+(4.2.7p345) 2013/01/04 Released by Harlan Stenn <stenn@ntp.org>
* Update several .def files to use autogen-5.17 feature set.
(4.2.7p344) 2013/01/03 Released by Harlan Stenn <stenn@ntp.org>
* Refactor and enhance mdoc2texi.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:09:25 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:03:01 AM by AutoGen 5.17.1pre11
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
services when they become universally available.
@node ntp.conf Notes
@subsection ntp.conf Notes
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version #VERSION# of NTP.
This document was derived from FreeBSD.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:09:27 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:03:03 AM by AutoGen 5.17.1pre11
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
@code{sntp(1sntpmdoc)}
@node ntp.keys Notes
@subsection ntp.keys Notes
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version #VERSION# of NTP.
This document was derived from FreeBSD.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:09:28 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:03:04 AM by AutoGen 5.17.1pre11
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpd - NTP daemon program - Ver. 4.2.7p344
+ntpd - NTP daemon program - Ver. 4.2.7p345
USAGE: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
mind.
@node ntpd Notes
@subsection ntpd Notes
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version 4.2.7p345 of NTP.
Portions of this document came from FreeBSD.
-.TH ntp.conf 5man "03 Jan 2013" "4.2.7p344" "File Formats"
+.TH ntp.conf 5man "04 Jan 2013" "4.2.7p345" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:10 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:47 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.\"
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
-show time offset (seconds), frequency offset (parts per million -
+show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
.ti -4
.br
.in +4
.nf
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.in -4
.fi
.PP
.Ql = ,
.Ql +
and
-.Ql - ,
+.Ql \- ,
where
.Ql =
sets the
priority mask,
.Ql +
adds and
-.Ql -
+.Ql \-
removes
messages.
.Xr syslog 3
be used instead of the default system
.Xr syslog 3
facility.
-This is the same operation as the -l command line option.
+This is the same operation as the \-l command line option.
.TP
.BR Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.TP
.BR Pa /etc/ntp.conf
.TP
.BR Pa ntp_dh
Diffie-Hellman agreement parameters
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH "SEE ALSO"
.SH SEE ALSO
.Xr ntpd 1ntpdmdoc ,
These should be obtained via secure directory
services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_CONF 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:31 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:06 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nd Network Time Protocol (NTP) daemon configuration file format
.Sh SYNOPSIS
.Nm
-.Op Fl \-option-name
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
some of which may be optional, separated by whitespace.
Commands may not be continued over multiple lines.
Arguments may be host names,
-host addresses written in numeric, dotted-quad form,
+host addresses written in numeric, dotted\-quad form,
integers, floating point numbers (when specifying times in seconds)
and text strings.
.Pp
of options not listed may not be caught as an error, but may result
in some weird and even destructive behavior.
.Pp
-If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+If the Basic Socket Interface Extensions for IPv6 (RFC\-2553)
is detected, support for the IPv6 address family is generated
in addition to the default support of the IPv4 address family.
In a few cases, including the reslist billboard generated
The
.Ar address
can be
-either a DNS name or an IP address in dotted-quad notation.
+either a DNS name or an IP address in dotted\-quad notation.
Additional information on association behavior can be found in the
.Qq Association Management
page
b or m addresses.
.It Ic peer
For type s addresses (only), this command mobilizes a
-persistent symmetric-active mode association with the specified
+persistent symmetric\-active mode association with the specified
remote peer.
In this mode the local clock can be synchronized to
the remote peer or the remote peer can be synchronized to the local
.It Cm ttl Ar ttl
This option is used only with broadcast server and manycast
client modes.
-It specifies the time-to-live
+It specifies the time\-to\-live
.Ar ttl
to
use on broadcast server and multicast server and the maximum
.It Cm version Ar version
Specifies the version number to be used for outgoing NTP
packets.
-Versions 1-4 are the choices, with version 4 the
+Versions 1\-4 are the choices, with version 4 the
default.
.El
.Ss Auxiliary Commands
synchronizes to succeeding broadcast messages.
Note that, in order
to avoid accidental or malicious disruption in this mode, both the
-server and client should operate using symmetric-key or public-key
+server and client should operate using symmetric\-key or public\-key
authentication as described in
.Sx Authentication Options .
.It Ic manycastserver Ar address ...
implosion at the original sender.
Note that, in order to avoid
accidental or malicious disruption in this mode, both the server
-and client should operate using symmetric-key or public-key
+and client should operate using symmetric\-key or public\-key
authentication as described in
.Sx Authentication Options .
.It Ic multicastclient Ar address ...
which it synchronizes to succeeding multicast messages.
Note that,
in order to avoid accidental or malicious disruption in this mode,
-both the server and client should operate using symmetric-key or
-public-key authentication as described in
+both the server and client should operate using symmetric\-key or
+public\-key authentication as described in
.Sx Authentication Options .
.El
.Sh Authentication Support
server is in fact known and trusted and not an intruder intending
accidentally or on purpose to masquerade as that server.
The NTPv3
-specification RFC-1305 defines a scheme which provides
+specification RFC\-1305 defines a scheme which provides
cryptographic authentication of received NTP packets.
Originally,
this was done using the Data Encryption Standard (DES) algorithm
operating in Cipher Block Chaining (CBC) mode, commonly called
-DES-CBC.
+DES\-CBC.
Subsequently, this was replaced by the RSA Message Digest
-5 (MD5) algorithm using a private key, commonly called keyed-MD5.
-Either algorithm computes a message digest, or one-way hash, which
+5 (MD5) algorithm using a private key, commonly called keyed\-MD5.
+Either algorithm computes a message digest, or one\-way hash, which
can be used to verify the server has the correct private key and
key identifier.
.Pp
further details are in the briefings, papers
and reports at the NTP project page linked from
.Li http://www.ntp.org/ .
-.Ss Symmetric-Key Cryptography
-The original RFC-1305 specification allows any one of possibly
-65,534 keys, each distinguished by a 32-bit key identifier, to
+.Ss Symmetric\-Key Cryptography
+The original RFC\-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32\-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
utility.
.Ss Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
-described in RFC-1305 and in addition the Autokey protocol,
+described in RFC\-1305 and in addition the Autokey protocol,
which is based on public key cryptography.
The Autokey Version 2 protocol described on the Autokey Protocol
page verifies packet integrity using MD5 message digests
Most modes use a special cookie which can be
computed independently by the client and server,
but encrypted in transmission.
-All modes use in addition a variant of the S-KEY scheme,
-in which a pseudo-random key list is generated and used
+All modes use in addition a variant of the S\-KEY scheme,
+in which a pseudo\-random key list is generated and used
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
The specific cryptographic environment used by Autokey servers
and clients is determined by a set of files
and soft links generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+.Xr ntp\-keygen 1ntpkeygenmdoc
program.
This includes a required host key file,
required certificate file and optional sign key file,
same key and the message is verified, Bob sends Cathy a reply
authenticated with that key.
If verification fails,
-Bob sends Cathy a thing called a crypto-NAK, which tells her
+Bob sends Cathy a thing called a crypto\-NAK, which tells her
something broke.
She can see the evidence using the
.Xr ntpq 1ntpqmdoc
.Ss Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+.Xr ntp\-keygen 1ntpkeygenmdoc
utility program, including symmetric key, host key and
public certificate files, as well as sign key, identity parameters
and leapseconds files.
Specifies the key identifier to use with the
.Xr ntpq 1ntpqmdoc
utility, which uses the standard
-protocol defined in RFC-1305.
+protocol defined in RFC\-1305.
The
.Ar key
argument is
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
.It Ic revoke Ar logsec
-Specifies the interval between re-randomization of certain
+Specifies the interval between re\-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
seconds.
These values need to be updated frequently in order to
-deflect brute-force attacks on the algorithms of the scheme;
+deflect brute\-force attacks on the algorithms of the scheme;
however, updating some values is a relatively expensive operation.
The default interval is 16 (65,536 s or about 18 hours).
For poll
servers.
The
.Ar key
-arguments are 32-bit unsigned
+arguments are 32\-bit unsigned
integers with values from 1 to 65,534.
.El
.Ss Error Codes
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the
-clock address in dotted-quad notation.
+clock address in dotted\-quad notation.
The final field shows the last
timecode received from the clock in decoded ASCII format, where
meaningful.
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the peer
-address in dotted-quad notation, The final message field includes the
+address in dotted\-quad notation, The final message field includes the
message type and certain ancillary information.
See the
.Sx Authentication Options
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
-show time offset (seconds), frequency offset (parts per million -
+show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
.It Cm peerstats
generation set named
.Cm peerstats :
.Bd -literal
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.Ed
.Pp
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
-show the peer address in dotted-quad notation and status,
+show the peer address in dotted\-quad notation and status,
respectively.
The status field is encoded in hex in the format
described in Appendix A of the NTP specification RFC 1305.
The final four fields show the offset,
delay, dispersion and RMS jitter, all in seconds.
.It Cm rawstats
-Enables recording of raw-timestamp statistics information.
+Enables recording of raw\-timestamp statistics information.
This
includes statistics records of all peers of a NTP server and of
special signals, where present and configured.
time (seconds and fraction past UTC midnight).
The next two fields
show the remote peer or clock address followed by the local address
-in dotted-quad notation.
+in dotted\-quad notation.
The final four fields show the originate,
receive, transmit and final NTP timestamps in order.
The timestamp
.Ar filegen
option.
It is defined by the
-server, usually specified as a compile-time constant.
+server, usually specified as a compile\-time constant.
It may,
however, be configurable for individual file generation sets
via other commands.
the form
.Cm YYYYMMdd .
.Cm YYYY
-is a 4-digit year number (e.g., 1992).
+is a 4\-digit year number (e.g., 1992).
.Cm MM
is a two digit month number.
.Cm dd
.It Cm week
Any file set member contains data related to a certain week of
a year.
-The term week is defined by computing day-of-year
+The term week is defined by computing day\-of\-year
modulo 7.
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
-filename base: A dot, a 4-digit year number, the letter
+filename base: A dot, a 4\-digit year number, the letter
.Cm W ,
-and a 2-digit week number.
+and a 2\-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
.No . Ns Ar 1992W1 .
.It Cm month
One generation file set element is generated per month.
The
-file name suffix consists of a dot, a 4-digit year number, and
-a 2-digit month.
+file name suffix consists of a dot, a 4\-digit year number, and
+a 2\-digit month.
.It Cm year
One generation file element is generated per year.
The filename
The filename
suffix consists of a dot, the letter
.Cm a ,
-and an 8-digit number.
+and an 8\-digit number.
This number is taken to be the number of seconds the server is
-running at the start of the corresponding 24-hour period.
+running at the start of the corresponding 24\-hour period.
Information is only written to a file generation by specifying
.Cm enable ;
output is prevented by specifying
When a client or network is denied access
for an indefinate period, the only way at present to remove
the restrictions is by restarting the server.
-.Ss The Kiss-of-Death Packet
+.Ss The Kiss\-of\-Death Packet
Ordinarily, packets denied service are simply dropped with no
further action except incrementing statistics counters.
Sometimes a
explicitly requests the client to stop sending and leave a message
for the system operator.
A special packet format has been created
-for this purpose called the "kiss-of-death" (KoD) packet.
+for this purpose called the "kiss\-of\-death" (KoD) packet.
KoD packets have the leap bits set unsynchronized and stratum set
-to zero and the reference identifier field set to a four-byte
+to zero and the reference identifier field set to a four\-byte
ASCII code.
If the
.Cm noserve
.Cm minimum
subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
-and a kiss-o'-death packet returned if enabled.
+and a kiss\-o'\-death packet returned if enabled.
The default
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
-for packets that overflow the rate-control window.
+for packets that overflow the rate\-control window.
.It Xo Ic restrict address
.Op Cm mask Ar mask
.Op Ar flag ...
The
.Ar address
argument expressed in
-dotted-quad form is the address of a host or network.
+dotted\-quad form is the address of a host or network.
Alternatively, the
.Ar address
argument can be a valid host DNS name.
The
.Ar mask
-argument expressed in dotted-quad form defaults to
+argument expressed in dotted\-quad form defaults to
.Cm 255.255.255.255 ,
meaning that the
.Ar address
ones redundant.
The flags can generally be classed into two
categories, those which restrict time service and those which
-restrict informational queries and attempts to do run-time
+restrict informational queries and attempts to do run\-time
reconfiguration of the server.
One or more of the following flags
may be specified:
.Xr ntpdc 1ntpdcmdoc
queries.
.It Cm kod
-If this flag is set when an access violation occurs, a kiss-o'-death
+If this flag is set when an access violation occurs, a kiss\-o'\-death
(KoD) packet is sent.
KoD packets are rate limited to no more than one
per second.
Both
.Cm ntpport
and
-.Cm non-ntpport
+.Cm non\-ntpport
may
be specified.
The
to sustain this number of servers should one or another fail.
.Pp
Note that the manycasting paradigm does not coincide
-with the anycast paradigm described in RFC-1546,
+with the anycast paradigm described in RFC\-1546,
which is designed to find a single server from a clique
of servers providing the same service.
The manycast paradigm is designed to find a plurality
and IPv6 address FF05::101 (site local) for NTP.
When more servers are needed, it broadcasts manycast
client messages to this address at the minimum feasible rate
-and minimum feasible time-to-live (TTL) hops, depending
+and minimum feasible time\-to\-live (TTL) hops, depending
on how many servers have already been found.
There can be as many manycast client associations
as different group address, each one serving as a template
in burst mode in order to reliably set the host clock
and validate the source.
This normally results
-in a volley of eight client/server at 2-s intervals
+in a volley of eight client/server at 2\-s intervals
during which both the synchronization and cryptographic
protocols run concurrently.
Following the volley,
.Pp
The manycast client polling strategy is designed to reduce
as much as possible the volume of manycast client messages
-and the effects of implosion due to near-simultaneous
+and the effects of implosion due to near\-simultaneous
arrival of manycast server messages.
The strategy is determined by the
.Ic manycastclient ,
If one of the primary servers loses its GPS receiver,
it will continue to operate as a client and other clients
will time out the corresponding association and
-re-associate accordingly.
+re\-associate accordingly.
.Pp
Some administrators prefer to avoid running
.Xr ntpd 1ntpdmdoc
This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
-in an expanding-ring search.
+in an expanding\-ring search.
The default is eight
multiples of 32 starting at 31.
.El
.Sh Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
-satellite and modem reference clocks plus a special pseudo-clock
+satellite and modem reference clocks plus a special pseudo\-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
.Pa /usr/share/doc/ntp ) .
In addition, support for a PPS
signal is available as described in the
-.Qq Pulse-per-second (PPS) Signal Interfacing
+.Qq Pulse\-per\-second (PPS) Signal Interfacing
page
(available as part of the HTML documentation
provided in
denoting the clock type and
.Ar u
indicates the unit
-number in the range 0-3.
+number in the range 0\-3.
While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
options can be used to
override the defaults for the device.
There are two optional
-device-dependent time offsets and four flags that can be included
+device\-dependent time offsets and four flags that can be included
in the
.Ic fudge
command as well.
.Cm stratum
option is used for this purpose.
Also, in cases
-involving both a reference clock and a pulse-per-second (PPS)
+involving both a reference clock and a pulse\-per\-second (PPS)
discipline signal, it is useful to specify the reference clock
identifier as other than the default, depending on the driver.
The
for further information.
.It Cm mode Ar int
Specifies a mode number which is interpreted in a
-device-specific fashion.
+device\-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
.Bl -tag -width indent
.It Cm time1 Ar sec
Specifies a constant to be added to the time offset produced by
-the driver, a fixed-point decimal number in seconds.
+the driver, a fixed\-point decimal number in seconds.
This is used
as a calibration constant to adjust the nominal time offset of a
particular clock to agree with an external standard, such as a
provided in
.Pa /usr/share/doc/ntp ) .
.It Cm time2 Ar secs
-Specifies a fixed-point decimal number in seconds, which is
-interpreted in a driver-dependent way.
+Specifies a fixed\-point decimal number in seconds, which is
+interpreted in a driver\-dependent way.
See the descriptions of
specific drivers in the
.Qq Reference Clock Drivers
itself.
.It Cm mode Ar int
Specifies a mode number which is interpreted in a
-device-specific fashion.
+device\-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
.Pp
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
-in parts-per-million (PPM).
+in parts\-per\-million (PPM).
The file is updated by first writing
the current drift value into a temporary file and then renaming
this file to replace the old version.
this flag is
.Ic enable .
.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency and time is
+Enables the pulse\-per\-second (PPS) signal when frequency and time is
disciplined by the precision time kernel modifications.
See the
.Qq A Kernel Model for Precision Timekeeping
.Ql = ,
.Ql +
and
-.Ql - ,
+.Ql \- ,
where
.Ql =
sets the
priority mask,
.Ql +
adds and
-.Ql -
+.Ql \-
removes
messages.
.Xr syslog 3
be used instead of the default system
.Xr syslog 3
facility.
-This is the same operation as the -l command line option.
+This is the same operation as the \-l command line option.
.It Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
These
normally .000015 s/s.
.It Cm freq Ar freq
The argument becomes the initial value of the frequency offset in
-parts-per-million.
+parts\-per\-million.
This overrides the value in the frequency file, if
present, and avoids the initial training state if it is not.
.It Cm huffpuff Ar huffpuff
The argument becomes the new value for the experimental
-huff-n'-puff filter span, which determines the most recent interval
+huff\-n'\-puff filter span, which determines the most recent interval
the algorithm will search for a minimum delay.
The lower limit is
900 s (15 m), but a more reasonable value is 7200 (2 hours).
This command specifies a list of TTL values in increasing order, up to 8
values can be specified.
In manycast mode these values are used in turn in
-an expanding-ring search.
+an expanding\-ring search.
The default is eight multiples of 32 starting at
31.
.El
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more\-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh FILES
.Bl -tag -width /etc/ntp.drift -compact
.It Pa /etc/ntp.conf
.It Pa ntpkey_ Ns Ar host
RSA public key
.It Pa ntp_dh
-Diffie-Hellman agreement parameters
+Diffie\-Hellman agreement parameters
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Sh SEE ALSO
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The syntax checking is not picky; some combinations of
These should be obtained via secure directory
services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP
option definitions.
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p344 of <code>ntp.conf</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntp.conf</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntp_002econf-Description">ntp.conf Description</a>
directory,
but could be installed elsewhere
(see the daemon's
-<code>-c</code> command line option).
