands</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpsnmpd-Description">ntpsnmpd Description</a>,
+Up: <a rel="up" accesskey="u" href="#Top">Top</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h3 class="section">Usage</h3>
+
+<p>(what should we say here?)
+
+</body></html>
+
-.TH ntpsnmpd @NTPSNMPD_MS@ "22 Dec 2012" "4.2.7p337" "User Commands"
+.TH ntpsnmpd @NTPSNMPD_MS@ "25 Dec 2012" "4.2.7p337" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:44 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 10:18:54 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
All arguments must be options.
.PP
.SH DESCRIPTION
+.B
+is an SNMP MIB agent designed to interface with
+.Xr ntpd @NTPD_MS@ .
.SH "OPTIONS"
.TP
.BR \-n ", " -\-nofork
unix:/var/agentx/master
.sp
[<transport-specifier>:]<transport-address>
-The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+The default "agent X socket" is the Unix Domain socket
+\fIunix:/var/agentx/master\fP.
+Another common alternative is \fItcp:localhost:705\fP.
.TP
.BR \-? , " \-\-help"
Display usage information and exit.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.SH USAGE
+.B
+currently uses a private MIB OID,
+.Ql enterprises.5597 ,
+which is the Meinberg top level OEM OID, and
+.Ql 99
+is the temporary working space for this project.
+The final OID has to be registered with IANA
+and this is done by the RFC Editor
+when the NTPv4 MIB RFC is standardized.
+.PP
+If you have
+.Xr snmpwalk 1
+installed you can run
+.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+to see a list of all currently supported NTP MIB objects
+and their current values.
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.SH AUTHORS
+.An "Heiko Gerstung"
.SH "COPYRIGHT"
Copyright (C) 1970-2012 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
+The following objects are currently supported:
+.PP
+.TP
+.BR Li ntpEntSoftwareName
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVersion
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVersionVal
+please fill me in...
+.TP
+.BR Li ntpEntSoftwareVendor
+please fill me in...
+.TP
+.BR Li ntpEntSystemType
+please fill me in...
+.TP
+.BR Li ntpEntTimeResolution
+please fill me in...
+.TP
+.BR Li ntpEntTimeResolutionVal
+please fill me in...
+.TP
+.BR Li ntpEntTimePrecision
+please fill me in...
+.TP
+.BR Li ntpEntTimePrecisionVal
+please fill me in...
+.TP
+.BR Li ntpEntTimeDistance
+please fill me in...
+.PP
+This document corresponds to version @VERSION@ of NTP.
.PP
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd December 22 2012
+.Dd December 25 2012
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
-.Os SunOS 5.10
+.Os FreeBSD 6.4-STABLE
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed December 22, 2012 at 11:53:49 AM by AutoGen 5.16.2
+.\" It has been AutoGen-ed December 25, 2012 at 10:18:49 AM by AutoGen 5.16.2
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
All arguments must be options.
.Pp
.Sh DESCRIPTION
+.Nm
+is an SNMP MIB agent designed to interface with
+.Xr ntpd @NTPD_MS@ .
.Sh "OPTIONS"
.Bl -tag
.It \-n ", " -\-nofork
unix:/var/agentx/master
.sp
[<transport\-specifier>:]<transport\-address>
-The default is the Unix Domain socket "unix:/var/agentx/master". Another common alternative is tcp:localhost:705.
+The default "agent X socket" is the Unix Domain socket
+\fIunix:/var/agentx/master\fP.
+Another common alternative is \fItcp:localhost:705\fP.
.It \-? , " \-\-help"
Display usage information and exit.
.It \-! , " \-\-more-help"
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+.Sh USAGE
+.Nm
+currently uses a private MIB OID,
+.Ql enterprises.5597 ,
+which is the Meinberg top level OEM OID, and
+.Ql 99
+is the temporary working space for this project.
+The final OID has to be registered with IANA
+and this is done by the RFC Editor
+when the NTPv4 MIB RFC is standardized.
+.Pp
+If you have
+.Xr snmpwalk 1
+installed you can run
+.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+to see a list of all currently supported NTP MIB objects
+and their current values.
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "FILES"
it to autogen-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
+.An "Heiko Gerstung"
.Sh "COPYRIGHT"
Copyright (C) 1970-2012 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
+The following objects are currently supported:
+.Pp
+.Bl -tag -width ".Li ntpEntSoftwareVersionVal" -compact -offset indent
+.It Li ntpEntSoftwareName
+please fill me in...
+.It Li ntpEntSoftwareVersion
+please fill me in...
+.It Li ntpEntSoftwareVersionVal
+please fill me in...
+.It Li ntpEntSoftwareVendor
+please fill me in...
+.It Li ntpEntSystemType
+please fill me in...
+.It Li ntpEntTimeResolution
+please fill me in...
+.It Li ntpEntTimeResolutionVal
+please fill me in...
+.It Li ntpEntTimePrecision
+please fill me in...
+.It Li ntpEntTimePrecisionVal
+please fill me in...
+.It Li ntpEntTimeDistance
+please fill me in...
+.El
+.Pp
+This document corresponds to version @VERSION@ of NTP.
.Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
--- /dev/null
+\input texinfo @c -*-texinfo-*-
+@c %**start of header
+@setfilename ntpsnmpd.info
+@settitle ntpsnmpd: Network Time Protocol SNMP Daemon User's Manual
+@include ../sntp/include/version.texi
+@paragraphindent 2
+@c %**end of header
+
+@ifinfo
+This file documents the use of the NTP Project's ntpsnmpd, a program for
+querying the state of an NTP server via SNMP.
+@end ifinfo
+
+@direntry
+* ntpsnmpd: (ntpsnmpd). NTP SNMP Daemon program
+@end direntry
+
+@titlepage
+@title ntpsnmpd: Network Time Protocol SNMP Daemon User's Manual
+@subtitle ntpsnmpd, version @value{VERSION}, @value{UPDATED}
+@c @author Max @email{foo@ntp.org}
+@end titlepage
+
+@c @page
+@c @vskip 0pt plus 1filll
+
+@shortcontents
+
+@node Top, ntpsnmpd Description, (dir), (dir)
+@top ntpsnmpd: Network Time Protocol Query User Manual
+
+The @code{ntpsnmpd} utility program is used to monitor NTP daemon @code{ntpd}
+operations and determine performance. It uses the standard NTP mode 6 control
+
+This document applies to version @value{VERSION} of @code{ntpsnmpd}.
+
+@menu
+* ntpsnmpd Description:: Description
+* ntpsnmpd Invocation:: Invoking ntpsnmpd
+* Usage:: Usage
+@end menu
+
+@node ntpsnmpd Description, Usage, Top, Top
+@comment node-name, next, previous, up
+@section Description
+
+The @code{ntpsnmpd} utility program provides an SNMP MIB agent for @code{ntpd}.
+
+@node Usage, , ntpsnmpd Description, Top
+@comment node-name, next, previous, up
+@section Usage
+
+(what should we say here?)
<title>Ntp-wait User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Ntp-wait User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<h1 class="settitle">Ntp-wait User's Manual</h1>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Description">ntp-wait Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">Simple Network Time Protocol User Manual</h2>
</ul>
<div class="node">
-<p><hr>
+<a name="ntp-wait-Description"></a>
<a name="ntp_002dwait-Description"></a>
-<br>
+<p><hr>
+
+
</div>
<!-- node-name, next, previous, up -->
<code>ntpd -g</code> has set the time.
