# Serve time even if not synchronized to any NTP server.
#local stratum 10
-# Specify file containing keys for NTP and command authentication.
-keyfile /etc/chrony.keys
-
-# Specify key number for command authentication.
-commandkey 1
-
-# Generate new command key on start if missing.
-generatecommandkey
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
# Disable logging of client accesses.
noclientlog
driftfile /var/lib/chrony/drift
-# If you want to use the program called chronyc to configure aspects of
-# chronyd's operation once it is running (e.g. tell it the Internet link
-# has gone up or down), you need a password. This is stored in the
-# following keys file. (You also need keys to support authenticated NTP
-# exchanges between cooperating machines.) Again, this option is
-# assumed by default.
+# If you want to enable NTP authentication with symmetric keys, you will need
+# to uncomment the following line and edit the file to set up the keys.
-keyfile /etc/chrony.keys
-
-# Tell chronyd which numbered key in the file is used as the password
-# for chronyc. (You can pick any integer up to 2**32-1. '1' is just a
-# default. Using another value will _NOT_ increase security.)
-
-commandkey 1
-
-# With this directive a random password will be generated automatically.
-
-generatecommandkey
+! keyfile /etc/chrony.keys
# chronyd can save the measurement history for the servers to files when
# it it exits. This is useful in 2 situations:
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
-# NOTE, even if the host where you run chronyc is granted access, you
-# still need a command key set up and you have to know the password to
-# put into chronyc to allow you to modify chronyd's parameters. By
-# default all you can do is view information about chronyd's operation.
-
#######################################################################
### REAL TIME CLOCK
# chronyd can characterise the system's real-time clock. This is the
-#######################################################################
+# This is an example chrony keys file. It is used for NTP authentication with
+# symmetric keys. It should be readable only by root or the user to which
+# chronyd is configured to switch to.
#
-# This is an example chrony keys file. You should copy it to /etc/chrony.keys
-# after editing it to set up the key(s) you want to use. It should be readable
-# only by root or the user chronyd drops the root privileges to. In most
-# situations, you will require a single key (the 'commandkey') so that you can
-# supply a password to chronyc to enable you to modify chronyd's operation
-# whilst it is running.
-#
-# Copyright 2002 Richard P. Curnow
-#
-######################################################################
+# Don't use the example keys! The keys need to be random for maximum security.
+# These shell commands can be used to generate random MD5 and SHA1 keys on
+# systems which have the /dev/urandom device:
+# echo "1 MD5 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 32)"
+# echo "1 SHA1 HEX:$(tr -d -c '[:xdigit:]' < /dev/urandom | head -c 40)"
# Examples of valid keys:
#1 ALongAndRandomPassword
#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC
#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C
-
-# The keys should be random for maximum security. If you wanted to use a key
-# with ID 1 as your commandkey (i.e. chronyc password) you would put
-# "commandkey 1" into chrony.conf. If no commandkey is present in the keys
-# file and the generatecommandkey directive is specified in chrony.conf,
-# a random commandkey will be generated and added to the keys file
-# automatically on chronyd start.
-
-# You might want to define more keys if you use the authentication facility
-# in the network time protocol to authenticate request/response packets between
-# trusted clients and servers.
nocreate
sharedscripts
postrotate
- /usr/bin/chronyc -a cyclelogs > /dev/null 2>&1 || true
+ /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
endscript
}
if [ "$2" = "up" ]; then
/sbin/ip route list dev "$1" | grep -q '^default' &&
- /usr/bin/chronyc -a online > /dev/null 2>&1
+ /usr/bin/chronyc online > /dev/null 2>&1
fi
if [ "$2" = "down" ]; then
/sbin/ip route list | grep -q '^default' ||
- /usr/bin/chronyc -a offline > /dev/null 2>&1
+ /usr/bin/chronyc offline > /dev/null 2>&1
fi
exit 0
projects / thirdparty / chrony.git / commitdiff