+<code>-c</code>
+command line option).
<p>The file format is similar to other
<span class="sc">UNIX</span>
<p>The rest of this page describes the configuration and control options.
The
-"Notes on Configuring NTP and Setting up a NTP Subnet"
+"Notes on Configuring NTP and Setting up an NTP Subnet"
page
(available as part of the HTML documentation
provided in
<span class="file">/usr/share/doc/ntp</span>)
contains an extended discussion of these options.
In addition to the discussion of general
-<a href="#Configuration">Configuration</a>Configuration
-Options
-,
+<a href="#Configuration-Options">Configuration Options</a>,
there are sections describing the following supported functionality
and the options used to control it:
<ul>
-<li><a href="#Authentication">Authentication</a>Authentication
-Support
-<li><a href="#Monitoring">Monitoring</a>Monitoring
-Support
-<li><a href="#Access">Access</a>Access
-Control
-Support
-<li><a href="#Automatic">Automatic</a>Automatic
-NTP
-Configuration
-Options
-<li><a href="#Reference">Reference</a>Reference
-Clock
-Support
-<li><a href="#Miscellaneous">Miscellaneous</a>Miscellaneous
-Options
+<li><a href="#Authentication-Support">Authentication Support</a>
+<li><a href="#Monitoring-Support">Monitoring Support</a>
+<li><a href="#Access-Control-Support">Access Control Support</a>
+<li><a href="#Automatic-NTP-Configuration-Options">Automatic NTP Configuration Options</a>
+<li><a href="#Reference-Clock-Support">Reference Clock Support</a>
+<li><a href="#Miscellaneous-Options">Miscellaneous Options</a>
</ul>
<p>Following these is a section describing
-<a href="#Miscellaneous">Miscellaneous</a>Miscellaneous
-Options
-.
+<a href="#Miscellaneous-Options">Miscellaneous Options</a>.
While there is a rich set of options available,
the only required option is one or more
-<code>pool</code>, <code>server</code>, <code>peer</code>, <code>broadcast</code> or
-<code>manycastclient</code> commands.
+<code>pool</code>,
+<code>server</code>,
+<code>peer</code>,
+<code>broadcast</code>
+or
+<code>manycastclient</code>
+commands.
<div class="node">
<p><hr>
-<a name="Configuration"></a>
+<a name="Configuration-Support"></a>
<br>
</div>
-<h3 class="section">Configuration</h3>
+<h3 class="section">Configuration Support</h3>
-<p>Configuration
-Support
-Following is a description of the configuration commands in
+<p>Following is a description of the configuration commands in
NTPv4.
These commands have the same basic functions as in NTPv3 and
in some cases new functions and new arguments.
that control various related operations.
<div class="node">
<p><hr>
-<a name="Configuration"></a>
+<a name="Configuration-Commands"></a>
<br>
</div>
-<h3 class="section">Configuration</h3>
+<h3 class="section">Configuration Commands</h3>
-<p>Configuration
-Commands
-The various modes are determined by the command keyword and the
+<p>The various modes are determined by the command keyword and the
type of the required IP address.
Addresses are classed by type as
(s) a remote server or peer (IPv4 class A, B and C), (b) the
In a few cases, including the reslist billboard generated
by ntpdc, IPv6 addresses are automatically generated.
IPv6 addresses can be identified by the presence of colons
-\&:
+:
in the address field.
IPv6 addresses can be used almost everywhere where
IPv4 addresses can be used,
which are always IPv4.
<p>Note that in contexts where a host name is expected, a
-<code>-4</code> qualifier preceding
+<code>-4</code>
+qualifier preceding
the host name forces DNS resolution to the IPv4 namespace,
while a
-<code>-6</code> qualifier forces DNS resolution to the IPv6 namespace.
+<code>-6</code>
+qualifier forces DNS resolution to the IPv6 namespace.
See IPv6 references for the
equivalent classes for that address family.
<dl>
-<dt><span class="samp">Xo</span><dd>[<code>burst</code> ]
-[<code>iburst</code> ]
-[<code>version</code> <code>version</code> ]
-[<code>prefer</code> ]
-[<code>minpoll</code> <code>minpoll</code> ]
-[<code>maxpoll</code> <code>maxpoll</code> ]
-<br><dt><span class="samp">Xo</span><dd>[<code>key</code> <code>key</code> <code>\&|</code> <code>Cm</code> <code>autokey</code> ]
-[<code>burst</code> ]
-[<code>iburst</code> ]
-[<code>version</code> <code>version</code> ]
-[<code>prefer</code> ]
-[<code>minpoll</code> <code>minpoll</code> ]
-[<code>maxpoll</code> <code>maxpoll</code> ]
-<br><dt><span class="samp">Xo</span><dd>[<code>key</code> <code>key</code> <code>\&|</code> <code>Cm</code> <code>autokey</code> ]
-[<code>version</code> <code>version</code> ]
-[<code>prefer</code> ]
-[<code>minpoll</code> <code>minpoll</code> ]
-[<code>maxpoll</code> <code>maxpoll</code> ]
-<br><dt><span class="samp">Xo</span><dd>[<code>key</code> <code>key</code> <code>\&|</code> <code>Cm</code> <code>autokey</code> ]
-[<code>version</code> <code>version</code> ]
-[<code>prefer</code> ]
-[<code>minpoll</code> <code>minpoll</code> ]
-[<code>ttl</code> <code>ttl</code> ]
-<br><dt><span class="samp">Xo</span><dd>[<code>key</code> <code>key</code> <code>\&|</code> <code>Cm</code> <code>autokey</code> ]
-[<code>version</code> <code>version</code> ]
-[<code>prefer</code> ]
-[<code>minpoll</code> <code>minpoll</code> ]
-[<code>maxpoll</code> <code>maxpoll</code> ]
-[<code>ttl</code> <code>ttl</code> ]
-</dl>
+<dt><code>pool</code> <kbd>address</kbd>[<code>burst</code>][<code>iburst</code>][<code>version</code> <kbd>version</kbd>][<code>prefer</code>][<code>minpoll</code> <kbd>minpoll</kbd>][<code>maxpoll</code> <kbd>maxpoll</kbd>]<br><dt><code>server</code> <kbd>address</kbd>[<code>key</code> <kbd>key</kbd> <kbd>|</kbd> <kbd>Cm</kbd> <kbd>autokey</kbd>][<code>burst</code>][<code>iburst</code>][<code>version</code> <kbd>version</kbd>][<code>prefer</code>][<code>minpoll</code> <kbd>minpoll</kbd>][<code>maxpoll</code> <kbd>maxpoll</kbd>]<br><dt><code>peer</code> <kbd>address</kbd>[<code>key</code> <kbd>key</kbd> <kbd>|</kbd> <kbd>Cm</kbd> <kbd>autokey</kbd>][<code>version</code> <kbd>version</kbd>][<code>prefer</code>][<code>minpoll</code> <kbd>minpoll</kbd>][<code>maxpoll</code> <kbd>maxpoll</kbd>]<br><dt><code>broadcast</code> <kbd>address</kbd>[<code>key</code> <kbd>key</kbd> <kbd>|</kbd> <kbd>Cm</kbd> <kbd>autokey</kbd>][<code>version</code> <kbd>version</kbd>][<code>prefer</code>][<code>minpoll</code> <kbd>minpoll</kbd>][<code>ttl</code> <kbd>ttl</kbd>]<br><dt><code>manycastclient</code> <kbd>address</kbd>[<code>key</code> <kbd>key</kbd> <kbd>|</kbd> <kbd>Cm</kbd> <kbd>autokey</kbd>][<code>version</code> <kbd>version</kbd>][<code>prefer</code>][<code>minpoll</code> <kbd>minpoll</kbd>][<code>maxpoll</code> <kbd>maxpoll</kbd>][<code>ttl</code> <kbd>ttl</kbd>]<dd></dl>
<p>These five commands specify the time server name or address to
be used and the mode in which to operate.
The
-<code>address</code> can be
+<kbd>address</kbd>
+can be
either a DNS name or an IP address in dotted-quad notation.
Additional information on association behavior can be found in the
"Association Management"
provided in
<span class="file">/usr/share/doc/ntp</span>).
<dl>
-<dt><span class="samp">Ic</span><dd>For type s addresses, this command mobilizes a persistent
+<dt><code>pool</code><dd>For type s addresses, this command mobilizes a persistent
client mode association with a number of remote servers.
In this mode the local clock can synchronized to the
remote server, but the remote server can never be synchronized to
the local clock.
-<br><dt><span class="samp">Ic</span><dd>For type s and r addresses, this command mobilizes a persistent
+<br><dt><code>server</code><dd>For type s and r addresses, this command mobilizes a persistent
client mode association with the specified remote server or local
radio clock.
In this mode the local clock can synchronized to the
remote server, but the remote server can never be synchronized to
the local clock.
This command should
-<em>not</em>
+<em> not</em>
be used for type
b or m addresses.
-<br><dt><span class="samp">Ic</span><dd>For type s addresses (only), this command mobilizes a
+<br><dt><code>peer</code><dd>For type s addresses (only), this command mobilizes a
persistent symmetric-active mode association with the specified
remote peer.
In this mode the local clock can be synchronized to
the better source of time.
This command should NOT be used for type
b, m or r addresses.
-<br><dt><span class="samp">Ic</span><dd>For type b and m addresses (only), this
+<br><dt><code>broadcast</code><dd>For type b and m addresses (only), this
command mobilizes a persistent broadcast mode association.
Multiple
commands can be used to specify multiple local broadcast interfaces
subnet specified, but multicast messages go to all interfaces.
In broadcast mode the local server sends periodic broadcast
messages to a client population at the
-<code>address</code> specified, which is usually the broadcast address on (one of) the
+<kbd>address</kbd>
+specified, which is usually the broadcast address on (one of) the
local network(s) or a multicast address assigned to NTP.
The IANA
has assigned the multicast group address IPv4 224.0.1.1 and
Ordinarily, this
specification applies only to the local server operating as a
sender; for operation as a broadcast client, see the
-<code>broadcastclient</code> or
-<code>multicastclient</code> commands
+<code>broadcastclient</code>
+or
+<code>multicastclient</code>
+commands
below.
-<br><dt><span class="samp">Ic</span><dd>For type m addresses (only), this command mobilizes a
+<br><dt><code>manycastclient</code><dd>For type m addresses (only), this command mobilizes a
manycast client mode association for the multicast address
specified.
In this case a specific address must be supplied which
matches the address used on the
-<code>manycastserver</code> command for
+<code>manycastserver</code>
+command for
the designated manycast servers.
The NTP multicast address
224.0.1.1 assigned by the IANA should NOT be used, unless specific
these messages and causing a possibly massive implosion of replies
at the sender.
The
-<code>manycastserver</code> command specifies that the local server
+<code>manycastserver</code>
+command specifies that the local server
is to operate in client mode with the remote servers that are
discovered as the result of broadcast/multicast messages.
The
client broadcasts a request message to the group address associated
with the specified
-<code>address</code> and specifically enabled
+<kbd>address</kbd>
+and specifically enabled
servers respond to these messages.
The client selects the servers
providing the best time and continues as with the
-<code>server</code> command.
+<code>server</code>
+command.
The remaining servers are discarded as if never
heard.
</dl>
<p>Options:
<dl>
-<dt><span class="samp">Cm</span><dd>All packets sent to and received from the server or peer are to
+<dt><code>autokey</code><dd>All packets sent to and received from the server or peer are to
include authentication fields encrypted using the autokey scheme
described in
-<a href="#Authentication">Authentication</a>Authentication
-Options
-.
-<br><dt><span class="samp">Cm</span><dd>when the server is reachable, send a burst of eight packets
+<a href="#Authentication-Options">Authentication Options</a>.
+<br><dt><code>burst</code><dd>when the server is reachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
however, the spacing between the first and second packets
additional time for a modem or ISDN call to complete.
This is designed to improve timekeeping quality
with the
-<code>server</code> command and s addresses.
-<br><dt><span class="samp">Cm</span><dd>When the server is unreachable, send a burst of eight packets
+<code>server</code>
+command and s addresses.
+<br><dt><code>iburst</code><dd>When the server is unreachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s;
however, the spacing between the first two packets can be
additional time for a modem or ISDN call to complete.
This is designed to speed the initial synchronization
acquisition with the
-<code>server</code> command and s addresses and when
+<code>server</code>
+command and s addresses and when
<code>ntpd(1ntpdmdoc)</code>
is started with the
-<code>-q</code> option.
-<br><dt><span class="samp">Cm</span><dd>All packets sent to and received from the server or peer are to
+<code>-q</code>
+option.
+<br><dt><code>key</code> <kbd>key</kbd><dd>All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
-<code>key</code> identifier with values from 1 to 65534, inclusive.
+<kbd>key</kbd>
+identifier with values from 1 to 65534, inclusive.
The
default is to include no encryption field.
-<br><dt><span class="samp">Cm</span><br><dt><span class="samp">Cm</span><dd>These options specify the minimum and maximum poll intervals
+<br><dt><code>minpoll</code> <kbd>minpoll</kbd><br><dt><code>maxpoll</code> <kbd>maxpoll</kbd><dd>These options specify the minimum and maximum poll intervals
for NTP messages, as a power of 2 in seconds
The maximum poll
interval defaults to 10 (1,024 s), but can be increased by the
-<code>maxpoll</code> option to an upper limit of 17 (36.4 h).
+<code>maxpoll</code>
+option to an upper limit of 17 (36.4 h).
The
minimum poll interval defaults to 6 (64 s), but can be decreased by
the
-<code>minpoll</code> option to a lower limit of 4 (16 s).
-<br><dt><span class="samp">Cm</span><dd>Marks the server as unused, except for display purposes.
+<code>minpoll</code>
+option to a lower limit of 4 (16 s).
+<br><dt><code>noselect</code><dd>Marks the server as unused, except for display purposes.
The server is discarded by the selection algroithm.
-<br><dt><span class="samp">Cm</span><dd>Marks the server as preferred.
+<br><dt><code>prefer</code><dd>Marks the server as preferred.
All other things being equal,
this host will be chosen for synchronization among a set of
correctly operating hosts.
provided in
<span class="file">/usr/share/doc/ntp</span>)
for further information.
-<br><dt><span class="samp">Cm</span><dd>This option is used only with broadcast server and manycast
+<br><dt><code>ttl</code> <kbd>ttl</kbd><dd>This option is used only with broadcast server and manycast
client modes.
It specifies the time-to-live
-<code>ttl</code> to
+<kbd>ttl</kbd>
+to
use on broadcast server and multicast server and the maximum
-<code>ttl</code> for the expanding ring search with manycast
+<kbd>ttl</kbd>
+for the expanding ring search with manycast
client packets.
Selection of the proper value, which defaults to
127, is something of a black art and should be coordinated with the
network administrator.
-<br><dt><span class="samp">Cm</span><dd>Specifies the version number to be used for outgoing NTP
+<br><dt><code>version</code> <kbd>version</kbd><dd>Specifies the version number to be used for outgoing NTP
packets.
Versions 1-4 are the choices, with version 4 the
default.
</dl>
<div class="node">
<p><hr>
-<a name="Auxiliary"></a>
+<a name="Auxiliary-Commands"></a>
<br>
</div>
-<h3 class="section">Auxiliary</h3>
+<h3 class="section">Auxiliary Commands</h3>
-<p>Auxiliary
-Commands
<dl>
-<dt><span class="samp">Ic</span><dd>This command enables reception of broadcast server messages to
+<dt><code>broadcastclient</code><dd>This command enables reception of broadcast server messages to
any local interface (type b) address.
Upon receiving a message for
the first time, the broadcast client measures the nominal server
to avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric-key or public-key
authentication as described in
-<a href="#Authentication">Authentication</a>Authentication
-Options
-.
-<br><dt><span class="samp">Ic</span><dd>This command enables reception of manycast client messages to
+<a href="#Authentication-Options">Authentication Options</a>.
+<br><dt><code>manycastserver</code> <kbd>address</kbd> <kbd>...</kbd><dd>This command enables reception of manycast client messages to
the multicast group address(es) (type m) specified.
At least one
address is required, but the NTP multicast address 224.0.1.1
accidental or malicious disruption in this mode, both the server
and client should operate using symmetric-key or public-key
authentication as described in
-<a href="#Authentication">Authentication</a>Authentication
-Options
-.
-<br><dt><span class="samp">Ic</span><dd>This command enables reception of multicast server messages to
+<a href="#Authentication-Options">Authentication Options</a>.
+<br><dt><code>multicastclient</code> <kbd>address</kbd> <kbd>...</kbd><dd>This command enables reception of multicast server messages to
the multicast group address(es) (type m) specified.
Upon receiving
a message for the first time, the multicast client measures the
in order to avoid accidental or malicious disruption in this mode,
both the server and client should operate using symmetric-key or
public-key authentication as described in
-<a href="#Authentication">Authentication</a>Authentication
-Options
-.
+<a href="#Authentication-Options">Authentication Options</a>.
</dl>
+<div class="node">
<p><hr>
-<a name="Authentication"></a>
+<a name="Authentication-Support"></a>
<br>
</div>
-<h3 class="section">Authentication</h3>
+<h3 class="section">Authentication Support</h3>
-<p>Authentication
-Support
-Authentication support allows the NTP client to verify that the
+<p>Authentication support allows the NTP client to verify that the
server is in fact known and trusted and not an intruder intending
accidentally or on purpose to masquerade as that server.
The NTPv3
<p>Authentication is configured separately for each association
using the
-<code>key</code> or
-<code>autokey</code> subcommand on the
-<code>peer</code>, <code>server</code>, <code>broadcast</code> and
-<code>manycastclient</code> configuration commands as described in
-<a href="#Configuration">Configuration</a>Configuration
-Options
+<code>key</code>
+or
+<code>autokey</code>
+subcommand on the
+<code>peer</code>,
+<code>server</code>,
+<code>broadcast</code>
+and
+<code>manycastclient</code>
+configuration commands as described in
+<a href="#Configuration-Options">Configuration Options</a>
page.
The authentication
options described below specify the locations of the key files,
credentials and initialize the protocol
<p>The
-<code>auth</code> flag controls whether new associations or
+<code>auth</code>
+flag controls whether new associations or
remote configuration commands require cryptographic authentication.