<div class="node">
-<p><hr>
+<a name="ntp-wait-Invocation"></a>
<a name="ntp_002dwait-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntp-wait</h3>
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>: ntp-wait help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntp_002dwait-usage">ntp-wait usage</a>: ntp-wait help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntp_002dwait">ntp-wait </a>: option (-n)
<li><a accesskey="3" href="#ntp_002dwait">ntp-wait </a>: option (-s)
<li><a accesskey="4" href="#ntp_002dwait">ntp-wait </a>: option (-v)
</ul>
<div class="node">
+<a name="ntp-wait-usage"></a>
+<a name="ntp_002dwait-usage"></a>
<p><hr>
-
<a name="ntp_002dwait-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait">ntp-wait</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait">ntp-wait</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
-<h4 class="subsection">ntp-wait help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntp-wait help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntp_002dwait-help-3"></a>
This is the automatically generated usage text for ntp-wait.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
<pre class="example">/deacon/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
See ``perldoc Getopt::Std'' about $Getopt::Std::STANDARD_HELP_VERSION.]
</pre>
<div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
<p><hr>
-
<a name="ntp_002dwait"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">option (-n)</h4>
<p><a name="index-ntp_002dwait_002d-4"></a>
This is the “number of times to check ntpd” option.
-This option takes an argument number <span class="file">num-tries</span>.
+This option takes an argument number <samp><span class="file">num-tries</span></samp>.
The maximum number of times we will check ntpd to see if it
has been able to synchronize and stabilize the system clock.
<div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
<p><hr>
-
<a name="ntp_002dwait"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">option (-s)</h4>
<p><a name="index-ntp_002dwait_002d-5"></a>
This is the “how long to sleep between tries” option.
-This option takes an argument number <span class="file">secs-between-tries</span>.
-We will sleep for <span class="file">secs-between-tries</span> after each query of ntpd
+This option takes an argument number <samp><span class="file">secs-between-tries</span></samp>.
+We will sleep for <samp><span class="file">secs-between-tries</span></samp> after each query of ntpd
that returns "the time is not yet stable".
<div class="node">
+<a name="ntp-wait"></a>
+<a name="ntp_002dwait"></a>
<p><hr>
-
<a name="ntp_002dwait"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-config">ntp-wait config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">option (-v)</h4>
will provide status information.
<div class="node">
+<a name="ntp-wait-config"></a>
+<a name="ntp_002dwait-config"></a>
<p><hr>
-
<a name="ntp_002dwait-config"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait">ntp-wait</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntp-wait</h4>
first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntp-wait-exit-status"></a>
+<a name="ntp_002dwait-exit-status"></a>
<p><hr>
-
<a name="ntp_002dwait-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-config">ntp-wait config</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-wait exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
</dl>
<div class="node">
+<a name="ntp-wait-Authors"></a>
+<a name="ntp_002dwait-Authors"></a>
<p><hr>
-
<a name="ntp_002dwait-Authors"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Notes">ntp-wait Notes</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dwait-Notes">ntp-wait Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-exit-status">ntp-wait exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-wait Authors</h4>
<div class="node">
+<a name="ntp-wait-Notes"></a>
+<a name="ntp_002dwait-Notes"></a>
<p><hr>
-
<a name="ntp_002dwait-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dwait-Authors">ntp-wait Authors</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dwait-Invocation">ntp-wait Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-wait Notes</h4>
@c %**start of header
@setfilename ntp-wait.info
@settitle Ntp-wait User's Manual
-@include include/version.texi
+@include ../sntp/include/version.texi
@paragraphindent 2
@c %**end of header
<title>Ntp-keygen User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Ntp-keygen User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
+
</div>
<h2 class="unnumbered">Top</h2>
</ul>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#Description">Description</a>,
+Next: <a rel="next" accesskey="n" href="#Description">Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">NTP Key Generation Program User Manual</h2>
<p>This document describes the use of the NTP Project's <code>ntp-keygen</code>
program, that generates cryptographic data files used by the NTPv4
authentication and identity schemes.
-It can generate message digest
-keys used in symmetric key cryptography and, if the OpenSSL software
+It can generate message digest keys used in symmetric key cryptography and,
+if the OpenSSL software
library has been installed, it can generate host keys, sign keys,
certificates, and identity keys and parameters used by the Autokey
public key cryptography.
<p>This document applies to version 4.2.7p337 of <code>ntp-keygen</code>.
<div class="node">
+<a name="Description"></a>
<p><hr>
-
<a name="Description"></a>Next: <a rel="next" accesskey="n" href="#Running-the-Program">Running the Program</a>,
+Next: <a rel="next" accesskey="n" href="#Running-the-Program">Running the Program</a>,
Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<p>When used to generate message digest keys, the program produces a file
containing ten pseudo-random printable ASCII strings suitable for the
-MD5 message digest algorithm included in the distribution. If the
+MD5 message digest algorithm included in the distribution.
+If the
OpenSSL library is installed, it produces an additional ten hex-encoded
random bit strings suitable for the SHA1 and other message digest
-algorithms. The message digest keys file must be distributed and stored
-using secure means beyond the scope of NTP itself. Besides the keys
+algorithms.
+The message digest keys file must be distributed and stored
+using secure means beyond the scope of NTP itself.
+Besides the keys
used for ordinary NTP associations, additional keys can be defined as
passwords for the ntpq and ntpdc utility programs.
applications and other Public Key Infrastructure (PKI) resources.
Certificates generated by this program are compatible with extant
industry practice, although some users might find the interpretation of
-X509v3 extension fields somewhat liberal. However, the identity keys
+X509v3 extension fields somewhat liberal.
+However, the identity keys
are probably not compatible with anything other than Autokey.
<p>Some files used by this program are encrypted using a private password.
-The -p option specifies the password for local encrypted files and the
--q option the password for encrypted files sent to remote sites. If no
-password is specified, the host name returned by the Unix gethostname()
-function, normally the DNS name of the host, is used.
-
- <p>The pw option of the crypto configuration command specifies the read
-password for previously encrypted local files. This must match the
-local password used by this program. If not specified, the host name is
-used. Thus, if files are generated by this program without password,
+The <code>-p</code> option specifies the password for local encrypted files and the
+<code>-q</code> option the password for encrypted files sent to remote sites.
+If no password is specified, the host name returned by the Unix
+<code>gethostname()</code> function, normally the DNS name of the host, is used.
+
+ <p>The <kbd>pw</kbd> option of the <code>crypto</code> configuration command
+specifies the read password for previously encrypted local files.
+This must match the local password used by this program.
+If not specified, the host name is used.
+Thus, if files are generated by this program without password,
they can be read back by ntpd without password, but only on the same
host.
<p>Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
-this page. The symmetric keys file, normally called ntp.keys, is
-usually installed in /etc. Other files and links are usually installed
-in /usr/local/etc, which is normally in a shared filesystem in
-NFS-mounted networks and cannot be changed by shared clients. The
-location of the keys directory can be changed by the keysdir
-configuration command in such cases. Normally, this is in /etc.
+this page.
+The symmetric keys file, normally called <code>ntp.keys</code>, is
+usually installed in <code>/etc</code>.
+Other files and links are usually installed
+in <code>/usr/local/etc</code>, which is normally in a shared filesystem in
+NFS-mounted networks and cannot be changed by shared clients.
+The location of the keys directory can be changed by the keysdir
+configuration command in such cases.