This flag can be set or reset by the
-<code>enable</code> and
-<code>disable</code> commands and also by remote
+<code>enable</code>
+and
+<code>disable</code>
+commands and also by remote
configuration commands sent by a
<code>ntpdc(1ntpdcmdoc)</code>
program running in
authenticated.
It should be understood
that operating with the
-<code>auth</code> flag disabled invites a significant vulnerability
+<code>auth</code>
+flag disabled invites a significant vulnerability
where a rogue hacker can
masquerade as a falseticker and seriously
disrupt system timekeeping.
<p>An attractive alternative where multicast support is available
is manycast mode, in which clients periodically troll
for servers as described in the
-<a href="#Automatic">Automatic</a>Automatic
-NTP
-Configuration
-Options
+<a href="#Automatic-NTP-Configuration-Options">Automatic NTP Configuration Options</a>
page.
Either symmetric key or public key
cryptographic authentication can be used in this mode.
cryptography are summarized below;
further details are in the briefings, papers
and reports at the NTP project page linked from
-.Li
-http://www.ntp.org/
-.
+<code>http://www.ntp.org/</code>.
<div class="node">
<p><hr>
-<a name="Symmetric_002dKey"></a>
+<a name="Symmetric_002dKey-Cryptography"></a>
<br>
</div>
-<h3 class="section">Symmetric-Key</h3>
+<h3 class="section">Symmetric-Key Cryptography</h3>
-<p>Symmetric-Key
-Cryptography
-The original RFC-1305 specification allows any one of possibly
+<p>The original RFC-1305 specification allows any one of possibly
65,534 keys, each distinguished by a 32-bit key identifier, to
authenticate an association.
The servers and clients involved must
<p>When
<code>ntpd(1ntpdmdoc)</code>
is first started, it reads the key file specified in the
-<code>keys</code> configuration command and installs the keys
+<code>keys</code>
+configuration command and installs the keys
in the key cache.
However,
individual keys must be activated with the
-<code>trusted</code> command before use.
+<code>trusted</code>
+command before use.
This
allows, for instance, the installation of possibly
several batches of keys and
This also provides a revocation capability that can be used
if a key becomes compromised.
The
-<code>requestkey</code> command selects the key used as the password for the
+<code>requestkey</code>
+command selects the key used as the password for the
<code>ntpdc(1ntpdcmdoc)</code>
utility, while the
-<code>controlkey</code> command selects the key used as the password for the
+<code>controlkey</code>
+command selects the key used as the password for the
<code>ntpq(1ntpqmdoc)</code>
utility.
<div class="node">
<p><hr>
-<a name="Public"></a>
+<a name="Public-Key-Cryptography"></a>
<br>
</div>
-<h3 class="section">Public</h3>
+<h3 class="section">Public Key Cryptography</h3>
-<p>Public
-Key
-Cryptography
-NTPv4 supports the original NTPv3 symmetric key scheme
+<p>NTPv4 supports the original NTPv3 symmetric key scheme
described in RFC-1305 and in addition the Autokey protocol,
which is based on public key cryptography.
The Autokey Version 2 protocol described on the Autokey Protocol
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
-<a href="#Autonomous">Autonomous</a>Autonomous
-Authentication
+<a href="#Autonomous-Authentication">Autonomous Authentication</a>
page.
<p>The specific cryptographic environment used by Autokey servers
There are several schemes
available in the OpenSSL software library, each identified
by a specific string such as
-<code>md5WithRSAEncryption</code>, which stands for the MD5 message digest with RSA
+<code>md5WithRSAEncryption</code>,
+which stands for the MD5 message digest with RSA
encryption scheme.
The current NTP distribution supports
all the schemes in the OpenSSL library, including
a trail to at least one trusted host.
<div class="node">
<p><hr>
-<a name="Naming"></a>
+<a name="Naming-and-Addressing"></a>
<br>
</div>
-<h3 class="section">Naming</h3>
+<h3 class="section">Naming and Addressing</h3>
-<p>Naming
-and
-Addressing
-It is important to note that Autokey does not use DNS to
+<p>It is important to note that Autokey does not use DNS to
resolve addresses, since DNS can't be completely trusted
until the name servers have synchronized clocks.
The cryptographic name used by Autokey to bind the host identity
<h3 class="section">Operation</h3>
-<p>Operation
-A specific combination of authentication scheme (none,
+<p>A specific combination of authentication scheme (none,
symmetric key, public key) and identity scheme is called
a cryptotype, although not all combinations are compatible.
There may be management configurations where the clients,
of mobilization, either at configuration time or some time
later when a message of appropriate cryptotype arrives.
When mobilized by a
-<code>server</code> or
-<code>peer</code> configuration command and no
-<code>key</code> or
-<code>autokey</code> subcommands are present, the association is not
+<code>server</code>
+or
+<code>peer</code>
+configuration command and no
+<code>key</code>
+or
+<code>autokey</code>
+subcommands are present, the association is not
authenticated; if the
-<code>key</code> subcommand is present, the association is authenticated
+<code>key</code>
+subcommand is present, the association is authenticated
using the symmetric key ID specified; if the
-<code>autokey</code> subcommand is present, the association is authenticated
+<code>autokey</code>
+subcommand is present, the association is authenticated
using Autokey.
<p>When multiple identity schemes are supported in the Autokey
If verification fails,
Bob sends Cathy a thing called a crypto-NAK, which tells her
something broke.
-She can see the evidence using the ntpq program.
+She can see the evidence using the
+<code>ntpq(1ntpqmdoc)</code>
+program.
<p>Denise has rolled her own host key and certificate.
She also uses one of the identity schemes as Bob.
with one server and no authentication with another might not be wise.
<div class="node">
<p><hr>
-<a name="Key"></a>
+<a name="Key-Management"></a>
<br>
</div>
-<h3 class="section">Key</h3>
+<h3 class="section">Key Management</h3>
-<p>Key
-Management
-The cryptographic values used by the Autokey protocol are
+<p>The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
<code>ntp-keygen(1ntpkeygenmdoc)</code>
utility program, including symmetric key, host key and
a subject key identifier or a issuer key identifier field;
however, an extended key usage field for a trusted host must
contain the value
-<code>trustRoot</code>;. Other extension fields are ignored.
+<code>trustRoot</code>;.
+Other extension fields are ignored.
<div class="node">
<p><hr>
-<a name="Authentication"></a>
+<a name="Authentication-Commands"></a>
<br>
</div>
-<h3 class="section">Authentication</h3>
+<h3 class="section">Authentication Commands</h3>
-<p>Authentication
-Commands
<dl>
-<dt><span class="samp">Ic</span><dd>Specifies the interval between regenerations of the session key
+<dt><code>autokey</code> [<kbd>logsec</kbd>]<dd>Specifies the interval between regenerations of the session key
list used with the Autokey protocol.
Note that the size of the key
list for each association depends on this interval and the current
For poll intervals above the specified interval, a session key list
with a single entry will be regenerated for every message
sent.
-<br><dt><span class="samp">Ic</span><dd>Specifies the key identifier to use with the
+<br><dt><code>controlkey</code> <kbd>key</kbd><dd>Specifies the key identifier to use with the
<code>ntpq(1ntpqmdoc)</code>
utility, which uses the standard
protocol defined in RFC-1305.
The
-<code>key</code> argument is
+<kbd>key</kbd>
+argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
-<br><dt><span class="samp">Xo</span><dd>[<code>cert</code> <code>file</code> ]
-[<code>leap</code> <code>file</code> ]
-[<code>randfile</code> <code>file</code> ]
-[<code>host</code> <code>file</code> ]
-[<code>sign</code> <code>file</code> ]
-[<code>gq</code> <code>file</code> ]
-[<code>gqpar</code> <code>file</code> ]
-[<code>iffpar</code> <code>file</code> ]
-[<code>mvpar</code> <code>file</code> ]
-[<code>pw</code> <code>password</code> ]
-This command requires the OpenSSL library.
+<br><dt><code>crypto</code>[<code>cert</code> <kbd>file</kbd>][<code>leap</code> <kbd>file</kbd>][<code>randfile</code> <kbd>file</kbd>][<code>host</code> <kbd>file</kbd>][<code>sign</code> <kbd>file</kbd>][<code>gq</code> <kbd>file</kbd>][<code>gqpar</code> <kbd>file</kbd>][<code>iffpar</code> <kbd>file</kbd>][<code>mvpar</code> <kbd>file</kbd>][<code>pw</code> <kbd>password</kbd>]<dd>This command requires the OpenSSL library.
It activates public key
cryptography, selects the message digest and signature
encryption scheme and loads the required private and public
Unless the complete path and name of the file are specified, the
location of a file is relative to the keys directory specified
in the
-<code>keysdir</code> command or default
+<code>keysdir</code>
+command or default
<span class="file">/usr/local/etc</span>.
Following are the subcommands:
<dl>
-<dt><span class="samp">Cm</span><dd>Specifies the location of the required host public certificate file.
+<dt><code>cert</code> <kbd>file</kbd><dd>Specifies the location of the required host public certificate file.
This overrides the link
-<span class="file">ntpkey_cert_</span>NsArhostname
+<span class="file">ntpkey_cert_</span><kbd>hostname</kbd>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the optional GQ parameters file.
+<br><dt><code>gqpar</code> <kbd>file</kbd><dd>Specifies the location of the optional GQ parameters file.
This
overrides the link
-<span class="file">ntpkey_gq_</span>NsArhostname
+<span class="file">ntpkey_gq_</span><kbd>hostname</kbd>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the required host key file.
+<br><dt><code>host</code> <kbd>file</kbd><dd>Specifies the location of the required host key file.
This overrides
the link
-<span class="file">ntpkey_key_</span>NsArhostname
+<span class="file">ntpkey_key_</span><kbd>hostname</kbd>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the optional IFF parameters file.This
+<br><dt><code>iffpar</code> <kbd>file</kbd><dd>Specifies the location of the optional IFF parameters file.This
overrides the link
-<span class="file">ntpkey_iff_</span>NsArhostname
+<span class="file">ntpkey_iff_</span><kbd>hostname</kbd>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the optional leapsecond file.
+<br><dt><code>leap</code> <kbd>file</kbd><dd>Specifies the location of the optional leapsecond file.
This overrides the link
<span class="file">ntpkey_leap</span>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the optional MV parameters file.
+<br><dt><code>mvpar</code> <kbd>file</kbd><dd>Specifies the location of the optional MV parameters file.
This
overrides the link
-<span class="file">ntpkey_mv_</span>NsArhostname
+<span class="file">ntpkey_mv_</span><kbd>hostname</kbd>
in the keys directory.
-<br><dt><span class="samp">Cm</span><dd>Specifies the password to decrypt files containing private keys and
+<br><dt><code>pw</code> <kbd>password</kbd><dd>Specifies the password to decrypt files containing private keys and
identity parameters.
This is required only if these files have been
encrypted.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the random seed file used by the OpenSSL
+<br><dt><code>randfile</code> <kbd>file</kbd><dd>Specifies the location of the random seed file used by the OpenSSL
library.
The defaults are described in the main text above.
-<br><dt><span class="samp">Cm</span><dd>Specifies the location of the optional sign key file.
+<br><dt><code>sign</code> <kbd>file</kbd><dd>Specifies the location of the optional sign key file.
This overrides
the link
-<span class="file">ntpkey_sign_</span>NsArhostname
+<span class="file">ntpkey_sign_</span><kbd>hostname</kbd>
in the keys directory.
If this file is
not found, the host key is also the sign key.
</dl>
- .It
-Ic
-keys
-Ar
-keyfile
-Specifies the complete path and location of the MD5 key file
+ <br><dt><code>keys</code> <kbd>keyfile</kbd><dd>Specifies the complete path and location of the MD5 key file
containing the keys and key identifiers used by
<code>ntpd(1ntpdmdoc)</code>,
<code>ntpq(1ntpqmdoc)</code>
<code>ntpdc(1ntpdcmdoc)</code>
when operating with symmetric key cryptography.
This is the same operation as the
-<code>-k</code> command line option.
-.It
-Ic
-keysdir
-Ar
-path
-This command specifies the default directory path for
+<code>-k</code>
+command line option.
+<br><dt><code>keysdir</code> <kbd>path</kbd><dd>This command specifies the default directory path for
cryptographic keys, parameters and certificates.
The default is
<span class="file">/usr/local/etc/</span>.
-.It
-Ic
-requestkey
-Ar
-key
-Specifies the key identifier to use with the
+<br><dt><code>requestkey</code> <kbd>key</kbd><dd>Specifies the key identifier to use with the
<code>ntpdc(1ntpdcmdoc)</code>
utility program, which uses a
proprietary protocol specific to this implementation of
<code>ntpd(1ntpdmdoc)</code>.
The
-<code>key</code> argument is a key identifier
+<kbd>key</kbd>
+argument is a key identifier
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
-.It
-Ic
-revoke
-Ar
-logsec
-Specifies the interval between re-randomization of certain
+<br><dt><code>revoke</code> <kbd>logsec</kbd><dd>Specifies the interval between re-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
seconds.
These values need to be updated frequently in order to
For poll
intervals above the specified interval, the values will be updated
for every message sent.
-.It
-Ic
-trustedkey
-Ar
-key
-...
-Specifies the key identifiers which are trusted for the
+<br><dt><code>trustedkey</code> <kbd>key</kbd> <kbd>...</kbd><dd>Specifies the key identifiers which are trusted for the
purposes of authenticating peers with symmetric key cryptography,
as well as keys used by the
<code>ntpq(1ntpqmdoc)</code>
purpose, although different keys can be used with different
servers.
The
-<code>key</code> arguments are 32-bit unsigned
-integers with values from 1 to 65,534.
-
+<kbd>key</kbd>
+arguments are 32-bit unsigned
+integers with values from 1 to 65,534.
+</dl>
<div class="node">
<p><hr>
-<a name="Error"></a>
+<a name="Error-Codes"></a>
<br>
</div>
-<h3 class="section">Error</h3>
+<h3 class="section">Error Codes</h3>
- <p>Error
-Codes
-The following error codes are reported via the NTP control
+<p>The following error codes are reported via the NTP control
and monitoring protocol trap mechanism.
-<dt><span class="samp">101</span><dd>(bad field format or length)
+ <dl>
+<dt>101<dd>(bad field format or length)
The packet has invalid version, length or format.
-<br><dt><span class="samp">102</span><dd>(bad timestamp)
+<br><dt>102<dd>(bad timestamp)
The packet timestamp is the same or older than the most recent received.
This could be due to a replay or a server clock time step.
-<br><dt><span class="samp">103</span><dd>(bad filestamp)
+<br><dt>103<dd>(bad filestamp)
The packet filestamp is the same or older than the most recent received.
This could be due to a replay or a key file generation error.
-<br><dt><span class="samp">104</span><dd>(bad or missing public key)
+<br><dt>104<dd>(bad or missing public key)
The public key is missing, has incorrect format or is an unsupported type.
-<br><dt><span class="samp">105</span><dd>(unsupported digest type)
+<br><dt>105<dd>(unsupported digest type)
The server requires an unsupported digest/signature scheme.
-<br><dt><span class="samp">106</span><dd>(mismatched digest types)
+<br><dt>106<dd>(mismatched digest types)
Not used.
-<br><dt><span class="samp">107</span><dd>(bad signature length)
+<br><dt>107<dd>(bad signature length)
The signature length does not match the current public key.
-<br><dt><span class="samp">108</span><dd>(signature not verified)
+<br><dt>108<dd>(signature not verified)
The message fails the signature check.
It could be bogus or signed by a
different private key.
-<br><dt><span class="samp">109</span><dd>(certificate not verified)
+<br><dt>109<dd>(certificate not verified)
The certificate is invalid or signed with the wrong key.
-<br><dt><span class="samp">110</span><dd>(certificate not verified)
+<br><dt>110<dd>(certificate not verified)
The certificate is not yet valid or has expired or the signature could not
be verified.
-<br><dt><span class="samp">111</span><dd>(bad or missing cookie)
+<br><dt>111<dd>(bad or missing cookie)
The cookie is missing, corrupted or bogus.
-<br><dt><span class="samp">112</span><dd>(bad or missing leapseconds table)
+<br><dt>112<dd>(bad or missing leapseconds table)
The leapseconds table is missing, corrupted or bogus.
-<br><dt><span class="samp">113</span><dd>(bad or missing certificate)
+<br><dt>113<dd>(bad or missing certificate)
The certificate is missing, corrupted or bogus.
-<br><dt><span class="samp">114</span><dd>(bad or missing identity)
+<br><dt>114<dd>(bad or missing identity)
The identity key is missing, corrupt or bogus.
</dl>
+ <div class="node">
<p><hr>
-<a name="Monitoring"></a>
+<a name="Monitoring-Support"></a>
<br>
</div>
-<h3 class="section">Monitoring</h3>
+<h3 class="section">Monitoring Support</h3>
- <p>Monitoring
-Support
-<code>ntpd(1ntpdmdoc)</code>
+<p><code>ntpd(1ntpdmdoc)</code>
includes a comprehensive monitoring facility suitable
for continuous, long term recording of server and client
timekeeping performance.
See the
-<code>statistics</code> command below
+<code>statistics</code>
+command below
for a listing and example of each type of statistics currently
supported.
Statistic files are managed using file generation sets
automatically summarized and archived for retrospective analysis.
<div class="node">
<p><hr>
-<a name="Monitoring"></a>
+<a name="Monitoring-Commands"></a>
<br>
</div>
-<h3 class="section">Monitoring</h3>
+<h3 class="section">Monitoring Commands</h3>
- <p>Monitoring
-Commands
- <dl>
-<dt><span class="samp">Ic</span><dd>Enables writing of statistics records.
+ <dl>
+<dt><code>statistics</code> <kbd>name</kbd> <kbd>...</kbd><dd>Enables writing of statistics records.
Currently, four kinds of
-<code>name</code> statistics are supported.
- <dl>
-<dt><span class="samp">Cm</span><dd>Enables recording of clock driver statistics information.
+<kbd>name</kbd>
+statistics are supported.
+ <dl>
+<dt><code>clockstats</code><dd>Enables recording of clock driver statistics information.