+Normally, this is in <code>/etc</code>.
<p>This program directs commentary and error messages to the standard
-error stream stderr and remote files to the standard output stream
-stdout where they can be piped to other applications or redirected to
-files. The names used for generated files and links all begin with the
-string ntpkey and include the file type, generating host and filestamp,
-as described in the Cryptographic Data Files section below.
+error stream <code>stderr</code> and remote files to the standard output stream
+<code>stdout</code> where they can be piped to other applications or redirected to
+files.
+The names used for generated files and links all begin with the
+string <code>ntpkey</code> and include the file type,
+generating host and filestamp,
+as described in the <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a> section below.
<div class="node">
+<a name="Running-the-Program"></a>
<p><hr>
-
<a name="Running-the-Program"></a>Next: <a rel="next" accesskey="n" href="#Random-Seed-File">Random Seed File</a>,
+Next: <a rel="next" accesskey="n" href="#Random-Seed-File">Random Seed File</a>,
Previous: <a rel="previous" accesskey="p" href="#Description">Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<h3 class="section">Running the Program</h3>
<p>To test and gain experience with Autokey concepts, log in as root and
-change to the keys directory, usually /usr/local/etc. When run for the
-first time, or if all files with names beginning ntpkey have been
-removed, use the ntp-keygen command without arguments to generate a
+change to the keys directory, usually <code>/usr/local/etc</code>.
+When run for the
+first time, or if all files with names beginning <code>ntpkey</code>] have been
+removed, use the <code>ntp-keygen</code> command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
-date one year hence. If run again without options, the program uses the
+date one year hence.
+If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
new expiration date one year hence.
- <p>Run the command on as many hosts as necessary. Designate one of them as
-the trusted host (TH) using ntp-keygen with the -T option and configure
-it to synchronize from reliable Internet servers. Then configure the
-other hosts to synchronize to the TH directly or indirectly. A
-certificate trail is created when Autokey asks the immediately
+ <p>Run the command on as many hosts as necessary.
+Designate one of them as the trusted host (TH) using <code>ntp-keygen</code>
+with the <code>-T</code> option and configure
+it to synchronize from reliable Internet servers.
+Then configure the other hosts to synchronize to the TH directly or indirectly.
+A certificate trail is created when Autokey asks the immediately
ascendant host towards the TH to sign its certificate, which is then
-provided to the immediately descendant host on request. All group hosts
-should have acyclic certificate trails ending on the TH.
+provided to the immediately descendant host on request.
+All group hosts should have acyclic certificate trails ending on the TH.
<p>The host key is used to encrypt the cookie when required and so must be
-RSA type. By default, the host key is also the sign key used to encrypt
-signatures. A different sign key can be assigned using the -S option
-and this can be either RSA or DSA type. By default, the signature
+RSA type.
+By default, the host key is also the sign key used to encrypt signatures.
+A different sign key can be assigned using the <code>-S</code> option
+and this can be either RSA or DSA type.
+By default, the signature
message digest type is MD5, but any combination of sign key type and
message digest type supported by the OpenSSL library can be specified
-using the -c option.
+using the <code>-c</code> option.
<p>The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
-this program is run. This of course creates a chicken-and-egg problem
-when the host is started for the first time. Accordingly, the host time
+this program is run.
+This of course creates a chicken-and-egg problem
+when the host is started for the first time.
+Accordingly, the host time
should be set by some other means, such as eyeball-and-wristwatch, at
least so that the certificate lifetime is within the current year.
After that and when the host is synchronized to a proventic source, the
certificate should be re-generated.
<p>Additional information on trusted groups and identity schemes is on the
-Autokey Public-Key Authentication
-page.
+Autokey Public-Key Authentication page.
<div class="node">
-<p><hr>
+<a name="ntp-keygen-Invocation"></a>
<a name="ntp_002dkeygen-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntp-keygen</h3>
The message digest keys file must be distributed and stored
using secure means beyond the scope of NTP itself.
Besides the keys used for ordinary NTP associations, additional keys
-can be defined as passwords for the ntpq and ntpdc utility programs.
+can be defined as passwords for the
+<code>ntpq(1ntpqmdoc)</code>
+and
+<code>ntpdc(1ntpdcmdoc)</code>
+utility programs.
<p>The remaining generated files are compatible with other OpenSSL
applications and other Public Key Infrastructure (PKI) resources.
<p>Some files used by this program are encrypted using a private password.
The
-<code>--p</code> option specifies the password for local encrypted files and the
-<code>--q</code> option the password for encrypted files sent to remote sites.
+<code>-p</code> option specifies the password for local encrypted files and the
+<code>-q</code> option the password for encrypted files sent to remote sites.
If no password is specified, the host name returned by the Unix
-.Fn
-gethostname
+<code>gethostname</code>()
function, normally the DNS name of the host is used.
<p>The
-<kbd>pw</kbd> option of the
-<kbd>crypto</kbd> configuration command specifies the read
+<code>pw</code> option of the
+<code>crypto</code> configuration command specifies the read
password for previously encrypted local files.
This must match the local password used by this program.
If not specified, the host name is used.
Thus, if files are generated by this program without password,
they can be read back by
-<kbd>ntpd</kbd> without password but only on the same host.
+<code>ntpd</code> without password but only on the same host.
<p>Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-ntp.keys, is usually installed in
-<span class="file">/etc</span>.
-.
+<code>ntp.keys</code>, is usually installed in
+<samp><span class="file">/etc</span></samp>.
Other files and links are usually installed in
-<span class="file">/usr/local/etc</span>,
-,
+<samp><span class="file">/usr/local/etc</span></samp>,
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
-<kbd>keysdir</kbd> configuration command in such cases.
+<code>keysdir</code> configuration command in such cases.
Normally, this is in
-<span class="file">/etc</span>.
-.
+<samp><span class="file">/etc</span></samp>.
<p>This program directs commentary and error messages to the standard
error stream
-<kbd>stderr</kbd> and remote files to the standard output stream
-<kbd>stdout</kbd> where they can be piped to other applications or redirected to files.
+<code>stderr</code> and remote files to the standard output stream
+<code>stdout</code> where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-<kbd>ntpkey</kbd> and include the file type, generating host and filestamp,
+<code>ntpkey</code> and include the file type, generating host and filestamp,
as described in the
-CryptographicDataFiles
+“Cryptographic Data Files”
section below.
<div class="node">
-<p><hr>
<a name="Running"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Running</h3>
Program
To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
-<span class="file">/usr/local/etc</span>
+<samp><span class="file">/usr/local/etc</span></samp>
When run for the first time, or if all files with names beginning with
-<kbd>ntpkey</kbd> have been removed, use the
+<code>ntpkey</code> have been removed, use the
<code>ntp-keygen</code>
command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
certificate should be re-generated.
<p>Additional information on trusted groups and identity schemes is on the
-AutokeyPublic-KeyAuthentication
+“Autokey Public-Key Authentication”
page.
<p>The
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
configuration command
-<code>crypto</code> <code>pw</code> <code>Ar</code> <code>password</code> specifies the read password for previously encrypted files.
+<code>crypto</code> <code>pw</code> <code>password</code> specifies the read password for previously encrypted files.
The daemon expires on the spot if the password is missing
or incorrect.
For convenience, if a file has been previously encrypted,
<p>File names begin with the prefix
<code>ntpkey_</code> and end with the postfix
-_hostname.filestamp, where
-<kbd>hostname</kbd> is the owner name, usually the string returned
+<code>_hostname.filestamp</code>, where
+<code>hostname</code> is the owner name, usually the string returned
by the Unix gethostname() routine, and
-<kbd>filestamp</kbd> is the NTP seconds when the file was generated, in decimal digits.
+<code>filestamp</code> is the NTP seconds when the file was generated, in decimal digits.
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-<code>rm</code>ntpkey\&* command or all files generated
+<code>rm</code> <code>ntpkey\&*</code> command or all files generated
at a specific time can be removed by a
-<code>rm</code> \&*filestamp command.
+<code>rm</code> <code>\&*filestamp</code> command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
and generation date and time as comments.
<p>All files are installed by default in the keys directory
-<span class="file">/usr/local/etc</span>,
-,
+<samp><span class="file">/usr/local/etc</span></samp>,
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
<div class="node">
-<p><hr>
<a name="Running"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Running</h3>
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-<span class="file">/usr/local/etc</span>,
-,
+<samp><span class="file">/usr/local/etc</span></samp>,
then run the program.
When run for the first time,
or if all
<code>su</code> command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.rnd in the user home directory.
+<code>.rnd</code> in the user home directory.
However, there should be only one
-.rnd, most conveniently
+<code>.rnd</code>, most conveniently
in the root directory, so it is convenient to define the
-$RANDFILE environment variable used by the OpenSSL library as the path to
-/.rnd.
+<code>$RANDFILE</code> environment variable used by the OpenSSL library as the path to
+<code>/.rnd</code>.
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-<span class="file">/etc</span>
+<samp><span class="file">/etc</span></samp>
using the
<code>keysdir</code> command.
There is no need for one client to read the keys and certificates
while the trusted name is used for the identity files.
<p>All files are installed by default in the keys directory
-<span class="file">/usr/local/etc</span>,
-,
+<samp><span class="file">/usr/local/etc</span></samp>,
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
If a link is present, ntpd follows it to the file name
to extract the filestamp.
If a link is not present,
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
extracts the filestamp from the file itself.
This allows clients to verify that the file and generation times
are always current.
at one time, so each generation is distinct and can be readily
recognized in monitoring data.
<div class="node">
-<p><hr>
<a name="Running"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Running</h3>
program is logged in directly as root.
The recommended procedure is change to the keys directory,
usually
-<span class="file">/usr/local/etc</span>,
-,
+<samp><span class="file">/usr/local/etc</span></samp>,
then run the program.
When run for the first time,
or if all
<code>su</code> command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-.rnd in the user home directory.
+<code>.rnd</code> in the user home directory.
However, there should be only one
-.rnd, most conveniently
+<code>.rnd</code>, most conveniently
in the root directory, so it is convenient to define the
-$RANDFILE environment variable used by the OpenSSL library as the path to
-/.rnd.
+<code>$RANDFILE</code> environment variable used by the OpenSSL library as the path to
+<code>/.rnd</code>.
Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-<span class="file">/etc</span>
+<samp><span class="file">/etc</span></samp>
using the
<code>keysdir</code> command.
There is no need for one client to read the keys and certificates
scheme than the default, run
<code>ntp-keygen</code>
with the
-<code>-S</code> <code>-Ar</code> <code>-type</code> option, where
-<kbd>type</kbd> is either
+<code>-S</code> <code>-type</code> option, where
+<code>type</code> is either
<code>RSA</code> or
<code>DSA</code>. The most often need to do this is when a DSA-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
<code>ntp-keygen</code>
with the
-<code>-c</code> <code>-Ar</code> <code>-scheme</code> option and selected
-<kbd>scheme</kbd> as needed.
+<code>-c</code> <code>-scheme</code> option and selected
+<code>scheme</code> as needed.
f
<code>ntp-keygen</code>
is run again without these options, it generates a new certificate
with the same flags as before to generate new certificates
using existing keys.
However, if the host or sign key is changed,
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
should be restarted.
When
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
is restarted, it loads any new files and restarts the protocol.
Other dependent hosts will continue as usual until signatures are refreshed,
at which time the protocol is restarted.
<div class="node">
-<p><hr>
<a name="Identity"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Identity</h3>
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
including PC, IFF, GQ and MV described on the
-"IdentificationSchemes"
+"Identification Schemes"
page
(maybe available at
.Li
<p>The PC scheme supports only one trusted host in the group.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-P</code> <code>-p</code> <code>-Ar</code> <code>-password</code> to generate the host key file
-<span class="file">ntpkey_RSAkey_</span>NsAralice.filestamp
-Ns
-Ar
-alice.filestamp
+<code>-P</code> <code>-p</code> <code>-password</code> to generate the host key file
+<samp><span class="file">ntpkey_RSAkey_</span></samp>NsAralice.filestamp
and trusted private certificate file
-<span class="file">ntpkey_RSA-MD5_cert_</span>NsAralice.filestamp.
-Ns
-Ar
-alice.filestamp
-.
+<samp><span class="file">ntpkey_RSA-MD5_cert_</span></samp>NsAralice.filestamp.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
-<span class="file">ntpkey_host_</span>NsArbob
-Ns
-Ar
-bob
+<samp><span class="file">ntpkey_host_</span></samp>NsArbob
to the host key file and soft link
-<span class="file">ntpkey_cert_</span>NsArbob
-Ns
-Ar
-bob
+<samp><span class="file">ntpkey_cert_</span></samp>NsArbob
to the private certificate file.
Note the generic links are on bob, but point to files generated
by trusted host alice.
generate the IFF parameter file.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-T</code> <code>-I</code> <code>-p</code> <code>-Ar</code> <code>-password</code> to produce her parameter file
-<span class="file">ntpkey_IFFpar_</span>NsAralice.filestamp,
-Ns
-Ar
-alice.filestamp
-,
+<code>-T</code> <code>-I</code> <code>-p</code> <code>-password</code> to produce her parameter file
+<samp><span class="file">ntpkey_IFFpar_</span></samp>NsAralice.filestamp,
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-<span class="file">ntpkey_iff_</span>NsAralice
-Ns
-Ar
-alice
+<samp><span class="file">ntpkey_iff_</span></samp>NsAralice
to this file.
If there are no hosts restricted to operate only as clients,
there is nothing further to do.
<code>-e</code> and pipe the output to a file or mail program.
Copy or mail this file to all restricted clients.
On these clients install a soft link from the generic
-<span class="file">ntpkey_iff_</span>NsAralice
-Ns
-Ar
-alice
+<samp><span class="file">ntpkey_iff_</span></samp>NsAralice
to this file.
To further protect the integrity of the keys,
each file can be encrypted with a secret password.
in the group, generate the IFF parameter file.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-T</code> <code>-G</code> <code>-p</code> <code>-Ar</code> <code>-password</code> to produce her parameter file
-<span class="file">ntpkey_GQpar_</span>NsAralice.filestamp,
-Ns
-Ar
-alice.filestamp
-,
+<code>-T</code> <code>-G</code> <code>-p</code> <code>-password</code> to produce her parameter file
+<samp><span class="file">ntpkey_GQpar_</span></samp>NsAralice.filestamp,
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-<span class="file">ntpkey_gq_</span>NsAralice
-Ns
-Ar
-alice
+<samp><span class="file">ntpkey_gq_</span></samp>NsAralice
to this file.
In addition, on each host bob install a soft link
from generic
-<span class="file">ntpkey_gq_</span>NsArbob
-Ns
-Ar
-bob
+<samp><span class="file">ntpkey_gq_</span></samp>NsArbob
to this file.