Each update
received from a clock driver appends a line of the following form to
the file generation set named
-<code>clockstats</code>: .Bd
--literal
-49213 525.624 127.127.4.1 93 226 00:08:29.606 D
-.Ed
+<code>clockstats</code>:
+<pre class="verbatim">
+ 49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and time
+ <p>The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the
clock address in dotted-quad notation.
can be gathered and displayed as well.
See information specific to each
clock for further details.
-<br><dt><span class="samp">Cm</span><dd>This option requires the OpenSSL cryptographic software library.
+<br><dt><code>cryptostats</code><dd>This option requires the OpenSSL cryptographic software library.
It
enables recording of cryptographic public key protocol information.
Each message received by the protocol module appends a line of the
following form to the file generation set named
-<code>cryptostats</code>: .Bd
--literal
-49213 525.624 127.127.4.1 message
-.Ed
+<code>cryptostats</code>:
+<pre class="verbatim">
+ 49213 525.624 127.127.4.1 message
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and time
+ <p>The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the peer
address in dotted-quad notation, The final message field includes the
message type and certain ancillary information.
See the
-<a href="#Authentication">Authentication</a>Authentication
-Options
+<a href="#Authentication-Options">Authentication Options</a>
section for further information.
-<br><dt><span class="samp">Cm</span><dd>Enables recording of loop filter statistics information.
+<br><dt><code>loopstats</code><dd>Enables recording of loop filter statistics information.
Each
update of the local clock outputs a line of the following form to
the file generation set named
-<code>loopstats</code>: .Bd
--literal
-50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
-.Ed
+<code>loopstats</code>:
+<pre class="verbatim">
+ 50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and
+ <p>The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
show time offset (seconds), frequency offset (parts per million -
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
-<br><dt><span class="samp">Cm</span><dd>Enables recording of peer statistics information.
+<br><dt><code>peerstats</code><dd>Enables recording of peer statistics information.
This includes
statistics records of all peers of a NTP server and of special
signals, where present and configured.
Each valid update appends a
line of the following form to the current element of a file
generation set named
-<code>peerstats</code>: .Bd
--literal
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
-.Ed
+<code>peerstats</code>:
+<pre class="verbatim">
+ 48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and
+ <p>The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
show the peer address in dotted-quad notation and status,
described in Appendix A of the NTP specification RFC 1305.
The final four fields show the offset,
delay, dispersion and RMS jitter, all in seconds.
-<br><dt><span class="samp">Cm</span><dd>Enables recording of raw-timestamp statistics information.
+<br><dt><code>rawstats</code><dd>Enables recording of raw-timestamp statistics information.
This
includes statistics records of all peers of a NTP server and of
special signals, where present and configured.
Each NTP message
received from a peer or clock driver appends a line of the
following form to the file generation set named
-<code>rawstats</code>: .Bd
--literal
-50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
-.Ed
+<code>rawstats</code>:
+<pre class="verbatim">
+ 50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and
+ <p>The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
show the remote peer or clock address followed by the local address
The timestamp
values are as received and before processing by the various data
smoothing and mitigation algorithms.
-<br><dt><span class="samp">Cm</span><dd>Enables recording of ntpd statistics counters on a periodic basis.
+<br><dt><code>sysstats</code><dd>Enables recording of ntpd statistics counters on a periodic basis.
Each
hour a line of the following form is appended to the file generation
set named
-<code>sysstats</code>: .Bd
--literal
-50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
-.Ed
+<code>sysstats</code>:
+<pre class="verbatim">
+ 50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
+ </pre>
-
<p>The first two fields show the date (Modified Julian Day) and time
+ <p>The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The remaining ten fields show
the statistics counter values accumulated since the last generated
line.
-<dt><span class="samp">Time</span><dd>Time in hours since the system was last rebooted.
-<br><dt><span class="samp">Packets</span><dd>Total number of packets received.
-<br><dt><span class="samp">Packets</span><dd>Number of packets received in response to previous packets sent
-<br><dt><span class="samp">Current</span><dd>Number of packets matching the current NTP version.
-<br><dt><span class="samp">Previous</span><dd>Number of packets matching the previous NTP version.
-<br><dt><span class="samp">Bad</span><dd>Number of packets matching neither NTP version.
-<br><dt><span class="samp">Access</span><dd>Number of packets denied access for any reason.
-<br><dt><span class="samp">Bad</span><dd>Number of packets with invalid length, format or port number.
-<br><dt><span class="samp">Bad</span><dd>Number of packets not verified as authentic.
-<br><dt><span class="samp">Rate</span><dd>Number of packets discarded due to rate limitation.
+ <dl>
+<dt>Time since restart <code>36000</code><dd>Time in hours since the system was last rebooted.
+<br><dt>Packets received <code>81965</code><dd>Total number of packets received.
+<br><dt>Packets processed <code>0</code><dd>Number of packets received in response to previous packets sent
+<br><dt>Current version <code>9546</code><dd>Number of packets matching the current NTP version.
+<br><dt>Previous version <code>56</code><dd>Number of packets matching the previous NTP version.
+<br><dt>Bad version <code>71793</code><dd>Number of packets matching neither NTP version.
+<br><dt>Access denied <code>512</code><dd>Number of packets denied access for any reason.
+<br><dt>Bad length or format <code>540</code><dd>Number of packets with invalid length, format or port number.
+<br><dt>Bad authentication <code>10</code><dd>Number of packets not verified as authentic.
+<br><dt>Rate exceeded <code>147</code><dd>Number of packets discarded due to rate limitation.
</dl>
- .It
-Cm
-statsdir
-Ar
-directory_path
-Indicates the full path of a directory where statistics files
+ <br><dt><code>statsdir</code> <kbd>directory_path</kbd><dd>Indicates the full path of a directory where statistics files
should be created (see below).
This keyword allows
the (otherwise constant)
-<code>filegen</code> filename prefix to be modified for file generation sets, which
+<code>filegen</code>
+filename prefix to be modified for file generation sets, which
is useful for handling statistics logs.
-.It
-Cm
-filegen
-Ar
-name
-Xo
-[<code>file</code> <code>filename</code> ]
-[<code>type</code> <code>typename</code> ]
-[<code>link</code> | <code>nolink</code> ]
-[<code>enable</code> | <code>disable</code> ]
-Configures setting of generation file set name.
+<br><dt><code>filegen</code> <kbd>name</kbd><dd>[<code>file</code><kbd>filename</kbd>]
+[<code>type</code><kbd>typename</kbd>]
+[<code>link</code>|<code>nolink</code>]
+[<code>enable</code>|<code>disable</code>]
+
+ <p>Configures setting of generation file set name.
Generation
file sets provide a means for handling files that are
continuously growing during the lifetime of a server.
(Most important: they can be removed to free space for new data
produced.)
-
<p>Note that this command can be sent from the
+ <p>Note that this command can be sent from the
<code>ntpdc(1ntpdcmdoc)</code>
program running at a remote location.
- <dl>
-<dt><span class="samp">Cm</span><dd>This is the type of the statistics records, as shown in the
-<code>statistics</code> command.
-<br><dt><span class="samp">Cm</span><dd>This is the file name for the statistics records.
+ <dl>
+name
+This is the type of the statistics records, as shown in the
+<code>statistics</code>
+command.
+file<kbd>filename</kbd>
+This is the file name for the statistics records.
Filenames of set
members are built from three concatenated elements
-<code>Cm</code> <code>prefix</code>, <code>Cm</code> <code>filename</code> and
-<code>Cm</code> <code>suffix</code>:
- <dl>
-<dt><span class="samp">Cm</span><dd>This is a constant filename path.
+<kbd>Cm</kbd><kbd>prefix</kbd>,
+<kbd>Cm</kbd><kbd>filename</kbd>
+and
+<kbd>Cm</kbd><kbd>suffix</kbd>:
+ <dl>
+prefix
+This is a constant filename path.
It is not subject to
modifications via the
-<code>filegen</code> option.
+<kbd>filegen</kbd>
+option.
It is defined by the
server, usually specified as a compile-time constant.
It may,
however, be configurable for individual file generation sets
via other commands.
For example, the prefix used with
-<code>loopstats</code> and
-<code>peerstats</code> generation can be configured using the
-<code>statsdir</code> option explained above.
-<br><dt><span class="samp">Cm</span><dd>This string is directly concatenated to the prefix mentioned
+<kbd>loopstats</kbd>
+and
+<kbd>peerstats</kbd>
+generation can be configured using the
+<kbd>statsdir</kbd>
+option explained above.
+filename
+This string is directly concatenated to the prefix mentioned
above (no intervening
/).
This can be modified using
the file argument to the
-<code>filegen</code> statement.
+<kbd>filegen</kbd>
+statement.
No
<span class="file">..</span>
elements are
allowed in this component to prevent filenames referring to
parts outside the filesystem hierarchy denoted by
-<code>prefix</code>. <br><dt><span class="samp">Cm</span><dd>This part is reflects individual elements of a file set.
+<kbd>prefix</kbd>.
+suffix
+This part is reflects individual elements of a file set.
It is
generated according to the type of a file set.
</dl>
- .It
-Cm
-type
-Ar
-typename
+ type<kbd>typename</kbd>
A file generation set is characterized by its type.
The following
types are supported:
- <dl>
-<dt><span class="samp">Cm</span><dd>The file set is actually a single plain file.
-<br><dt><span class="samp">Cm</span><dd>One element of file set is used per incarnation of a ntpd
+ <dl>
+none
+The file set is actually a single plain file.
+pid
+One element of file set is used per incarnation of a ntpd
server.
This type does not perform any changes to file set
members during runtime, however it provides an easy way of
<code>ntpd(1ntpdmdoc)</code>
server incarnations.
The set member filename is built by appending a
-\&.
+.
to concatenated
-<code>prefix</code> and
-<code>filename</code> strings, and
+<kbd>prefix</kbd>
+and
+<kbd>filename</kbd>
+strings, and
appending the decimal representation of the process ID of the
<code>ntpd(1ntpdmdoc)</code>
server process.
-<br><dt><span class="samp">Cm</span><dd>One file generation set element is created per day.
+day
+One file generation set element is created per day.
A day is
defined as the period between 00:00 and 24:00 UTC.
The file set
member suffix consists of a
-\&.
+.
and a day specification in
the form
-<code>YYYYMMdd</code>. <code>YYYY</code> is a 4-digit year number (e.g., 1992).
-<code>MM</code> is a two digit month number.
-<code>dd</code> is a two digit day number.
+<code>YYYYMMdd</code>.
+<code>YYYY</code>
+is a 4-digit year number (e.g., 1992).
+<code>MM</code>
+is a two digit month number.
+<code>dd</code>
+is a two digit day number.
Thus, all information written at 10 December 1992 would end up
in a file named
-<code>prefix</code> <code>filename</code> <code>Ns</code> <code>.19921210</code>. <br><dt><span class="samp">Cm</span><dd>Any file set member contains data related to a certain week of
+<kbd>prefix</kbd>
+<kbd>filename</kbd><kbd>Ns</kbd><kbd>.19921210</kbd>.
+week
+Any file set member contains data related to a certain week of
a year.
The term week is defined by computing day-of-year
modulo 7.
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
filename base: A dot, a 4-digit year number, the letter
-<code>W</code>, and a 2-digit week number.
+<code>W</code>,
+and a 2-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
-.No
-.
-Ns
-Ar
-1992W1
-.
-<br><dt><span class="samp">Cm</span><dd>One generation file set element is generated per month.
+No.<kbd>1992W1</kbd>.
+month
+One generation file set element is generated per month.
The
file name suffix consists of a dot, a 4-digit year number, and
a 2-digit month.
-<br><dt><span class="samp">Cm</span><dd>One generation file element is generated per year.
+year
+One generation file element is generated per year.
The filename
suffix consists of a dot and a 4 digit year number.
-<br><dt><span class="samp">Cm</span><dd>This type of file generation sets changes to a new element of
+age
+This type of file generation sets changes to a new element of
the file set every 24 hours of server operation.
The filename
suffix consists of a dot, the letter
-<code>a</code>, and an 8-digit number.
+<code>a</code>,
+and an 8-digit number.
This number is taken to be the number of seconds the server is
running at the start of the corresponding 24-hour period.
Information is only written to a file generation by specifying
-<code>enable</code>; output is prevented by specifying
-<code>disable</code>. </dl>
- .It
-Cm
-link
-|
-nolink
+<code>enable</code>;
+output is prevented by specifying
+<code>disable</code>.
+</dl>
+ link|<code>nolink</code>
It is convenient to be able to access the current element of a file
generation set by a fixed name.
This feature is enabled by
specifying
-<code>link</code> and disabled using
-<code>nolink</code>. If link is specified, a
+<code>link</code>
+and disabled using
+<code>nolink</code>.
+If link is specified, a
hard link from the current file set element to a file without
suffix is created.
When there is already a file with this name and
the number of links of this file is one, it is renamed appending a
dot, the letter
-<code>C</code>, and the pid of the ntpd server process.
+<code>C</code>,
+and the pid of the ntpd server process.
When the
number of links is greater than one, the file is unlinked.
This
allows the current file to be accessed by a constant name.
-.It
-Cm
-enable
-\&|
-Cm
-disable
-Enables or disables the recording function.
-
+enable<code>|</code><code>Cm</code><code>disable</code>
+Enables or disables the recording function.
+</dl>
+ </dl>
+ </dl>
<div class="node">
<p><hr>
-<a name="Access"></a>
+<a name="Access-Control-Support"></a>
<br>
</div>
-<h3 class="section">Access</h3>
+<h3 class="section">Access Control Support</h3>
- <p>Access
-Control
-Support
-The
+<p>The
<code>ntpd(1ntpdmdoc)</code>
daemon implements a general purpose address/mask based restriction
list.
last match found defining the restriction flags associated
with the entry.
Additional information and examples can be found in the
-"Notes on Configuring NTP and Setting up a NTP Subnet"
+"NotesonConfiguringNTPandSettingupaNTPSubnet"
page
(available as part of the HTML documentation
provided in
<span class="file">/usr/share/doc/ntp</span>).
-
<p>The restriction facility was implemented in conformance
+ <p>The restriction facility was implemented in conformance
with the access policies for the original NSFnet backbone
time servers.
Later the facility was expanded to deflect
Source address based restrictions are easily circumvented
by a determined cracker.
-
<p>Clients can be denied service because they are explicitly
+ <p>Clients can be denied service because they are explicitly
included in the restrict list created by the restrict command
or implicitly as the result of cryptographic or rate limit
violations.
the restrictions is by restarting the server.
<div class="node">
<p><hr>
-<a name="The"></a>
+<a name="The-Kiss_002dof_002dDeath-Packet"></a>
<br>
</div>
-<h3 class="section">The</h3>
+<h3 class="section">The Kiss-of-Death Packet</h3>
- <p>The
-Kiss-of-Death
-Packet
-Ordinarily, packets denied service are simply dropped with no
+<p>Ordinarily, packets denied service are simply dropped with no
further action except incrementing statistics counters.
Sometimes a
more proactive response is needed, such as a server message that
to zero and the reference identifier field set to a four-byte
ASCII code.
If the
-<code>noserve</code> or
-<code>notrust</code> flag of the matching restrict list entry is set,
+<code>noserve</code>
+or
+<code>notrust</code>
+flag of the matching restrict list entry is set,
the code is "DENY"; if the
-<code>limited</code> flag is set and the rate limit
+<code>limited</code>
+flag is set and the rate limit
is exceeded, the code is "RATE".
Finally, if a cryptographic violation occurs, the code is "CRYP".
-
<p>A client receiving a KoD performs a set of sanity checks to
+ <p>A client receiving a KoD performs a set of sanity checks to
minimize security exposure, then updates the stratum and
reference identifier peer variables, sets the access
denied (TEST4) bit in the peer flash variable and sends
It will happen at the server only if the server operator cooperates.
<div class="node">
<p><hr>
-<a name="Access"></a>
+<a name="Access-Control-Commands"></a>
<br>
</div>
-<h3 class="section">Access</h3>
+<h3 class="section">Access Control Commands</h3>
- <p>Access
-Control
-Commands
- <dl>
-<dt><span class="samp">Xo</span><dd>[<code>average</code> <code>avg</code> ]
-[<code>minimum</code> <code>min</code> ]
-[<code>monitor</code> <code>prob</code> ]
+ <dl>
+discard[<code>average</code><kbd>avg</kbd>][<code>minimum</code><kbd>min</kbd>][<code>monitor</code><kbd>prob</kbd>]
Set the parameters of the
-<code>limited</code> facility which protects the server from
+<code>limited</code>
+facility which protects the server from
client abuse.
The
-<code>average</code> subcommand specifies the minimum average packet
+<code>average</code>
+subcommand specifies the minimum average packet
spacing, while the
-<code>minimum</code> subcommand specifies the minimum packet spacing.
+<code>minimum</code>
+subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
and a kiss-o'-death packet returned if enabled.
The default
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
for packets that overflow the rate-control window.
-<br><dt><span class="samp">Xo</span><dd>[<code>mask</code> <code>mask</code> ]
-[<code>flag</code> <code>...</code> ]
+restrict<code>address</code>[<code>mask</code><kbd>mask</kbd>][<kbd>flag</kbd><kbd>...</kbd>]
The
-<code>address</code> argument expressed in
+<kbd>address</kbd>
+argument expressed in
dotted-quad form is the address of a host or network.
Alternatively, the
-<code>address</code> argument can be a valid host DNS name.
+<kbd>address</kbd>
+argument can be a valid host DNS name.
The
-<code>mask</code> argument expressed in dotted-quad form defaults to
-<code>255.255.255.255</code>, meaning that the
-<code>address</code> is treated as the address of an individual host.
+<kbd>mask</kbd>
+argument expressed in dotted-quad form defaults to
+<code>255.255.255.255</code>,
+meaning that the
+<kbd>address</kbd>
+is treated as the address of an individual host.
A default entry (address
-<code>0.0.0.0</code>, mask
-<code>0.0.0.0</code>) is always included and is always the first entry in the list.
+<code>0.0.0.0</code>,
+mask
+<code>0.0.0.0</code>)
+is always included and is always the first entry in the list.
Note that text string
-<code>default</code>, with no mask option, may
+<code>default</code>,
+with no mask option, may
be used to indicate the default entry.
In the current implementation,
-<code>flag</code> always
+<code>flag</code>
+always
restricts access, i.e., an entry with no flags indicates that free
access to the server is to be given.