As the GQ scheme updates the GQ parameters file and certificate
at the same time, keys and certificates can be regenerated as needed.
and bob one of her clients.
On TA trish run
<code>ntp-keygen</code>
-<code>-V</code> <code>-Ar</code> <code>-n</code> <code>-p</code> <code>-Ar</code> <code>-password</code>, where
-<kbd>n</kbd> is the number of revokable keys (typically 5) to produce
+<code>-V</code> <code>-n</code> <code>-p</code> <code>-password</code>, where
+<code>n</code> is the number of revokable keys (typically 5) to produce
the parameter file
-<span class="file">ntpkeys_MVpar_</span>NsArtrish.filestamp
-Ns
-Ar
-trish.filestamp
+<samp><span class="file">ntpkeys_MVpar_</span></samp>NsArtrish.filestamp
and client key files
-<span class="file">ntpkeys_MVkeyd_</span>NsArtrish.filestamp
-Ns
-Ar
-trish.filestamp
+<samp><span class="file">ntpkeys_MVkeyd_</span></samp>NsArtrish.filestamp
where
-<kbd>d</kbd> is the key number (0 \&<
-<kbd>d</kbd> \&<
-<kbd>n</kbd>). Copy the parameter file to alice and install a soft link
+<code>d</code> is the key number (0 \&<
+<code>d</code> \&<
+<code>n</code>). Copy the parameter file to alice and install a soft link
from the generic
-<span class="file">ntpkey_mv_</span>NsAralice
-Ns
-Ar
-alice
+<samp><span class="file">ntpkey_mv_</span></samp>NsAralice
to this file.
Copy one of the client key files to alice for later distribution
to her clients.
since they all work the same way.
Alice copies the client key file to all of her cliens.
On client bob install a soft link from generic
-<span class="file">ntpkey_mvkey_</span>NsArbob
-Ns
-Ar
-bob
+<samp><span class="file">ntpkey_mvkey_</span></samp>NsArbob
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
<div class="node">
-<p><hr>
<a name="Command"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Command</h3>
Line
Options
<dl>
-<dt><span class="samp">Fl</span><dd>Select certificate message digest/signature encryption scheme.
+<dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Select certificate message digest/signature encryption scheme.
The
-<kbd>scheme</kbd> can be one of the following:
+<code>scheme</code> can be one of the following:
.
Cm
RSA-MD2
<code>DSA-SHA1</code>. Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-<code>RSA-MD5</code>. <br><dt><span class="samp">Fl</span><dd>Enable debugging.
+<code>RSA-MD5</code>. <br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Enable debugging.
This option displays the cryptographic data produced in eye-friendly billboards.
-<br><dt><span class="samp">Fl</span><dd>Write the IFF client keys to the standard output.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters and keys for the GQ identification scheme,
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate keys for the GQ identification scheme
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate keys for the GQ identification scheme
using the existing GQ parameters.
If the GQ parameters do not yet exist, create them first.
-<br><dt><span class="samp">Fl</span><dd>Generate new host keys, obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters for the IFF identification scheme,
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate new host keys, obsoleting any that may exist.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate parameters for the IFF identification scheme,
obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Set the suject name to
-<kbd>name</kbd>. This is used as the subject field in certificates
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Set the suject name to
+<code>name</code>. This is used as the subject field in certificates
and in the file name for host and sign keys.
-<br><dt><span class="samp">Fl</span><dd>Generate MD5 keys, obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate a private certificate.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate MD5 keys, obsoleting any that may exist.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate a private certificate.
By default, the program generates public certificates.
-<br><dt><span class="samp">Fl</span><dd>Encrypt generated files containing private data with
-<kbd>password</kbd> and the DES-CBC algorithm.
-<br><dt><span class="samp">Fl</span><dd>Set the password for reading files to password.
-<br><dt><span class="samp">Fl</span><dd>Generate a new sign key of the designated type,
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Encrypt generated files containing private data with
+<code>password</code> and the DES-CBC algorithm.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Set the password for reading files to password.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate a new sign key of the designated type,
obsoleting any that may exist.
By default, the program uses the host key as the sign key.
-<br><dt><span class="samp">Fl</span><dd>Set the issuer name to
-<kbd>name</kbd>. This is used for the issuer field in certificates
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Set the issuer name to
+<code>name</code>. This is used for the issuer field in certificates
and in the file name for identity files.
-<br><dt><span class="samp">Fl</span><dd>Generate a trusted certificate.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate a trusted certificate.
By default, the program generates a non-trusted certificate.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+<br><dt>‘<samp><span class="samp">Fl</span></samp>’<dd>Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
<div class="node">
-<p><hr>
<a name="Random"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Random</h3>
<p>The entropy seed used by the OpenSSL library is contained in a file,
usually called
-.rnd, which must be available when starting the NTP daemon
+<code>.rnd</code>, which must be available when starting the NTP daemon
or the
<code>ntp-keygen</code>
program.
RANDFILE
environment variable is not present,
the library will look for the
-.rnd file in the user home directory.
+<code>.rnd</code> file in the user home directory.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
exits with a suitable error message.
<div class="node">
-<p><hr>
<a name="Cryptographic"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Cryptographic</h3>
Lines beginning with # are considered comments and ignored by the
<code>ntp-keygen</code>
program and
-<code>ntpd(8)</code>
+<code>ntpd(1ntpdmdoc)</code>
daemon.
Cryptographic values are encoded first using ASN.1 rules,
then encrypted if necessary, and finally written PEM-encoded
type
key
where
-<kbd>keyno</kbd> is a positive integer in the range 1-65,535,
-<kbd>type</kbd> is the string MD5 defining the key format and
-<kbd>key</kbd> is the key itself,
+<code>keyno</code> is a positive integer in the range 1-65,535,
+<code>type</code> is the string MD5 defining the key format and
+<code>key</code> is the key itself,
which is a printable ASCII string 16 characters or less in length.
Each character is chosen from the 93 printable characters
in the range 0x21 through 0x7f excluding space and the
-#
+‘#’
character.
<p>Note that the keys used by the
-<code>ntpq(8)</code>
+<code>ntpq(1ntpqmdoc)</code>
and
-<code>ntpdc(8)</code>
+<code>ntpdc(1ntpdcmdoc)</code>
programs
are checked against passwords requested by the programs
and entered by hand, so it is generally appropriate to specify these keys
<p>The
<code>ntp-keygen</code>
program generates a MD5 symmetric keys file
-<span class="file">ntpkey_MD5key_</span>NsArhostname.filestamp.
-Ns
-Ar
-hostname.filestamp
-.
+<samp><span class="file">ntpkey_MD5key_</span></samp>NsArhostname.filestamp.
Since the file contains private shared keys,
it should be visible only to root and distributed by secure means
to other subnet hosts.
The NTP daemon loads the file
-<span class="file">ntp.keys</span>,
-,
+<samp><span class="file">ntp.keys</span></samp>,
so
<code>ntp-keygen</code>
installs a soft link from this name to the generated file.
While this file is not used with the Autokey Version 2 protocol,
it is needed to authenticate some remote configuration commands
used by the
-<code>ntpq(8)</code>
+<code>ntpq(1ntpqmdoc)</code>
and
-<code>ntpdc(8)</code>
+<code>ntpdc(1ntpdcmdoc)</code>
utilities.