The flags are not orthogonal,
reconfiguration of the server.
One or more of the following flags
may be specified:
- <dl>
-<dt><span class="samp">Cm</span><dd>Deny packets of all kinds, including
-<code>ntpq(1ntpqmdoc)</code>
-and
-<code>ntpdc(1ntpdcmdoc)</code>
-queries.
-<br><dt><span class="samp">Cm</span><dd>If this flag is set when an access violation occurs, a kiss-o'-death
-(KoD) packet is sent.
-KoD packets are rate limited to no more than one
-per second.
-If another KoD packet occurs within one second after the
-last one, the packet is dropped.
-<br><dt><span class="samp">Cm</span><dd>Deny service if the packet spacing violates the lower limits specified
-in the discard command.
-A history of clients is kept using the
-monitoring capability of
-<code>ntpd(1ntpdmdoc)</code>.
-Thus, monitoring is always active as
-long as there is a restriction entry with the
-<code>limited</code> flag.
-<br><dt><span class="samp">Cm</span><dd>Declare traps set by matching hosts to be low priority.
-The
-number of traps a server can maintain is limited (the current limit
-is 3).
-Traps are usually assigned on a first come, first served
-basis, with later trap requestors being denied service.
-This flag
-modifies the assignment algorithm by allowing low priority traps to
-be overridden by later requests for normal priority traps.
-<br><dt><span class="samp">Cm</span><dd>Deny
-<code>ntpq(1ntpqmdoc)</code>
-and
-<code>ntpdc(1ntpdcmdoc)</code>
-queries which attempt to modify the state of the
-server (i.e., run time reconfiguration).
-Queries which return
-information are permitted.
-<br><dt><span class="samp">Cm</span><dd>Deny
-<code>ntpq(1ntpqmdoc)</code>
-and
-<code>ntpdc(1ntpdcmdoc)</code>
-queries.
-Time service is not affected.
-<br><dt><span class="samp">Cm</span><dd>Deny packets which would result in mobilizing a new association.
-This
-includes broadcast and symmetric active packets when a configured
-association does not exist.
-<br><dt><span class="samp">Cm</span><dd>Deny all packets except
-<code>ntpq(1ntpqmdoc)</code>
-and
-<code>ntpdc(1ntpdcmdoc)</code>
-queries.
-<br><dt><span class="samp">Cm</span><dd>Decline to provide mode 6 control message trap service to matching
-hosts.
-The trap service is a subsystem of the ntpdq control message
-protocol which is intended for use by remote event logging programs.
-<br><dt><span class="samp">Cm</span><dd>Deny service unless the packet is cryptographically authenticated.
-<br><dt><span class="samp">Cm</span><dd>This is actually a match algorithm modifier, rather than a
-restriction flag.
-Its presence causes the restriction entry to be
-matched only if the source port in the packet is the standard NTP
-UDP port (123).
-Both
-<code>ntpport</code> and
-<code>non-ntpport</code> may
-be specified.
-The
-<code>ntpport</code> is considered more specific and
-is sorted later in the list.
-<br><dt><span class="samp">Cm</span><dd>Deny packets that do not match the current NTP version.
-</dl>
-
- <p>Default restriction list entries with the flags ignore, interface,
-ntpport, for each of the local host's interface addresses are
-inserted into the table at startup to prevent the server
-from attempting to synchronize to its own time.
-A default entry is also always present, though if it is
-otherwise unconfigured; no flags are associated
-with the default entry (i.e., everything besides your own
-NTP server is unrestricted).
-
-<div class="node">
-<p><hr>
-<a name="Automatic"></a>
-<br>
-</div>
-
-<h3 class="section">Automatic</h3>
-
- <p>Automatic
-NTP
-Configuration
-Options
-<div class="node">
-<p><hr>
-<a name="Manycasting"></a>
-<br>
-</div>
-
-<h3 class="section">Manycasting</h3>
-
- <p>Manycasting
-Manycasting is a automatic discovery and configuration paradigm
-new to NTPv4.
-It is intended as a means for a multicast client
-to troll the nearby network neighborhood to find cooperating
-manycast servers, validate them using cryptographic means
-and evaluate their time values with respect to other servers
-that might be lurking in the vicinity.
-The intended result is that each manycast client mobilizes
-client associations with some number of the "best"
-of the nearby manycast servers, yet automatically reconfigures
-to sustain this number of servers should one or another fail.
-
- <p>Note that the manycasting paradigm does not coincide
-with the anycast paradigm described in RFC-1546,
-which is designed to find a single server from a clique
-of servers providing the same service.
-The manycast paradigm is designed to find a plurality
-of redundant servers satisfying defined optimality criteria.
-
- <p>Manycasting can be used with either symmetric key
-or public key cryptography.
-The public key infrastructure (PKI)
-offers the best protection against compromised keys
-and is generally considered stronger, at least with relatively
-large key sizes.
-It is implemented using the Autokey protocol and
-the OpenSSL cryptographic library available from
-.Li
-http://www.openssl.org/
-.
-The library can also be used with other NTPv4 modes
-as well and is highly recommended, especially for broadcast modes.
-
- <p>A persistent manycast client association is configured
-using the manycastclient command, which is similar to the
-server command but with a multicast (IPv4 class
-<code>D</code> or IPv6 prefix
-<code>FF</code>) group address.
-The IANA has designated IPv4 address 224.1.1.1
-and IPv6 address FF05::101 (site local) for NTP.
-When more servers are needed, it broadcasts manycast
-client messages to this address at the minimum feasible rate
-and minimum feasible time-to-live (TTL) hops, depending
-on how many servers have already been found.
-There can be as many manycast client associations
-as different group address, each one serving as a template
-for a future ephemeral unicast client/server association.
-
- <p>Manycast servers configured with the
-<code>manycastserver</code> command listen on the specified group address for manycast
-client messages.
-Note the distinction between manycast client,
-which actively broadcasts messages, and manycast server,
-which passively responds to them.
-If a manycast server is
-in scope of the current TTL and is itself synchronized
-to a valid source and operating at a stratum level equal
-to or lower than the manycast client, it replies to the
-manycast client message with an ordinary unicast server message.
-
- <p>The manycast client receiving this message mobilizes
-an ephemeral client/server association according to the
-matching manycast client template, but only if cryptographically
-authenticated and the server stratum is less than or equal
-to the client stratum.
-Authentication is explicitly required
-and either symmetric key or public key (Autokey) can be used.
-Then, the client polls the server at its unicast address
-in burst mode in order to reliably set the host clock
-and validate the source.
-This normally results
-in a volley of eight client/server at 2-s intervals
-during which both the synchronization and cryptographic
-protocols run concurrently.
-Following the volley,
-the client runs the NTP intersection and clustering
-algorithms, which act to discard all but the "best"
-associations according to stratum and synchronization
-distance.
-The surviving associations then continue
-in ordinary client/server mode.
-
- <p>The manycast client polling strategy is designed to reduce
-as much as possible the volume of manycast client messages
-and the effects of implosion due to near-simultaneous
-arrival of manycast server messages.
-The strategy is determined by the
-<code>manycastclient</code>, <code>tos</code> and
-<code>ttl</code> configuration commands.
-The manycast poll interval is
-normally eight times the system poll interval,
-which starts out at the
-<code>minpoll</code> value specified in the
-<code>manycastclient</code>, command and, under normal circumstances, increments to the
-<code>maxpolll</code> value specified in this command.
-Initially, the TTL is
-set at the minimum hops specified by the ttl command.
-At each retransmission the TTL is increased until reaching
-the maximum hops specified by this command or a sufficient
-number client associations have been found.
-Further retransmissions use the same TTL.
-
- <p>The quality and reliability of the suite of associations
-discovered by the manycast client is determined by the NTP
-mitigation algorithms and the
-<code>minclock</code> and
-<code>minsane</code> values specified in the
-<code>tos</code> configuration command.
-At least
-<code>minsane</code> candidate servers must be available and the mitigation
-algorithms produce at least
-<code>minclock</code> survivors in order to synchronize the clock.
-Byzantine agreement principles require at least four
-candidates in order to correctly discard a single falseticker.
-For legacy purposes,
-<code>minsane</code> defaults to 1 and
-<code>minclock</code> defaults to 3.
-For manycast service
-<code>minsane</code> should be explicitly set to 4, assuming at least that
-number of servers are available.
-
- <p>If at least
-<code>minclock</code> servers are found, the manycast poll interval is immediately
-set to eight times
-<code>maxpoll</code>. If less than
-<code>minclock</code> servers are found when the TTL has reached the maximum hops,
-the manycast poll interval is doubled.
-For each transmission
-after that, the poll interval is doubled again until
-reaching the maximum of eight times
-<code>maxpoll</code>. Further transmissions use the same poll interval and
-TTL values.
-Note that while all this is going on,
-each client/server association found is operating normally
-it the system poll interval.
-
- <p>Administratively scoped multicast boundaries are normally
-specified by the network router configuration and,
-in the case of IPv6, the link/site scope prefix.
-By default, the increment for TTL hops is 32 starting
-from 31; however, the
-<code>ttl</code> configuration command can be
-used to modify the values to match the scope rules.
-
- <p>It is often useful to narrow the range of acceptable
-servers which can be found by manycast client associations.
-Because manycast servers respond only when the client
-stratum is equal to or greater than the server stratum,
-primary (stratum 1) servers fill find only primary servers
-in TTL range, which is probably the most common objective.
-However, unless configured otherwise, all manycast clients
-in TTL range will eventually find all primary servers
-in TTL range, which is probably not the most common
-objective in large networks.
-The
-<code>tos</code> command can be used to modify this behavior.
-Servers with stratum below
-<code>floor</code> or above
-<code>ceiling</code> specified in the
-<code>tos</code> command are strongly discouraged during the selection
-process; however, these servers may be temporally
-accepted if the number of servers within TTL range is
-less than
-<code>minclock</code>.
-The above actions occur for each manycast client message,
-which repeats at the designated poll interval.
-However, once the ephemeral client association is mobilized,
-subsequent manycast server replies are discarded,
-since that would result in a duplicate association.
-If during a poll interval the number of client associations
-falls below
-<code>minclock</code>, all manycast client prototype associations are reset
-to the initial poll interval and TTL hops and operation
-resumes from the beginning.
-It is important to avoid
-frequent manycast client messages, since each one requires
-all manycast servers in TTL range to respond.
-The result could well be an implosion, either minor or major,
-depending on the number of servers in range.
-The recommended value for
-<code>maxpoll</code> is 12 (4,096 s).
-
- <p>It is possible and frequently useful to configure a host
-as both manycast client and manycast server.
-A number of hosts configured this way and sharing a common
-group address will automatically organize themselves
-in an optimum configuration based on stratum and
-synchronization distance.
-For example, consider an NTP
-subnet of two primary servers and a hundred or more
-dependent clients.
-With two exceptions, all servers
-and clients have identical configuration files including both
-<code>multicastclient</code> and
-<code>multicastserver</code> commands using, for instance, multicast group address
-239.1.1.1.
-The only exception is that each primary server
-configuration file must include commands for the primary
-reference source such as a GPS receiver.
-
- <p>The remaining configuration files for all secondary
-servers and clients have the same contents, except for the
-<code>tos</code> command, which is specific for each stratum level.
-For stratum 1 and stratum 2 servers, that command is
-not necessary.
-For stratum 3 and above servers the
-<code>floor</code> value is set to the intended stratum number.
-Thus, all stratum 3 configuration files are identical,
-all stratum 4 files are identical and so forth.
-
- <p>Once operations have stabilized in this scenario,
-the primary servers will find the primary reference source
-and each other, since they both operate at the same
-stratum (1), but not with any secondary server or client,
-since these operate at a higher stratum.
-The secondary
-servers will find the servers at the same stratum level.
-If one of the primary servers loses its GPS receiver,
-it will continue to operate as a client and other clients
-will time out the corresponding association and
-re-associate accordingly.
-
- <p>Some administrators prefer to avoid running
-<code>ntpd(1ntpdmdoc)</code>
-continuously and run either
-<code>ntpdate(8)</code>
-or
-<code>ntpd(1ntpdmdoc)</code>
-<code>-q</code> as a cron job.
-In either case the servers must be
-configured in advance and the program fails if none are
-available when the cron job runs.
-A really slick
-application of manycast is with
-<code>ntpd(1ntpdmdoc)</code>
-<code>-q</code>. The program wakes up, scans the local landscape looking
-for the usual suspects, selects the best from among
-the rascals, sets the clock and then departs.
-Servers do not have to be configured in advance and
-all clients throughout the network can have the same
-configuration file.
-<div class="node">
-<p><hr>
-<a name="Manycast"></a>
-<br>
-</div>
-
-<h3 class="section">Manycast</h3>
-
- <p>Manycast
-Interactions
-with
-Autokey
-Each time a manycast client sends a client mode packet
-to a multicast group address, all manycast servers
-in scope generate a reply including the host name
-and status word.
-The manycast clients then run
-the Autokey protocol, which collects and verifies
-all certificates involved.
-Following the burst interval
-all but three survivors are cast off,
-but the certificates remain in the local cache.
-It often happens that several complete signing trails
-from the client to the primary servers are collected in this way.
-
- <p>About once an hour or less often if the poll interval
-exceeds this, the client regenerates the Autokey key list.
-This is in general transparent in client/server mode.
-However, about once per day the server private value
-used to generate cookies is refreshed along with all
-manycast client associations.
-In this case all
-cryptographic values including certificates is refreshed.
-If a new certificate has been generated since
-the last refresh epoch, it will automatically revoke
-all prior certificates that happen to be in the
-certificate cache.
-At the same time, the manycast
-scheme starts all over from the beginning and
-the expanding ring shrinks to the minimum and increments
-from there while collecting all servers in scope.
-<div class="node">
-<p><hr>
-<a name="Manycast"></a>
-<br>
-</div>
-
-<h3 class="section">Manycast</h3>
-
- <p>Manycast
-Options
- <dl>
-<dt><span class="samp">Xo</span><dd>.Oo
-<code>ceiling</code> <code>ceiling</code> | <code>cohort</code> <code>0</code> | <code>1</code> | <code>floor</code> <code>floor</code> | <code>minclock</code> <code>minclock</code> | <code>minsane</code> <code>minsane</code> .Oc
-This command affects the clock selection and clustering
-algorithms.
-It can be used to select the quality and
-quantity of peers used to synchronize the system clock
-and is most useful in manycast mode.
-The variables operate
-as follows:
- <dl>
-<dt><span class="samp">Cm</span><dd>Peers with strata above
-<code>ceiling</code> will be discarded if there are at least
-<code>minclock</code> peers remaining.
-This value defaults to 15, but can be changed
-to any number from 1 to 15.
-<br><dt><span class="samp">Cm</span><dd>This is a binary flag which enables (0) or disables (1)
-manycast server replies to manycast clients with the same
-stratum level.
-This is useful to reduce implosions where
-large numbers of clients with the same stratum level
-are present.
-The default is to enable these replies.
-<br><dt><span class="samp">Cm</span><dd>Peers with strata below
-<code>floor</code> will be discarded if there are at least
-<code>minclock</code> peers remaining.
-This value defaults to 1, but can be changed
-to any number from 1 to 15.
-<br><dt><span class="samp">Cm</span><dd>The clustering algorithm repeatedly casts out outlyer
-associations until no more than
-<code>minclock</code> associations remain.
-This value defaults to 3,
-but can be changed to any number from 1 to the number of
-configured sources.
-<br><dt><span class="samp">Cm</span><dd>This is the minimum number of candidates available
-to the clock selection algorithm in order to produce
-one or more truechimers for the clustering algorithm.
-If fewer than this number are available, the clock is
-undisciplined and allowed to run free.
-The default is 1
-for legacy purposes.
-However, according to principles of
-Byzantine agreement,
-<code>minsane</code> should be at least 4 in order to detect and discard
-a single falseticker.
-</dl>
- .It
-Cm
-ttl
-Ar
-hop
-...
-This command specifies a list of TTL values in increasing
-order, up to 8 values can be specified.
-In manycast mode these values are used in turn
-in an expanding-ring search.
-The default is eight
-multiples of 32 starting at 31.
-
-<div class="node">
-<p><hr>
-<a name="Reference"></a>
-<br>
-</div>
-
-<h3 class="section">Reference</h3>
-
- <p>Reference
-Clock
-Support
-The NTP Version 4 daemon supports some three dozen different radio,
-satellite and modem reference clocks plus a special pseudo-clock
-used for backup or when no other clock source is available.
-Detailed descriptions of individual device drivers and options can
-be found in the
-"Reference Clock Drivers"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-Additional information can be found in the pages linked
-there, including the
-"Debugging Hints for Reference Clock Drivers"
-and
-"How To Write a Reference Clock Driver"
-pages
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-In addition, support for a PPS
-signal is available as described in the
-"Pulse-per-second (PPS) Signal Interfacing"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-Many
-drivers support special line discipline/streams modules which can
-significantly improve the accuracy using the driver.
-These are
-described in the
-"Line Disciplines and Streams Drivers"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-
- <p>A reference clock will generally (though not always) be a radio
-timecode receiver which is synchronized to a source of standard
-time such as the services offered by the NRC in Canada and NIST and
-USNO in the US.
-The interface between the computer and the timecode
-receiver is device dependent, but is usually a serial port.
-A
-device driver specific to each reference clock must be selected and
-compiled in the distribution; however, most common radio, satellite
-and modem clocks are included by default.
-Note that an attempt to
-configure a reference clock when the driver has not been compiled
-or the hardware port has not been appropriately configured results
-in a scalding remark to the system log file, but is otherwise non
-hazardous.
-
- <p>For the purposes of configuration,
-<code>ntpd(1ntpdmdoc)</code>
-treats
-reference clocks in a manner analogous to normal NTP peers as much
-as possible.
-Reference clocks are identified by a syntactically
-correct but invalid IP address, in order to distinguish them from
-normal NTP peers.
-Reference clock addresses are of the form
-.Sm
-off
-.Li
-127.127.
-Ar
-t
-.
-Ar
-u
-,
-.Sm
-on
-where
-<code>t</code> is an integer
-denoting the clock type and
-<code>u</code> indicates the unit
-number in the range 0-3.
-While it may seem overkill, it is in fact
-sometimes useful to configure multiple reference clocks of the same
-type, in which case the unit numbers must be unique.
-
- <p>The
-<code>server</code> command is used to configure a reference
-clock, where the
-<code>address</code> argument in that command
-is the clock address.
-The
-<code>key</code>, <code>version</code> and
-<code>ttl</code> options are not used for reference clock support.
-The
-<code>mode</code> option is added for reference clock support, as
-described below.
-The
-<code>prefer</code> option can be useful to
-persuade the server to cherish a reference clock with somewhat more
-enthusiasm than other reference clocks or peers.
-Further
-information on this option can be found in the
-"Mitigation Rules and the prefer Keyword"
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>)
-page.
-The
-<code>minpoll</code> and
-<code>maxpoll</code> options have
-meaning only for selected clock drivers.
-See the individual clock
-driver document pages for additional information.
-
- <p>The
-<code>fudge</code> command is used to provide additional
-information for individual clock drivers and normally follows
-immediately after the
-<code>server</code> command.
-The
-<code>address</code> argument specifies the clock address.
-The
-<code>refid</code> and
-<code>stratum</code> options can be used to
-override the defaults for the device.
-There are two optional
-device-dependent time offsets and four flags that can be included
-in the
-<code>fudge</code> command as well.
-
- <p>The stratum number of a reference clock is by default zero.
-Since the
-<code>ntpd(1ntpdmdoc)</code>
-daemon adds one to the stratum of each
-peer, a primary server ordinarily displays an external stratum of
-one.
-In order to provide engineered backups, it is often useful to
-specify the reference clock stratum as greater than zero.
-The
-<code>stratum</code> option is used for this purpose.
-Also, in cases
-involving both a reference clock and a pulse-per-second (PPS)
-discipline signal, it is useful to specify the reference clock
-identifier as other than the default, depending on the driver.
-The
-<code>refid</code> option is used for this purpose.
-Except where noted,
-these options apply to all clock drivers.
-<div class="node">
-<p><hr>
-<a name="Reference"></a>
-<br>
-</div>
-
-<h3 class="section">Reference</h3>
-
- <p>Reference
-Clock
-Commands
- <dl>
-<dt><span class="samp">Xo</span><dd>.Sm
-off
-.Li
-127.127.
-Ar
-t
-.
-Ar
-u
-.Sm
-on
-[<code>prefer</code> ]
-[<code>mode</code> <code>int</code> ]
-[<code>minpoll</code> <code>int</code> ]
-[<code>maxpoll</code> <code>int</code> ]
-This command can be used to configure reference clocks in
-special ways.
-The options are interpreted as follows:
- <dl>
-<dt><span class="samp">Cm</span><dd>Marks the reference clock as preferred.
-All other things being
-equal, this host will be chosen for synchronization among a set of
-correctly operating hosts.
-See the
-"Mitigation Rules and the prefer Keyword"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>)
-for further information.
-<br><dt><span class="samp">Cm</span><dd>Specifies a mode number which is interpreted in a
-device-specific fashion.
-For instance, it selects a dialing
-protocol in the ACTS driver and a device subtype in the
-parse
-drivers.
-<br><dt><span class="samp">Cm</span><br><dt><span class="samp">Cm</span><dd>These options specify the minimum and maximum polling interval
-for reference clock messages, as a power of 2 in seconds
-For
-most directly connected reference clocks, both
-<code>minpoll</code> and
-<code>maxpoll</code> default to 6 (64 s).
-For modem reference clocks,
-<code>minpoll</code> defaults to 10 (17.1 m) and
-<code>maxpoll</code> defaults to 14 (4.5 h).
-The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
-</dl>
- .It
-Xo
-Ic
-fudge
-.Sm
-off
-.Li
-127.127.
-Ar
-t
-.
-Ar
-u
-.Sm
-on
-[<code>time1</code> <code>sec</code> ]
-[<code>time2</code> <code>sec</code> ]
-[<code>stratum</code> <code>int</code> ]
-[<code>refid</code> <code>string</code> ]
-[<code>mode</code> <code>int</code> ]
-[<code>flag1</code> <code>Cm</code> <code>0</code> <code>\&|</code> <code>Cm</code> <code>1</code> ]
-[<code>flag2</code> <code>Cm</code> <code>0</code> <code>\&|</code> <code>Cm</code> <code>1</code> ]
-[<code>flag3</code> <code>Cm</code> <code>0</code> <code>\&|</code> <code>Cm</code> <code>1</code> ]
-[<code>flag4</code> <code>Cm</code> <code>0</code> <code>\&|</code> <code>Cm</code> <code>1</code> ]
-This command can be used to configure reference clocks in
-special ways.
-It must immediately follow the
-<code>server</code> command which configures the driver.
-Note that the same capability
-is possible at run time using the
-<code>ntpdc(1ntpdcmdoc)</code>
-program.
-The options are interpreted as
-follows:
- <dl>
-<dt><span class="samp">Cm</span><dd>Specifies a constant to be added to the time offset produced by
-the driver, a fixed-point decimal number in seconds.
-This is used
-as a calibration constant to adjust the nominal time offset of a
-particular clock to agree with an external standard, such as a
-precision PPS signal.
-It also provides a way to correct a
-systematic error or bias due to serial port or operating system
-latencies, different cable lengths or receiver internal delay.
-The
-specified offset is in addition to the propagation delay provided
-by other means, such as internal DIPswitches.
-Where a calibration
-for an individual system and driver is available, an approximate
-correction is noted in the driver documentation pages.
-Note: in order to facilitate calibration when more than one
-radio clock or PPS signal is supported, a special calibration
-feature is available.
-It takes the form of an argument to the
-<code>enable</code> command described in
-<a href="#Miscellaneous">Miscellaneous</a>Miscellaneous
-Options
-page and operates as described in the
-"Reference Clock Drivers"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-<br><dt><span class="samp">Cm</span><dd>Specifies a fixed-point decimal number in seconds, which is
-interpreted in a driver-dependent way.
-See the descriptions of
-specific drivers in the
-"Reference Clock Drivers"
-page
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>).
-<br><dt><span class="samp">Cm</span><dd>Specifies the stratum number assigned to the driver, an integer
-between 0 and 15.
-This number overrides the default stratum number
-ordinarily assigned by the driver itself, usually zero.
-<br><dt><span class="samp">Cm</span><dd>Specifies an ASCII string of from one to four characters which
-defines the reference identifier used by the driver.
-This string
-overrides the default identifier ordinarily assigned by the driver
-itself.
-<br><dt><span class="samp">Cm</span><dd>Specifies a mode number which is interpreted in a
-device-specific fashion.
-For instance, it selects a dialing
-protocol in the ACTS driver and a device subtype in the
-parse
-drivers.
-<br><dt><span class="samp">Cm</span><br><dt><span class="samp">Cm</span><br><dt><span class="samp">Cm</span><br><dt><span class="samp">Cm</span><dd>These four flags are used for customizing the clock driver.
-The
-interpretation of these values, and whether they are used at all,
-is a function of the particular clock driver.
-However, by
-convention
-<code>flag4</code> is used to enable recording monitoring
-data to the
-<code>clockstats</code> file configured with the
-<code>filegen</code> command.
-Further information on the
-<code>filegen</code> command can be found in
-<a href="#Monitoring">Monitoring</a>Monitoring
-Options
-.
-</dl>
-
-<div class="node">
-<p><hr>
-<a name="Miscellaneous"></a>
-<br>
-</div>
-
-<h3 class="section">Miscellaneous</h3>
-
- <p>Miscellaneous
-Options
- <dl>
-<dt><span class="samp">Ic</span><dd>The broadcast and multicast modes require a special calibration
-to determine the network delay between the local and remote
-servers.
-Ordinarily, this is done automatically by the initial
-protocol exchanges between the client and server.
-In some cases,
-the calibration procedure may fail due to network or server access
-controls, for example.
-This command specifies the default delay to
-be used under these circumstances.
-Typically (for Ethernet), a
-number between 0.003 and 0.007 seconds is appropriate.
-The default
-when this command is not used is 0.004 seconds.
-<br><dt><span class="samp">Ic</span><dd>This option controls the delay in seconds between the first and second
-packets sent in burst or iburst mode to allow additional time for a modem
-or ISDN call to complete.
-<br><dt><span class="samp">Ic</span><dd>This command specifies the complete path and name of the file used to
-record the frequency of the local clock oscillator.
-This is the same
-operation as the
-<code>-f</code> command line option.
-If the file exists, it is read at
-startup in order to set the initial frequency and then updated once per
-hour with the current frequency computed by the daemon.
-If the file name is
-specified, but the file itself does not exist, the starts with an initial
-frequency of zero and creates the file when writing it for the first time.
-If this command is not given, the daemon will always start with an initial
-frequency of zero.
-
- <p>The file format consists of a single line containing a single
-floating point number, which records the frequency offset measured
-in parts-per-million (PPM).
-The file is updated by first writing
-the current drift value into a temporary file and then renaming
-this file to replace the old version.
-This implies that
-<code>ntpd(1ntpdmdoc)</code>
-must have write permission for the directory the
-drift file is located in, and that file system links, symbolic or
-otherwise, should be avoided.
-<br><dt><span class="samp">Xo</span><dd>.Oo
-<code>auth</code> | <code>Cm</code> <code>bclient</code> | <code>calibrate</code> | <code>Cm</code> <code>kernel</code> | <code>monitor</code> | <code>Cm</code> <code>ntp</code> | <code>pps</code> | <code>Cm</code> <code>stats</code> .Oc
-<br><dt><span class="samp">Xo</span><dd>.Oo
-<code>auth</code> | <code>Cm</code> <code>bclient</code> | <code>calibrate</code> | <code>Cm</code> <code>kernel</code> | <code>monitor</code> | <code>Cm</code> <code>ntp</code> | <code>pps</code> | <code>Cm</code> <code>stats</code> .Oc
-Provides a way to enable or disable various server options.
-Flags not mentioned are unaffected.
-Note that all of these flags
-can be controlled remotely using the
-<code>ntpdc(1ntpdcmdoc)</code>
-utility program.
- <dl>
-<dt><span class="samp">Cm</span><dd>Enables the server to synchronize with unconfigured peers only if the
-peer has been correctly authenticated using either public key or
-private key cryptography.
-The default for this flag is
-<code>enable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the server to listen for a message from a broadcast or
-multicast server, as in the
-<code>multicastclient</code> command with default
-address.
-The default for this flag is
-<code>disable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the calibrate feature for reference clocks.
-The default for
-this flag is
-<code>disable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the kernel time discipline, if available.
-The default for this
-flag is
-<code>enable</code> if support is available, otherwise
-<code>disable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the monitoring facility.
-See the
-<code>ntpdc(1ntpdcmdoc)</code>
-program
-and the
-<code>monlist</code> command or further information.
-The
-default for this flag is
-<code>enable</code>. <br><dt><span class="samp">Cm</span><dd>Enables time and frequency discipline.
-In effect, this switch opens and
-closes the feedback loop, which is useful for testing.
-The default for
-this flag is
-<code>enable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the pulse-per-second (PPS) signal when frequency and time is
-disciplined by the precision time kernel modifications.
-See the
-"A Kernel Model for Precision Timekeeping"
-(available as part of the HTML documentation
-provided in
-<span class="file">/usr/share/doc/ntp</span>)
-page for further information.
-The default for this flag is
-<code>disable</code>. <br><dt><span class="samp">Cm</span><dd>Enables the statistics facility.
-See the
-<a href="#Monitoring">Monitoring</a>Monitoring
-Options
-section for further information.
-The default for this flag is
-<code>disable</code>. </dl>
- .It
-Ic
-includefile
-Ar
-includefile
-This command allows additional configuration commands
-to be included from a separate file.
-Include files may
-be nested to a depth of five; upon reaching the end of any
-include file, command processing resumes in the previous
-configuration file.
-This option is useful for sites that run
-<code>ntpd(1ntpdmdoc)</code>
-on multiple hosts, with (mostly) common options (e.g., a
-restriction list).
-.It
-Ic
-logconfig
-Ar
-configkeyword
-This command controls the amount and type of output written to
-the system
-<code>syslog(3)</code>
-facility or the alternate
-<code>logfile</code> log file.
-By default, all output is turned on.
-All
-<code>configkeyword</code> keywords can be prefixed with
-=,
-+
-and
--,
-where
-=
-sets the
-<code>syslog(3)</code>
-priority mask,
-+
-adds and
--
-removes
-messages.
-<code>syslog(3)</code>
-messages can be controlled in four
-classes
-.Po
-<code>clock</code>, <code>peer</code>, <code>sys</code> and
-<code>sync</code> .Pc
-.
-Within these classes four types of messages can be
-controlled: informational messages
-.Po
-<code>info</code> .Pc
-,
-event messages
-.Po
-<code>events</code> .Pc
-,
-statistics messages
-.Po
-<code>statistics</code> .Pc
-and
-status messages
-.Po
-<code>status</code> .Pc
-.
-
- <p>Configuration keywords are formed by concatenating the message class with
-the event class.
-The
-<code>all</code> prefix can be used instead of a message class.
-A
-message class may also be followed by the
-<code>all</code> keyword to enable/disable all
-messages of the respective message class.Thus, a minimal log configuration
-could look like this:
-.Bd
--literal
-logconfig =syncstatus +sysevents
-.Ed
-
- <p>This would just list the synchronizations state of
-<code>ntpd(1ntpdmdoc)</code>
-and the major system events.
-For a simple reference server, the
-following minimum message configuration could be useful:
-.Bd
--literal
-logconfig =syncall +clockall
-.Ed
-
- <p>This configuration will list all clock information and
-synchronization information.
-All other events and messages about
-peers, system events and so on is suppressed.
-.It
-Ic
-logfile
-Ar
-logfile
-This command specifies the location of an alternate log file to
-be used instead of the default system
-<code>syslog(3)</code>
-facility.
-This is the same operation as the -l command line option.
-.It
-Ic
-setvar
-Ar
-variable
-Op
-Cm
-default
-This command adds an additional system variable.
-These
-variables can be used to distribute additional information such as
-the access policy.
-If the variable of the form
-.Sm
-off
-.Va
-name
-=
-Ar
-value
-.Sm
-on
-is followed by the
-<code>default</code> keyword, the
-variable will be listed as part of the default system variables
-.Po
-<code>ntpq(1ntpqmdoc)</code>
-<code>rv</code> command
-.Pc
-)
-.
-These additional variables serve
-informational purposes only.
-They are not related to the protocol
-other that they can be listed.
-The known protocol variables will
-always override any variables defined via the
-<code>setvar</code> mechanism.
-There are three special variables that contain the names
-of all variable of the same group.
-The
-.Va
-sys_var_list
-holds
-the names of all system variables.
-The
-.Va
-peer_var_list
-holds
-the names of all peer variables and the
-.Va
-clock_var_list
-holds the names of the reference clock variables.
-.It
-Xo
-Ic
-tinker
-.Oo
-<code>allan</code> <code>allan</code> | <code>dispersion</code> <code>dispersion</code> | <code>freq</code> <code>freq</code> | <code>huffpuff</code> <code>huffpuff</code> | <code>panic</code> <code>panic</code> | <code>step</code> <code>srep</code> | <code>stepout</code> <code>stepout</code> .Oc
-This command can be used to alter several system variables in
-very exceptional circumstances.
-It should occur in the
-configuration file before any other configuration options.
-The
-default values of these variables have been carefully optimized for
-a wide range of network speeds and reliability expectations.
-In
-general, they interact in intricate ways that are hard to predict
-and some combinations can result in some very nasty behavior.
-Very
-rarely is it necessary to change the default values; but, some
-folks cannot resist twisting the knobs anyway and this command is
-for them.
-Emphasis added: twisters are on their own and can expect
-no help from the support group.
-
- <p>The variables operate as follows:
- <dl>
-<dt><span class="samp">Cm</span><dd>The argument becomes the new value for the minimum Allan
-intercept, which is a parameter of the PLL/FLL clock discipline
-algorithm.
-The value in log2 seconds defaults to 7 (1024 s), which is also the lower
-limit.
-<br><dt><span class="samp">Cm</span><dd>The argument becomes the new value for the dispersion increase rate,
-normally .000015 s/s.
-<br><dt><span class="samp">Cm</span><dd>The argument becomes the initial value of the frequency offset in
-parts-per-million.
-This overrides the value in the frequency file, if
-present, and avoids the initial training state if it is not.
-<br><dt><span class="samp">Cm</span><dd>The argument becomes the new value for the experimental
-huff-n'-puff filter span, which determines the most recent interval
-the algorithm will search for a minimum delay.
-The lower limit is
-900 s (15 m), but a more reasonable value is 7200 (2 hours).
-There
-is no default, since the filter is not enabled unless this command
-is given.
-<br><dt><span class="samp">Cm</span><dd>The argument is the panic threshold, normally 1000 s.
-If set to zero,
-the panic sanity check is disabled and a clock offset of any value will
-be accepted.
-<br><dt><span class="samp">Cm</span><dd>The argument is the step threshold, which by default is 0.128 s.
-It can
-be set to any positive number in seconds.
-If set to zero, step
-adjustments will never occur.
-Note: The kernel time discipline is
-disabled if the step threshold is set to zero or greater than the
-default.
-<br><dt><span class="samp">Cm</span><dd>The argument is the stepout timeout, which by default is 900 s.
-It can
-be set to any positive number in seconds.
-If set to zero, the stepout
-pulses will not be suppressed.
-</dl>
- .It
-Xo
-Ic
-trap
-Ar
-host_address
-[<code>port</code> <code>port_number</code> ]
-[<code>interface</code> <code>interface_address</code> ]
-This command configures a trap receiver at the given host
-address and port number for sending messages with the specified
-local interface address.
-If the port number is unspecified, a value
-of 18447 is used.
-If the interface address is not specified, the
-message is sent with a source address of the local interface the
-message is sent through.
-Note that on a multihomed host the
-interface used may vary from time to time with routing changes.
-
- <p>The trap receiver will generally log event messages and other
-information from the server in a log file.
-While such monitor
-programs may also request their own trap dynamically, configuring a
-trap receiver will ensure that no messages are lost when the server
-is started.
-.It
-Cm
-hop
-Ar
-...
-This command specifies a list of TTL values in increasing order, up to 8
-values can be specified.
-In manycast mode these values are used in turn in
-an expanding-ring search.
-The default is eight multiples of 32 starting at
-31.