<p>This section was generated by <strong>AutoGen</strong>,
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>: ntp-keygen help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>: ntp-keygen help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>: imbits option (-b)
<li><a accesskey="3" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>: certificate option (-c)
<li><a accesskey="4" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>: cipher option (-C)
</ul>
<div class="node">
+<a name="ntp-keygen-usage"></a>
+<a name="ntp_002dkeygen-usage"></a>
<p><hr>
-
<a name="ntp_002dkeygen-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
-<h4 class="subsection">ntp-keygen help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntp-keygen help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntp_002dkeygen-help-3"></a>
This is the automatically generated usage text for ntp-keygen.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
- <pre class="example"> ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p336
+ <pre class="example"> ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p337
USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
</pre>
<div class="node">
+<a name="ntp-keygen-imbits"></a>
+<a name="ntp_002dkeygen-imbits"></a>
<p><hr>
-
<a name="ntp_002dkeygen-imbits"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">imbits option (-b)</h4>
<p><a name="index-ntp_002dkeygen_002dimbits-4"></a>
This is the “identity modulus bits” option.
-This option takes an argument number <span class="file">imbits</span>.
+This option takes an argument number <samp><span class="file">imbits</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>The number of bits in the identity modulus. The default is 256.
<div class="node">
+<a name="ntp-keygen-certificate"></a>
+<a name="ntp_002dkeygen-certificate"></a>
<p><hr>
-
<a name="ntp_002dkeygen-certificate"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">certificate option (-c)</h4>
<p><a name="index-ntp_002dkeygen_002dcertificate-5"></a>
This is the “certificate scheme” option.
-This option takes an argument string <span class="file">scheme</span>.
+This option takes an argument string <samp><span class="file">scheme</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
schemes must be used with a DSA sign key. The default without
this option is RSA-MD5.
<div class="node">
+<a name="ntp-keygen-cipher"></a>
+<a name="ntp_002dkeygen-cipher"></a>
<p><hr>
-
<a name="ntp_002dkeygen-cipher"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">cipher option (-C)</h4>
<p><a name="index-ntp_002dkeygen_002dcipher-6"></a>
This is the “privatekey cipher” option.
-This option takes an argument string <span class="file">cipher</span>.
+This option takes an argument string <samp><span class="file">cipher</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Select the cipher which is used to encrypt the files containing
private keys. The default is three-key triple DES in CBC mode,
-equivalent to "-C des-ede3-cbc". The openssl tool lists ciphers
+equivalent to "<code>-C des-ede3-cbc". The openssl tool lists ciphers
available in "openssl -h" output.
-<div class="node">
+</code><div class="node">
+<a name="ntp-keygen-id-key"></a>
+<a name="ntp_002dkeygen-id_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-id_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">id-key option (-e)</h4>
<p>Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
<div class="node">
+<a name="ntp-keygen-gq-params"></a>
+<a name="ntp_002dkeygen-gq_002dparams"></a>
<p><hr>
-
<a name="ntp_002dkeygen-gq_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">gq-params option (-G)</h4>
<p>Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-host-key"></a>
+<a name="ntp_002dkeygen-host_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-host_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">host-key option (-H)</h4>
<p>Generate new host keys, obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-iffkey"></a>
+<a name="ntp_002dkeygen-iffkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-iffkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">iffkey option (-I)</h4>
<p>Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
<div class="node">
+<a name="ntp-keygen-ident"></a>
+<a name="ntp_002dkeygen-ident"></a>
<p><hr>
-
<a name="ntp_002dkeygen-ident"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">ident option (-i)</h4>
<p><a name="index-ntp_002dkeygen_002dident-11"></a>
This is the “set autokey group name” option.
-This option takes an argument string <span class="file">group</span>.
+This option takes an argument string <samp><span class="file">group</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Set the optional Autokey group name to name. This is used in
the file name of IFF, GQ, and MV client parameters files. In
that role, the default is the host name if this option is not
-provided. The group name, if specified using -i/–ident or
-using -s/–subject-name following an '´character, is also a
-part of the self-signed host certificate's subject and issuer
-names in the form host
- <p>or 'server ident' configuration in ntpd's configuration file.
-<div class="node">
+provided. The group name, if specified using <code>-i/--ident</code> or
+using <code>-s/--subject-name</code> following an '<code>}' character,
+is also a part of the self-signed host certificate's subject and
+issuer names in the form host
+ <p>'crypto ident' or 'server ident' configuration in
+ntpd's configuration file.
+</code><div class="node">
+<a name="ntp-keygen-lifetime"></a>
+<a name="ntp_002dkeygen-lifetime"></a>
<p><hr>
-
<a name="ntp_002dkeygen-lifetime"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">lifetime option (-l)</h4>
<p><a name="index-ntp_002dkeygen_002dlifetime-12"></a>
-This is the “set certificate lifetime” option.
-This option takes an argument number <span class="file">lifetime</span>.
+This is the ``set certificate lifetime'' option.
+This option takes an argument number <samp><span class="file">lifetime</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Set the certificate expiration to lifetime days from now.
<div class="node">
+<a name="ntp-keygen-md5key"></a>
+<a name="ntp_002dkeygen-md5key"></a>
<p><hr>
-
<a name="ntp_002dkeygen-md5key"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">md5key option (-M)</h4>
<p><a name="index-ntp_002dkeygen_002dmd5key-13"></a>
-This is the “generate md5 keys” option.
+This is the ``generate md5 keys'' option.
Generate MD5 keys, obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-modulus"></a>
+<a name="ntp_002dkeygen-modulus"></a>
<p><hr>
-
<a name="ntp_002dkeygen-modulus"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">modulus option (-m)</h4>
<p><a name="index-ntp_002dkeygen_002dmodulus-14"></a>
-This is the “modulus” option.
-This option takes an argument number <span class="file">modulus</span>.
+This is the ``modulus'' option.
+This option takes an argument number <samp><span class="file">modulus</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>The number of bits in the prime modulus. The default is 512.
<div class="node">
+<a name="ntp-keygen-pvt-cert"></a>
+<a name="ntp_002dkeygen-pvt_002dcert"></a>
<p><hr>
-
<a name="ntp_002dkeygen-pvt_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dpasswd">ntp-keygen pvt-passwd</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dpasswd">ntp-keygen pvt-passwd</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">pvt-cert option (-P)</h4>
<p><a name="index-ntp_002dkeygen_002dpvt_002dcert-15"></a>
-This is the “generate pc private certificate” option.
+This is the ``generate pc private certificate'' option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Generate a private certificate. By default, the program generates
public certificates.
<div class="node">
+<a name="ntp-keygen-pvt-passwd"></a>
+<a name="ntp_002dkeygen-pvt_002dpasswd"></a>
<p><hr>
-
<a name="ntp_002dkeygen-pvt_002dpasswd"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-get_002dpvt_002dpasswd">ntp-keygen get-pvt-passwd</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-get_002dpvt_002dpasswd">ntp-keygen get-pvt-passwd</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">pvt-passwd option (-p)</h4>
<p><a name="index-ntp_002dkeygen_002dpvt_002dpasswd-16"></a>
-This is the “output private password” option.
-This option takes an argument string <span class="file">passwd</span>.
+This is the ``output private password'' option.
+This option takes an argument string <samp><span class="file">passwd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
</ul>
<p>Encrypt generated files containing private data with the specified
-password and the cipher selected with -C/–cipher.
+password and the cipher selected with <code>-C/--cipher</code>.