-
- <p>This section was generated by <strong>AutoGen</strong>,
-using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.conf</code> program.
-This software is released under the NTP license, <http://ntp.org/license>.
-
-</body></html>
-
-.TH ntp.conf 5 "03 Jan 2013" "4.2.7p344" "File Formats"
+.TH ntp.conf 5 "04 Jan 2013" "4.2.7p345" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:10 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:47 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.\"
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
-show time offset (seconds), frequency offset (parts per million -
+show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
.ti -4
.br
.in +4
.nf
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.in -4
.fi
.PP
.Ql = ,
.Ql +
and
-.Ql - ,
+.Ql \- ,
where
.Ql =
sets the
priority mask,
.Ql +
adds and
-.Ql -
+.Ql \-
removes
messages.
.Xr syslog 3
be used instead of the default system
.Xr syslog 3
facility.
-This is the same operation as the -l command line option.
+This is the same operation as the \-l command line option.
.TP
.BR Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
+.SH "OPTIONS"
+.TP
+.BR \-\-help
+Display usage information and exit.
+.TP
+.BR \-\-more-help
+Pass the extended usage information through a pager.
+.TP
+.BR \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.SH "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.SH "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.TP
.BR Pa /etc/ntp.conf
.TP
.BR Pa ntp_dh
Diffie-Hellman agreement parameters
+.SH "EXIT STATUS"
+One of the following exit values will be returned:
+.TP
+.BR 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.TP
+.BR 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH "SEE ALSO"
.SH SEE ALSO
.Xr ntpd @NTPD_MS@ ,
These should be obtained via secure directory
services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_CONF 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:31 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:06 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.Nd Network Time Protocol (NTP) daemon configuration file format
.Sh SYNOPSIS
.Nm
-.Op Fl \-option-name
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
some of which may be optional, separated by whitespace.
Commands may not be continued over multiple lines.
Arguments may be host names,
-host addresses written in numeric, dotted-quad form,
+host addresses written in numeric, dotted\-quad form,
integers, floating point numbers (when specifying times in seconds)
and text strings.
.Pp
of options not listed may not be caught as an error, but may result
in some weird and even destructive behavior.
.Pp
-If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
+If the Basic Socket Interface Extensions for IPv6 (RFC\-2553)
is detected, support for the IPv6 address family is generated
in addition to the default support of the IPv4 address family.
In a few cases, including the reslist billboard generated
The
.Ar address
can be
-either a DNS name or an IP address in dotted-quad notation.
+either a DNS name or an IP address in dotted\-quad notation.
Additional information on association behavior can be found in the
.Qq Association Management
page
b or m addresses.
.It Ic peer
For type s addresses (only), this command mobilizes a
-persistent symmetric-active mode association with the specified
+persistent symmetric\-active mode association with the specified
remote peer.
In this mode the local clock can be synchronized to
the remote peer or the remote peer can be synchronized to the local
.It Cm ttl Ar ttl
This option is used only with broadcast server and manycast
client modes.
-It specifies the time-to-live
+It specifies the time\-to\-live
.Ar ttl
to
use on broadcast server and multicast server and the maximum
.It Cm version Ar version
Specifies the version number to be used for outgoing NTP
packets.
-Versions 1-4 are the choices, with version 4 the
+Versions 1\-4 are the choices, with version 4 the
default.
.El
.Ss Auxiliary Commands
synchronizes to succeeding broadcast messages.
Note that, in order
to avoid accidental or malicious disruption in this mode, both the
-server and client should operate using symmetric-key or public-key
+server and client should operate using symmetric\-key or public\-key
authentication as described in
.Sx Authentication Options .
.It Ic manycastserver Ar address ...
implosion at the original sender.
Note that, in order to avoid
accidental or malicious disruption in this mode, both the server
-and client should operate using symmetric-key or public-key
+and client should operate using symmetric\-key or public\-key
authentication as described in
.Sx Authentication Options .
.It Ic multicastclient Ar address ...
which it synchronizes to succeeding multicast messages.
Note that,
in order to avoid accidental or malicious disruption in this mode,
-both the server and client should operate using symmetric-key or
-public-key authentication as described in
+both the server and client should operate using symmetric\-key or
+public\-key authentication as described in
.Sx Authentication Options .
.El
.Sh Authentication Support
server is in fact known and trusted and not an intruder intending
accidentally or on purpose to masquerade as that server.
The NTPv3
-specification RFC-1305 defines a scheme which provides
+specification RFC\-1305 defines a scheme which provides
cryptographic authentication of received NTP packets.
Originally,
this was done using the Data Encryption Standard (DES) algorithm
operating in Cipher Block Chaining (CBC) mode, commonly called
-DES-CBC.
+DES\-CBC.
Subsequently, this was replaced by the RSA Message Digest
-5 (MD5) algorithm using a private key, commonly called keyed-MD5.
-Either algorithm computes a message digest, or one-way hash, which
+5 (MD5) algorithm using a private key, commonly called keyed\-MD5.
+Either algorithm computes a message digest, or one\-way hash, which
can be used to verify the server has the correct private key and
key identifier.
.Pp
further details are in the briefings, papers
and reports at the NTP project page linked from
.Li http://www.ntp.org/ .
-.Ss Symmetric-Key Cryptography
-The original RFC-1305 specification allows any one of possibly
-65,534 keys, each distinguished by a 32-bit key identifier, to
+.Ss Symmetric\-Key Cryptography
+The original RFC\-1305 specification allows any one of possibly
+65,534 keys, each distinguished by a 32\-bit key identifier, to
authenticate an association.
The servers and clients involved must
agree on the key and key identifier to
utility.
.Ss Public Key Cryptography
NTPv4 supports the original NTPv3 symmetric key scheme
-described in RFC-1305 and in addition the Autokey protocol,
+described in RFC\-1305 and in addition the Autokey protocol,
which is based on public key cryptography.
The Autokey Version 2 protocol described on the Autokey Protocol
page verifies packet integrity using MD5 message digests
Most modes use a special cookie which can be
computed independently by the client and server,
but encrypted in transmission.
-All modes use in addition a variant of the S-KEY scheme,
-in which a pseudo-random key list is generated and used
+All modes use in addition a variant of the S\-KEY scheme,
+in which a pseudo\-random key list is generated and used
in reverse order.
These schemes are described along with an executive summary,
current status, briefing slides and reading list on the
The specific cryptographic environment used by Autokey servers
and clients is determined by a set of files
and soft links generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+.Xr ntp\-keygen 1ntpkeygenmdoc
program.
This includes a required host key file,
required certificate file and optional sign key file,
same key and the message is verified, Bob sends Cathy a reply
authenticated with that key.
If verification fails,
-Bob sends Cathy a thing called a crypto-NAK, which tells her
+Bob sends Cathy a thing called a crypto\-NAK, which tells her
something broke.
She can see the evidence using the
.Xr ntpq @NTPQ_MS@
.Ss Key Management
The cryptographic values used by the Autokey protocol are
incorporated as a set of files generated by the
-.Xr ntp-keygen 1ntpkeygenmdoc
+.Xr ntp\-keygen 1ntpkeygenmdoc
utility program, including symmetric key, host key and
public certificate files, as well as sign key, identity parameters
and leapseconds files.
Specifies the key identifier to use with the
.Xr ntpq @NTPQ_MS@
utility, which uses the standard
-protocol defined in RFC-1305.
+protocol defined in RFC\-1305.
The
.Ar key
argument is
for the trusted key, where the value can be in the range 1 to
65,534, inclusive.
.It Ic revoke Ar logsec
-Specifies the interval between re-randomization of certain
+Specifies the interval between re\-randomization of certain
cryptographic values used by the Autokey scheme, as a power of 2 in
seconds.
These values need to be updated frequently in order to
-deflect brute-force attacks on the algorithms of the scheme;
+deflect brute\-force attacks on the algorithms of the scheme;
however, updating some values is a relatively expensive operation.
The default interval is 16 (65,536 s or about 18 hours).
For poll
servers.
The
.Ar key
-arguments are 32-bit unsigned
+arguments are 32\-bit unsigned
integers with values from 1 to 65,534.
.El
.Ss Error Codes
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the
-clock address in dotted-quad notation.
+clock address in dotted\-quad notation.
The final field shows the last
timecode received from the clock in decoded ASCII format, where
meaningful.
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight).
The next field shows the peer
-address in dotted-quad notation, The final message field includes the
+address in dotted\-quad notation, The final message field includes the
message type and certain ancillary information.
See the
.Sx Authentication Options
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next five fields
-show time offset (seconds), frequency offset (parts per million -
+show time offset (seconds), frequency offset (parts per million \-
PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
discipline time constant.
.It Cm peerstats
generation set named
.Cm peerstats :
.Bd -literal
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674
.Ed
.Pp
The first two fields show the date (Modified Julian Day) and
time (seconds and fraction past UTC midnight).
The next two fields
-show the peer address in dotted-quad notation and status,
+show the peer address in dotted\-quad notation and status,
respectively.
The status field is encoded in hex in the format
described in Appendix A of the NTP specification RFC 1305.
The final four fields show the offset,
delay, dispersion and RMS jitter, all in seconds.
.It Cm rawstats
-Enables recording of raw-timestamp statistics information.
+Enables recording of raw\-timestamp statistics information.
This
includes statistics records of all peers of a NTP server and of
special signals, where present and configured.
time (seconds and fraction past UTC midnight).
The next two fields
show the remote peer or clock address followed by the local address
-in dotted-quad notation.
+in dotted\-quad notation.
The final four fields show the originate,
receive, transmit and final NTP timestamps in order.
The timestamp
.Ar filegen
option.
It is defined by the
-server, usually specified as a compile-time constant.
+server, usually specified as a compile\-time constant.
It may,
however, be configurable for individual file generation sets
via other commands.
the form
.Cm YYYYMMdd .
.Cm YYYY
-is a 4-digit year number (e.g., 1992).
+is a 4\-digit year number (e.g., 1992).
.Cm MM
is a two digit month number.
.Cm dd
.It Cm week
Any file set member contains data related to a certain week of
a year.
-The term week is defined by computing day-of-year
+The term week is defined by computing day\-of\-year
modulo 7.
Elements of such a file generation set are
distinguished by appending the following suffix to the file set
-filename base: A dot, a 4-digit year number, the letter
+filename base: A dot, a 4\-digit year number, the letter
.Cm W ,
-and a 2-digit week number.
+and a 2\-digit week number.
For example, information from January,
10th 1992 would end up in a file with suffix
.No . Ns Ar 1992W1 .
.It Cm month
One generation file set element is generated per month.
The
-file name suffix consists of a dot, a 4-digit year number, and
-a 2-digit month.
+file name suffix consists of a dot, a 4\-digit year number, and
+a 2\-digit month.
.It Cm year
One generation file element is generated per year.
The filename
The filename
suffix consists of a dot, the letter
.Cm a ,
-and an 8-digit number.
+and an 8\-digit number.
This number is taken to be the number of seconds the server is
-running at the start of the corresponding 24-hour period.
+running at the start of the corresponding 24\-hour period.
Information is only written to a file generation by specifying
.Cm enable ;
output is prevented by specifying
When a client or network is denied access
for an indefinate period, the only way at present to remove
the restrictions is by restarting the server.
-.Ss The Kiss-of-Death Packet
+.Ss The Kiss\-of\-Death Packet
Ordinarily, packets denied service are simply dropped with no
further action except incrementing statistics counters.
Sometimes a
explicitly requests the client to stop sending and leave a message
for the system operator.
A special packet format has been created
-for this purpose called the "kiss-of-death" (KoD) packet.
+for this purpose called the "kiss\-of\-death" (KoD) packet.
KoD packets have the leap bits set unsynchronized and stratum set
-to zero and the reference identifier field set to a four-byte
+to zero and the reference identifier field set to a four\-byte
ASCII code.
If the
.Cm noserve
.Cm minimum
subcommand specifies the minimum packet spacing.
Packets that violate these minima are discarded
-and a kiss-o'-death packet returned if enabled.
+and a kiss\-o'\-death packet returned if enabled.
The default
minimum average and minimum are 5 and 2, respectively.
The monitor subcommand specifies the probability of discard
-for packets that overflow the rate-control window.
+for packets that overflow the rate\-control window.
.It Xo Ic restrict address
.Op Cm mask Ar mask
.Op Ar flag ...
The
.Ar address
argument expressed in
-dotted-quad form is the address of a host or network.
+dotted\-quad form is the address of a host or network.
Alternatively, the
.Ar address
argument can be a valid host DNS name.
The
.Ar mask
-argument expressed in dotted-quad form defaults to
+argument expressed in dotted\-quad form defaults to
.Cm 255.255.255.255 ,
meaning that the
.Ar address
ones redundant.
The flags can generally be classed into two
categories, those which restrict time service and those which
-restrict informational queries and attempts to do run-time
+restrict informational queries and attempts to do run\-time
reconfiguration of the server.
One or more of the following flags
may be specified:
.Xr ntpdc @NTPDC_MS@
queries.
.It Cm kod
-If this flag is set when an access violation occurs, a kiss-o'-death
+If this flag is set when an access violation occurs, a kiss\-o'\-death
(KoD) packet is sent.
KoD packets are rate limited to no more than one
per second.
Both
.Cm ntpport
and
-.Cm non-ntpport
+.Cm non\-ntpport
may
be specified.
The
to sustain this number of servers should one or another fail.
.Pp
Note that the manycasting paradigm does not coincide
-with the anycast paradigm described in RFC-1546,
+with the anycast paradigm described in RFC\-1546,
which is designed to find a single server from a clique
of servers providing the same service.
The manycast paradigm is designed to find a plurality
and IPv6 address FF05::101 (site local) for NTP.
When more servers are needed, it broadcasts manycast
client messages to this address at the minimum feasible rate
-and minimum feasible time-to-live (TTL) hops, depending
+and minimum feasible time\-to\-live (TTL) hops, depending
on how many servers have already been found.
There can be as many manycast client associations
as different group address, each one serving as a template
in burst mode in order to reliably set the host clock
and validate the source.
This normally results
-in a volley of eight client/server at 2-s intervals
+in a volley of eight client/server at 2\-s intervals
during which both the synchronization and cryptographic
protocols run concurrently.
Following the volley,
.Pp
The manycast client polling strategy is designed to reduce
as much as possible the volume of manycast client messages
-and the effects of implosion due to near-simultaneous
+and the effects of implosion due to near\-simultaneous
arrival of manycast server messages.
The strategy is determined by the
.Ic manycastclient ,
If one of the primary servers loses its GPS receiver,
it will continue to operate as a client and other clients
will time out the corresponding association and
-re-associate accordingly.
+re\-associate accordingly.
.Pp
Some administrators prefer to avoid running
.Xr ntpd @NTPD_MS@
This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
-in an expanding-ring search.
+in an expanding\-ring search.
The default is eight
multiples of 32 starting at 31.
.El
.Sh Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
-satellite and modem reference clocks plus a special pseudo-clock
+satellite and modem reference clocks plus a special pseudo\-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
be found in the
.Pa /usr/share/doc/ntp ) .
In addition, support for a PPS
signal is available as described in the
-.Qq Pulse-per-second (PPS) Signal Interfacing
+.Qq Pulse\-per\-second (PPS) Signal Interfacing
page
(available as part of the HTML documentation
provided in
denoting the clock type and
.Ar u
indicates the unit
-number in the range 0-3.
+number in the range 0\-3.
While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
options can be used to
override the defaults for the device.
There are two optional
-device-dependent time offsets and four flags that can be included
+device\-dependent time offsets and four flags that can be included
in the
.Ic fudge
command as well.
.Cm stratum
option is used for this purpose.
Also, in cases
-involving both a reference clock and a pulse-per-second (PPS)
+involving both a reference clock and a pulse\-per\-second (PPS)
discipline signal, it is useful to specify the reference clock
identifier as other than the default, depending on the driver.
The
for further information.
.It Cm mode Ar int
Specifies a mode number which is interpreted in a
-device-specific fashion.
+device\-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
.Bl -tag -width indent
.It Cm time1 Ar sec
Specifies a constant to be added to the time offset produced by
-the driver, a fixed-point decimal number in seconds.
+the driver, a fixed\-point decimal number in seconds.
This is used
as a calibration constant to adjust the nominal time offset of a
particular clock to agree with an external standard, such as a
provided in
.Pa /usr/share/doc/ntp ) .
.It Cm time2 Ar secs
-Specifies a fixed-point decimal number in seconds, which is
-interpreted in a driver-dependent way.
+Specifies a fixed\-point decimal number in seconds, which is
+interpreted in a driver\-dependent way.
See the descriptions of
specific drivers in the
.Qq Reference Clock Drivers
itself.
.It Cm mode Ar int
Specifies a mode number which is interpreted in a
-device-specific fashion.
+device\-specific fashion.
For instance, it selects a dialing
protocol in the ACTS driver and a device subtype in the
parse
.Pp
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
-in parts-per-million (PPM).
+in parts\-per\-million (PPM).
The file is updated by first writing
the current drift value into a temporary file and then renaming
this file to replace the old version.
this flag is
.Ic enable .
.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency and time is
+Enables the pulse\-per\-second (PPS) signal when frequency and time is
disciplined by the precision time kernel modifications.
See the
.Qq A Kernel Model for Precision Timekeeping
.Ql = ,
.Ql +
and
-.Ql - ,
+.Ql \- ,
where
.Ql =
sets the
priority mask,
.Ql +
adds and
-.Ql -
+.Ql \-
removes
messages.
.Xr syslog 3
be used instead of the default system
.Xr syslog 3
facility.
-This is the same operation as the -l command line option.
+This is the same operation as the \-l command line option.
.It Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
These
normally .000015 s/s.
.It Cm freq Ar freq
The argument becomes the initial value of the frequency offset in
-parts-per-million.
+parts\-per\-million.
This overrides the value in the frequency file, if
present, and avoids the initial training state if it is not.
.It Cm huffpuff Ar huffpuff
The argument becomes the new value for the experimental
-huff-n'-puff filter span, which determines the most recent interval
+huff\-n'\-puff filter span, which determines the most recent interval
the algorithm will search for a minimum delay.
The lower limit is
900 s (15 m), but a more reasonable value is 7200 (2 hours).
This command specifies a list of TTL values in increasing order, up to 8
values can be specified.
In manycast mode these values are used in turn in
-an expanding-ring search.