<div class="node">
+<a name="ntp-keygen-get-pvt-passwd"></a>
+<a name="ntp_002dkeygen-get_002dpvt_002dpasswd"></a>
<p><hr>
-
<a name="ntp_002dkeygen-get_002dpvt_002dpasswd"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-pvt_002dpasswd">ntp-keygen pvt-passwd</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">get-pvt-passwd option (-q)</h4>
<p><a name="index-ntp_002dkeygen_002dget_002dpvt_002dpasswd-17"></a>
-This is the “input private password” option.
-This option takes an argument string <span class="file">passwd</span>.
+This is the ``input private password'' option.
+This option takes an argument string <samp><span class="file">passwd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Set the password for reading files to the specified password.
<div class="node">
+<a name="ntp-keygen-sign-key"></a>
+<a name="ntp_002dkeygen-sign_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-sign_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-get_002dpvt_002dpasswd">ntp-keygen get-pvt-passwd</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">sign-key option (-S)</h4>
<p><a name="index-ntp_002dkeygen_002dsign_002dkey-18"></a>
-This is the “generate sign key (rsa or dsa)” option.
-This option takes an argument string <span class="file">sign</span>.
+This is the ``generate sign key (rsa or dsa)'' option.
+This option takes an argument string <samp><span class="file">sign</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
that may exist. By default, the program uses the host key as the
sign key.
<div class="node">
+<a name="ntp-keygen-subject-name"></a>
+<a name="ntp_002dkeygen-subject_002dname"></a>
<p><hr>
-
<a name="ntp_002dkeygen-subject_002dname"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">subject-name option (-s)</h4>
<p><a name="index-ntp_002dkeygen_002dsubject_002dname-19"></a>
-This is the “set host and optionally group name” option.
-This option takes an argument string <span class="file">host@group</span>.
+This is the ``set host and optionally group name'' option.
+This option takes an argument string <samp><span class="file">host@group</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
</ul>
<p>Set the Autokey host name, and optionally, group name specified
-following an '´character. The host name is used in the file
+following an '<code>}' character. The host name is used in the file
name of generated host and signing certificates, without the
group name. The host name, and if provided, group name are used
in host
- <p>fields. Specifying '-s is allowed, and results in
-leaving the host name unchanged while appending
+ <p>fields. Specifying '-s
+ <p>leaving the host name unchanged while appending
<p>subject and issuer fields, as with -i group. The group name, or
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
-<div class="node">
+</code><div class="node">
+<a name="ntp-keygen-trusted-cert"></a>
+<a name="ntp_002dkeygen-trusted_002dcert"></a>
<p><hr>
-
<a name="ntp_002dkeygen-trusted_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">trusted-cert option (-T)</h4>
<p><a name="index-ntp_002dkeygen_002dtrusted_002dcert-20"></a>
-This is the “trusted certificate (tc scheme)” option.
+This is the ``trusted certificate (tc scheme)'' option.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Generate a trusted certificate. By default, the program generates
a non-trusted certificate.
<div class="node">
+<a name="ntp-keygen-mv-params"></a>
+<a name="ntp_002dkeygen-mv_002dparams"></a>
<p><hr>
-
<a name="ntp_002dkeygen-mv_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">mv-params option (-V)</h4>
<p><a name="index-ntp_002dkeygen_002dmv_002dparams-21"></a>
-This is the “generate <num> mv parameters” option.
-This option takes an argument number <span class="file">num</span>.
+This is the ``generate <num> mv parameters'' option.
+This option takes an argument number <samp><span class="file">num</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Generate parameters and keys for the Mu-Varadharajan (MV)
identification scheme.
<div class="node">
+<a name="ntp-keygen-mv-keys"></a>
+<a name="ntp_002dkeygen-mv_002dkeys"></a>
<p><hr>
-
<a name="ntp_002dkeygen-mv_002dkeys"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">mv-keys option (-v)</h4>
<p><a name="index-ntp_002dkeygen_002dmv_002dkeys-22"></a>
-This is the “update <num> mv keys” option.
-This option takes an argument number <span class="file">num</span>.
+This is the ``update <num> mv keys'' option.
+This option takes an argument number <samp><span class="file">num</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must be compiled in by defining <code>AUTOKEY</code> during the compilation.
</ul>
- <p>This option has no <span class="samp">doc</span> documentation.
+ <p>This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
<div class="node">
+<a name="ntp-keygen-config"></a>
+<a name="ntp_002dkeygen-config"></a>
<p><hr>
-
<a name="ntp_002dkeygen-config"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntp-keygen</h4>
<li>$PWD
</ul>
The environment variables <code>HOME</code>, and <code>PWD</code>
-are expanded and replaced when <span class="file">ntp-keygen</span> runs.
+are expanded and replaced when <samp><span class="file">ntp-keygen</span></samp> runs.
For any of these that are plain files, they are simply processed.
-For any that are directories, then a file named <span class="file">.ntprc</span> is searched for
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
within that directory and processed.
<p>Configuration files may be in a wide variety of formats.
Common options are collected at the top, followed by program specific
segments. The segments are separated by lines like:
<pre class="example"> [NTP-KEYGEN]
- </pre>
+</pre>
<p class="noindent">or by
<pre class="example"> <?program ntp-keygen>
- </pre>
+</pre>
<p class="noindent">Do not mix these styles within one configuration file.
<p>Compound values and carefully constructed string values may also be
<pre class="example"> <option-name>
<sub-opt>...&lt;...&gt;...</sub-opt>
</option-name>
- </pre>
+</pre>
<p class="noindent">yielding an <code>option-name.sub-opt</code> string value of
<pre class="example"> "...<...>..."
- </pre>
+</pre>
<p><code>AutoOpts</code> does not track suboptions. You simply note that it is a
hierarchicly valued option. <code>AutoOpts</code> does provide a means for searching
the associated name/value pair list (see: optionFindValue).
first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntp-keygen-exit-status"></a>
+<a name="ntp_002dkeygen-exit-status"></a>
<p><hr>
-
<a name="ntp_002dkeygen-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
-<br><dt><span class="samp">66 (EX_NOINPUT)</span><dd>A specified configuration file could not be loaded.
-<br><dt><span class="samp">70 (EX_SOFTWARE)</span><dd>libopts had an internal operational error. Please report
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded.
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</dl>
<div class="node">
+<a name="ntp-keygen-Usage"></a>
+<a name="ntp_002dkeygen-Usage"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Usage</h4>
<p>The
-<code>-p</code> <code>-Ar</code> <code>-password</code> option specifies the write password and
-<code>-q</code> <code>-Ar</code> <code>-password</code> option the read password for previously encrypted files.
+<code>-p</code> <code>-password</code> option specifies the write password and
+<code>-q</code> <code>-password</code> option the read password for previously encrypted files.
The
<code>ntp-keygen</code>
program prompts for the password if it reads an encrypted file
no write password is specified, the read password is used
as the write password by default.
<div class="node">
+<a name="ntp-keygen-Notes"></a>
+<a name="ntp_002dkeygen-Notes"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Notes"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Notes</h4>
<p>This document corresponds to version of NTP.
Portions of this document came from FreeBSD.
<div class="node">
+<a name="ntp-keygen-Bugs"></a>
+<a name="ntp_002dkeygen-Bugs"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Bugs"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Bugs</h4>
<p>Please report bugs to http://bugs.ntp.org .
<div class="node">
+<a name="Random-Seed-File"></a>
<p><hr>
-
<a name="Random-Seed-File"></a>Next: <a rel="next" accesskey="n" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>,
+Next: <a rel="next" accesskey="n" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>,
Previous: <a rel="previous" accesskey="p" href="#Running-the-Program">Running the Program</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<p>All cryptographically sound key generation schemes must have means to
randomize the entropy seed used to initialize the internal
-pseudo-random number generator used by the OpenSSL library routines. If
-a site supports ssh, it is very likely that means to do this are
-already available. The entropy seed used by the OpenSSL library is
-contained in a file, usually called .rnd, which must be available when
-starting the ntp-keygen program or ntpd daemon.
+pseudo-random number generator used by the OpenSSL library routines.
+If a site supports ssh, it is very likely that means to do this are
+already available.
+The entropy seed used by the OpenSSL library is contained in a file,
+usually called <code>.rnd</code>, which must be available when
+starting the <code>ntp-keygen</code> program or <code>ntpd</code> daemon.
<p>The OpenSSL library looks for the file using the path specified by the
-RANDFILE environment variable in the user home directory, whether root
-or some other user. If the RANDFILE environment variable is not
-present, the library looks for the .rnd file in the user home
-directory. Since both the ntp-keygen program and ntpd daemon must run
-as root, the logical place to put this file is in /.rnd or /root/.rnd.
+<code>RANDFILE</code> environment variable in the user home directory, whether root
+or some other user.
+If the <code>RANDFILE</code> environment variable is not
+present, the library looks for the <code>.rnd</code> file in the user home
+directory.
+Since both the <code>ntp-keygen</code> program and <code>ntpd</code> daemon must run
+as root, the logical place to put this file is in <code>/.rnd</code> or
+<code>/root/.rnd</code>.
If the file is not available or cannot be written, the program exits
with a message to the system log.
<div class="node">
+<a name="Cryptographic-Data-Files"></a>
<p><hr>
-
<a name="Cryptographic-Data-Files"></a>Previous: <a rel="previous" accesskey="p" href="#Random-Seed-File">Random Seed File</a>,
+Previous: <a rel="previous" accesskey="p" href="#Random-Seed-File">Random Seed File</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<h3 class="section">Cryptographic Data Files</h3>
- <p>File and link names are in the form ntpkey_key_name.fstamp, where key
-is the key or parameter type, name is the host or group name and fstamp
-is the filestamp (NTP seconds) when the file was created). By
-convention, key names in generated file names include both upper and
+ <p>File and link names are in the <code>form ntpkey_key_name.fstamp</code>,
+where <code>key</code> is the key or parameter type,
+<code>name</code> is the host or group name and
+<code>fstamp</code> is the filestamp (NTP seconds) when the file was created).
+By convention, key names in generated file names include both upper and
lower case characters, while key names in generated link names include
only lower case characters. The filestamp is not used in generated link
names.
- <p>The key name is a string defining the cryptographic key type. Key types
-include public/private keys host and sign, certificate cert and several
-challenge/response key types. By convention, client files used for
+ <p>The key name is a string defining the cryptographic key type.
+Key types include public/private keys host and sign, certificate cert
+and several challenge/response key types.
+By convention, client files used for
challenges have a par subtype, as in the IFF challenge IFFpar, while
server files for responses have a key subtype, as in the GQ response
GQkey.
<p>All files begin with two nonencrypted lines. The first line contains
-the file name in the format ntpkey_key_host.fstamp. The second line
-contains the datestamp in conventional Unix date format. Lines
-beginning with # are ignored.
+the file name in the format <code>ntpkey_key_host.fstamp</code>.
+The second line contains the datestamp in conventional Unix date format.
+Lines beginning with <code>#</code> are ignored.
<p>The remainder of the file contains cryptographic data encoded first
using ASN.1 rules, then encrypted using the DES-CBC algorithm with
given password and finally written in PEM-encoded printable ASCII text
preceded and followed by MIME content identifier lines.
- <p>The format of the symmetric keys file, ordinarily named ntp.keys, is
-somewhat different than the other files in the interest of backward
-compatibility. Ordinarily, the file is generated by this program, but
+ <p>The format of the symmetric keys file, ordinarily named <code>ntp.keys</code>,
+is somewhat different than the other files in the interest of backward
+compatibility.
+Ordinarily, the file is generated by this program, but
it can be constructed and edited using an ordinary text editor.
<pre class="example"> # ntpkey_MD5key_hms.local.3564038757
18 SHA1 b5520c9fadd7ad3fd8bfa061c8821b65d029bb37 # SHA1 key
19 SHA1 8c74fb440ec80f453ec6aaa62b9baed0ab723b92 # SHA1 key
20 SHA1 6bc05f734306a189326000970c19b3910f403795 # SHA1 key
- </pre>
+</pre>
<p>Figure 1. Typical Symmetric Key File
<p>Figure 1 shows a typical symmetric keys file used by the reference
-implementation. Each line of the file contains three fields, first an
+implementation.
+Each line of the file contains three fields, first an
integer between 1 and 65534, inclusive, representing the key identifier
-used in the server and peer configuration commands. Next is the key
-type for the message digest algorithm, which in the absence of the
+used in the server and peer configuration commands.
+Next is the key type for the message digest algorithm,
+which in the absence of the
OpenSSL library must be MD5 to designate the MD5 message digest
-algorithm. If the OpenSSL library is installed, the key type can be any
-message digest algorithm supported by that library. However, if
+algorithm.
+If the OpenSSL library is installed, the key type can be any
+message digest algorithm supported by that library.
+However, if
compatibility with FIPS 140-2 is required, the key type must be either
-SHA or SHA1. The key type can be changed using an ASCII text editor.
+SHA or SHA1.
+The key type can be changed using an ASCII text editor.
<p>An MD5 key consists of a printable ASCII string less than or equal to
-16 characters and terminated by whitespace or a # character. An OpenSSL
+16 characters and terminated by whitespace or a # character.
+An OpenSSL
key consists of a hex-encoded ASCII string of 40 characters, which is
truncated as necessary.
- <p>Note that the keys used by the ntpq and ntpdc programs are checked
-against passwords requested by the programs and entered by hand, so it
+ <p>Note that the keys used by the <code>ntpq</code> and <code>ntpdc</code> programs are
+checked against passwords requested by the programs and entered by hand,
+so it
is generally appropriate to specify these keys in human readable ASCII
format.
<p>The <code>ntp-keygen</code> program generates a MD5 symmetric keys file
-<code>ntpkey_MD5key_hostname.filestamp</code>. Since the file contains private
+<code>ntpkey_MD5key_hostname.filestamp</code>.
+Since the file contains private
shared keys, it should be visible only to root and distributed by
-secure means to other subnet hosts. The NTP daemon loads the file
-<code>ntp.keys</code>, so <code>ntp-keygen</code> installs a soft link from this name to the
-generated file. Subsequently, similar soft links must be installed by
-manual or automated means on the other subnet hosts. While this file is
+secure means to other subnet hosts.
+The NTP daemon loads the file <code>ntp.keys</code>, so <code>ntp-keygen</code>
+installs a soft link from this name to the generated file.
+Subsequently, similar soft links must be installed by
+manual or automated means on the other subnet hosts.
+While this file is
not used with the Autokey Version 2 protocol, it is needed to
authenticate some remote configuration commands used by the <code>ntpq</code> and
<code>ntpdc</code> utilities.
projects / thirdparty / ntp.git / commitdiff