+an expanding\-ring search.
The default is eight multiples of 32 starting at
31.
.El
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more\-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh FILES
.Bl -tag -width /etc/ntp.drift -compact
.It Pa /etc/ntp.conf
.It Pa ntpkey_ Ns Ar host
RSA public key
.It Pa ntp_dh
-Diffie-Hellman agreement parameters
+Diffie\-Hellman agreement parameters
+.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Sh SEE ALSO
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The syntax checking is not picky; some combinations of
These should be obtained via secure directory
services when they become universally available.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP
option definitions.
-.TH ntp.keys 5man "03 Jan 2013" "4.2.7p344" "File Formats"
+.TH ntp.keys 5man "04 Jan 2013" "4.2.7p345" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:15 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:52 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.\"
.SH NAME
-ntp.keys \- NTP symmetric key file format
+ntp.keys \- NTP symmetric key file format configuration file
.SH SYNOPSIS
.B /etc/ntp.keys
.PP
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH FILES
.TP
.BR Pa /etc/ntp.keys
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:33 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:10 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
.Li ntpd
was built with the OpenSSL library
then any digest library supported by that library may be specified.
-However, if compliance with FIPS 140-2 is required the
+However, if compliance with FIPS 140\-2 is required the
.Ar type
must be either
.Li SHA
.It Li SHA
.It Li SHA1
.It Li RMD160
-The key is a hex-encoded ASCII string of 40 characters,
+The key is a hex\-encoded ASCII string of 40 characters,
which is truncated as necessary.
.El
.Pp
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more\-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh FILES
.Bl -tag -width /etc/ntp.keys -compact
.It Pa /etc/ntp.keys
the default name of the configuration file
.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
+.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Xr ntpd 1ntpdmdoc ,
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
option definitions.
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
- <p>This document applies to version 4.2.7p344 of <code>ntp.keys</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
<p><code>ntpd(8)</code>
reads its keys from a file specified using the
-<code>-k</code> command line option or the
-<code>keys</code> statement in the configuration file.
+<code>-k</code>
+command line option or the
+<code>keys</code>
+statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
as the configuration file.
Key entries use a fixed format of the form
- <p>.D1
-Ar
-keyno
-type
-key
-
+<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd>
+</pre>
<p>where
-<code>keyno</code> is a positive integer (between 1 and 65534),
-<code>type</code> is the message digest algorithm,
+<kbd>keyno</kbd>
+is a positive integer (between 1 and 65534),
+<kbd>type</kbd>
+is the message digest algorithm,
and
-<code>key</code> is the key itself.
+<kbd>key</kbd>
+is the key itself.
<p>The
-<code>key</code> may be given in a format
+<kbd>key</kbd>
+may be given in a format
controlled by the
-<code>type</code> field.
+<kbd>type</kbd>
+field.
The
-<code>type</code> .Li
-MD5
+<kbd>type</kbd>
+<code>MD5</code>
is always supported.
If
-.Li
-ntpd
+<code>ntpd</code>
was built with the OpenSSL library
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
-<code>type</code> must be either
-.Li
-SHA
+<kbd>type</kbd>
+must be either
+<code>SHA</code>
or
-.Li
-SHA1
-.
+<code>SHA1</code>.
<p>What follows are some key types, and corresponding formats:
<dl>
-<dt><span class="samp">Li</span><dd>The key is 1 to 16 printable characters terminated by
+<dt><code>MD5</code><dd>The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
-.Li
#
(which is the "start of comment" character).
- <br><dt><span class="samp">Li</span><br><dt><span class="samp">Li</span><br><dt><span class="samp">Li</span><dd>The key is a hex-encoded ASCII string of 40 characters,
+ <br><dt><code>SHA</code><br><dt><code>SHA1</code><br><dt><code>RMD160</code><dd>The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
</dl>
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.keys</code> program.
This software is released under the NTP license, <http://ntp.org/license>.
+<ul class="menu">
+<li><a accesskey="1" href="#ntp_002ekeys-Files">ntp.keys Files</a>: Files
+<li><a accesskey="2" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>: See Also
+<li><a accesskey="3" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>: Notes
+</ul>
+
+<div class="node">
+<p><hr>
+<a name="ntp_002ekeys-Files"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
+<br>
+</div>
+
+<h4 class="subsection">ntp.keys Files</h4>
+
+ <dl>
+<dt><span class="file">/etc/ntp.keys</span><dd>the default name of the configuration file
+</dl>
+<div class="node">
+<p><hr>
+<a name="ntp_002ekeys-See-Also"></a>Next: <a rel="next" accesskey="n" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-Files">ntp.keys Files</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
+<br>
+</div>
+
+<h4 class="subsection">ntp.keys See Also</h4>
+
+<p><code>ntp.conf(5)</code>,
+<code>ntpd(1ntpdmdoc)</code>,
+<code>ntpdate(1ntpdatemdoc)</code>,
+<code>ntpdc(1ntpdcmdoc)</code>,
+<code>sntp(1sntpmdoc)</code>
+<div class="node">
+<p><hr>
+<a name="ntp_002ekeys-Notes"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002ekeys-See-Also">ntp.keys See Also</a>,
+Up: <a rel="up" accesskey="u" href="#ntp_002ekeys-Notes">ntp.keys Notes</a>
+<br>
+</div>
+
+<h4 class="subsection">ntp.keys Notes</h4>
+
+<p>This document corresponds to version of NTP.
+This document was derived from FreeBSD.
+
</body></html>
-.TH ntp.keys 5 "03 Jan 2013" "4.2.7p344" "File Formats"
+.TH ntp.keys 5 "04 Jan 2013" "4.2.7p345" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:15 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:52 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.\"
.SH NAME
-ntp.keys \- NTP symmetric key file format
+ntp.keys \- NTP symmetric key file format configuration file
.SH SYNOPSIS
.B /etc/ntp.keys
.PP
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH FILES
.TP
.BR Pa /etc/ntp.keys
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:33 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:10 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
.Li ntpd
was built with the OpenSSL library
then any digest library supported by that library may be specified.
-However, if compliance with FIPS 140-2 is required the
+However, if compliance with FIPS 140\-2 is required the
.Ar type
must be either
.Li SHA
.It Li SHA
.It Li SHA1
.It Li RMD160
-The key is a hex-encoded ASCII string of 40 characters,
+The key is a hex\-encoded ASCII string of 40 characters,
which is truncated as necessary.
.El
.Pp
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
+.Sh "OPTIONS"
+.Bl -tag
+.It \-\-help
+Display usage information and exit.
+.It \-\-more\-help
+Pass the extended usage information through a pager.
+.It \-\-version "[=\fI{v|c|n}\fP]"
+Output version of program and exit. The default mode is `v', a simple
+version. The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+ \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh FILES
.Bl -tag -width /etc/ntp.keys -compact
.It Pa /etc/ntp.keys
the default name of the configuration file
.El
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
+.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Xr ntpd @NTPD_MS@ ,
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-This document was derived from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp.keys\fP
+This document corresponds to version 4.2.7p345 of NTP.
+This document was derived from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
option definitions.
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:07:05 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:01:39 AM by AutoGen 5.17.1pre11
* From the definitions ntpd-opts.def
* and the template file options
*
* ntpd option static const strings
*/
static char const ntpd_opt_strs[2987] =
-/* 0 */ "ntpd 4.2.7p344\n"
+/* 0 */ "ntpd 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2753 */ "Output version information and exit\0"
/* 2789 */ "version\0"
/* 2797 */ "NTPD\0"
-/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p344\n"
+/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 2935 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2969 */ "\n\n\0"
-/* 2972 */ "ntpd 4.2.7p344";
+/* 2972 */ "ntpd 4.2.7p345";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:07:03 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:01:38 AM by AutoGen 5.17.1pre11
* From the definitions ntpd-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 37
-#define NTPD_VERSION "4.2.7p344"
-#define NTPD_FULL_VERSION "ntpd 4.2.7p344"
+#define NTPD_VERSION "4.2.7p345"
+#define NTPD_FULL_VERSION "ntpd 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpd 1ntpdman "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpd 1ntpdman "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:18 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:55 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
to 022.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a ", " -\-authreq
+.BR \-a ", " \-\-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
multicast client and symmetric passive associations.
This is the default.
.TP
-.BR \-A ", " -\-authnoreq
+.BR \-A ", " \-\-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
multicast client and symmetric passive associations.
This is almost never a good idea.
.TP
-.BR \-b ", " -\-bcastsync
+.BR \-b ", " \-\-bcastsync
Allow us to sync to broadcast servers.
.sp
.TP
\fI/etc/ntp.conf\fP
by default.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
\fI/etc/ntp.conf\fP
file.
.TP
-.BR \-g ", " -\-panicgate
+.BR \-g ", " \-\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-\fBinterface\fP command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.TP
.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
-.BR \-L ", " -\-novirtualips
+.BR \-L ", " \-\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
-.BR \-M ", " -\-modifymmtimer
+.BR \-M ", " \-\-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
.TP
-.BR \-n ", " -\-nofork
+.BR \-n ", " \-\-nofork
Do not fork.
This option must not appear in combination with any of the following options:
wait-sync.
.sp
.TP
-.BR \-N ", " -\-nice
+.BR \-N ", " \-\-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
-.BR \-q ", " -\-quit
+.BR \-q ", " \-\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
-.BR \-x ", " -\-slew
+.BR \-x ", " \-\-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.BR \-m ", " -\-mdns
+.BR \-m ", " \-\-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
\fBNTPD_<option-name>\fP or \fBNTPD\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.SS "How NTP Operates"
The
.TP
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH "SEE ALSO"
.Xr ntp.conf 5 ,
.Xr ntpdate 8 ,
a busy primary server, rather than a high stratum workstation in
mind.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPD 1ntpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:34 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:12 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ <server1> ... <serverN> ]
.Pp
.Sh DESCRIPTION
and maintains the system time of day in synchronism with Internet
standard time servers.
It is a complete implementation of the
-Network Time Protocol (NTP) version 4, as defined by RFC-5905,
+Network Time Protocol (NTP) version 4, as defined by RFC\-5905,
but also retains compatibility with
-version 3, as defined by RFC-1305, and versions 1
-and 2, as defined by RFC-1059 and RFC-1119, respectively.
+version 3, as defined by RFC\-1305, and versions 1
+and 2, as defined by RFC\-1059 and RFC\-1119, respectively.
.Pp
The
.Nm
-utility does most computations in 64-bit floating point
-arithmetic and does relatively clumsy 64-bit fixed point operations
+utility does most computations in 64\-bit floating point
+arithmetic and does relatively clumsy 64\-bit fixed point operations
only when necessary to preserve the ultimate precision, about 232
picoseconds.
While the ultimate precision is not achievable with
to 022.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-a ", " -\-authreq
+.It \-a ", " \-\-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
Require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is the default.
-.It \-A ", " -\-authnoreq
+.It \-A ", " \-\-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
Do not require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is almost never a good idea.
-.It \-b ", " -\-bcastsync
+.It \-b ", " \-\-bcastsync
Allow us to sync to broadcast servers.
.sp
-.sp
.It \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
.It \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
frequency drift file name.
.sp
configuration specification in the
\fI/etc/ntp.conf\fP
file.
-.It \-g ", " -\-panicgate
+.It \-g ", " \-\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-\fBinterface\fP command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
This is the same operation as the
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
-.It \-L ", " -\-novirtualips
+.It \-L ", " \-\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
consider using the configuration file \fBinterface\fP command, which
is more versatile.
-.It \-M ", " -\-modifymmtimer
+.It \-M ", " \-\-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
-.It \-n ", " -\-nofork
+.It \-n ", " \-\-nofork
Do not fork.
This option must not appear in combination with any of the following options:
-wait-sync.
-.sp
+wait\-sync.
.sp
-.It \-N ", " -\-nice
+.It \-N ", " \-\-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
at the specified
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
-.It \-q ", " -\-quit
+.It \-q ", " \-\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
-saveconfigquit, wait-sync.
+saveconfigquit, wait\-sync.
.sp
\fBntpd\fP
will not daemonize and will exit after the clock is first
.It \-\-saveconfigquit "=\fIstring\fP"
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
-quit, wait-sync.
+quit, wait\-sync.
.sp
Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
-.sp
.It \-\-dvar "=\fIndvar\fP"
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
-.sp
.It \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
otherwise it is \fBETIMEDOUT\fP.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
-.It \-x ", " -\-slew
+.It \-x ", " \-\-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
-.It \-m ", " -\-mdns
+.It \-m ", " \-\-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
.nf
- \fBNTPD_<option-name>\fP or \fBNTPD\fP
+ \fBNTPD_<option\-name>\fP or \fBNTPD\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Ss "How NTP Operates"
The
.Xr ntp.conf 5 .
.Pp
Most operating systems and hardware of today incorporate a
-time-of-year (TOY) chip to maintain the time during periods when
+time\-of\-year (TOY) chip to maintain the time during periods when
the power is off.
When the machine is booted, the chip is used to
initialize the operating system time.
without discontinuities.
Under conditions of extreme network
congestion, the roundtrip delay jitter can exceed three seconds and
-the synchronization distance, which is equal to one-half the
+the synchronization distance, which is equal to one\-half the
roundtrip delay plus error budget terms, can become very large.
The
.Nm
.Fl x
option.
The maximum slew rate possible is limited
-to 500 parts-per-million (PPM) as a consequence of the correctness
+to 500 parts\-per\-million (PPM) as a consequence of the correctness
principles on which the NTP protocol and algorithm design are
based.
As a result, the local clock can take a long time to
.Pp
In spite of the above precautions, sometimes when large
frequency errors are present the resulting time offsets stray
-outside the 128-ms range and an eventual step or slew time
+outside the 128\-ms range and an eventual step or slew time
correction is required.
If following such a correction the
frequency error is so large that the first sample is outside the
.Pa ntp.drift
file then
.Xr ntpd 8
-will effectively "warm-start" and your system's clock will
+will effectively "warm\-start" and your system's clock will
be stable in under 11 seconds' time.
.Pp
As soon as possible in the startup sequence, start
.Cm dovecot
or database servers
that require
-monotonically-increasing time,
+monotonically\-increasing time,
run
-.Xr ntp-wait 8
+.Xr ntp\-wait 8
as late as possible in the boot sequence
(perhaps with the
.Fl v
flag)
and after
-.Xr ntp-wait 8
+.Xr ntp\-wait 8
exits successfully
it is as safe as it will ever be to start any process that require
stable time.
It normally operates continuously while
monitoring for small changes in frequency and trimming the clock
for the ultimate precision.
-However, it can operate in a one-time
+However, it can operate in a one\-time
mode where the time is set from an external server and frequency is
set from a previously recorded frequency file.
A
broadcast/multicast or manycast client can discover remote servers,
-compute server-client propagation delay correction factors and
+compute server\-client propagation delay correction factors and
configure itself automatically.
This makes it possible to deploy a
fleet of workstations without specifying configuration details
Then the
.Nm
is
-stopped and run in one-time mode as required.
+stopped and run in one\-time mode as required.
At each startup, the
frequency is read from the file and initializes the kernel
frequency.
Once this is done, the drift file is automatically
updated once per hour and is available to initialize the frequency
on subsequent daemon restarts.
-.Ss "The huff-n'-puff Filter"
+.Ss "The huff\-n'\-puff Filter"
In scenarios where a considerable amount of data are to be
downloaded or uploaded over telephone modems, timekeeping quality
can be seriously degraded.
step threshold and a step correction can occur during and after the
data transfer is in progress.
.Pp
-The huff-n'-puff filter is designed to correct the apparent time
+The huff\-n'\-puff filter is designed to correct the apparent time
offset in these cases.
It depends on knowledge of the propagation
delay when no other traffic is present.
Successful program execution.
.It 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The
.Nm
utility has gotten rather fat.
While not huge, it has gotten
-larger than might be desirable for an elevated-priority
+larger than might be desirable for an elevated\-priority
.Nm
running on a workstation, particularly since many of
the fancy features which consume the space were designed more with
a busy primary server, rather than a high stratum workstation in
mind.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntpd\fP
option definitions.
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
- <p>This document applies to version 4.2.7p344 of <code>ntpd</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
<code>ntp.conf(5)</code>
file cannot be read and no file is
specified by the
-<code>-c</code> option.
+<code>-c</code>
+option.
<p>Various internal
<code>ntpd</code>
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p343
+<pre class="example">ntpd - NTP daemon program - Ver. 4.2.7p344
USAGE: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description
<h3 class="section">How NTP Operates</h3>
-<p>How NTP Operates
-The
+<p>The
<code>ntpd</code>
utility operates by exchanging messages with
one or more configured servers over a range of designated poll intervals.
set.
This initial delay to set the clock
can be safely and dramatically reduced using the
-<code>iburst</code> keyword with the
-<code>server</code> configuration
+<code>iburst</code>
+keyword with the
+<code>server</code>
+configuration
command, as described in
<code>ntp.conf(5)</code>.
to exit with a panic message to
the system log.
The
-<code>-g</code> option overrides this check and the
+<code>-g</code>
+option overrides this check and the
clock will be set to the server time regardless of the chip time
(up to 68 years in the past or future \(em
this is a limitation of the NTPv4 protocol).
In some applications, this behavior may be unacceptable.
There are several solutions, however.
If the
-<code>-x</code> option is included on the command line, the clock will
+<code>-x</code>
+option is included on the command line, the clock will
never be stepped and only slew corrections will be used.
But this choice comes with a cost that
should be carefully explored before deciding to use
the
-<code>-x</code> option.
+<code>-x</code>
+option.
The maximum slew rate possible is limited
to 500 parts-per-million (PPM) as a consequence of the correctness
principles on which the NTP protocol and algorithm design are
normal tracking mode.
In the most extreme cases
(the host
-<code>time.ien.it</code> comes to mind), there may be occasional
+<code>time.ien.it</code>
+comes to mind), there may be occasional
step/slew corrections and subsequent frequency corrections.
It
helps in these cases to use the
-<code>burst</code> keyword when
+<code>burst</code>
+keyword when
configuring the server, but
ONLY
when you have permission to do so from the owner of the target host.
<h3 class="section">Starting NTP (Best Current Practice)</h3>
-<p>Starting NTP (Best Current Practice)
-First, use the
-<code>iburst</code> option on your
-<code>server</code> entries.
+<p>First, use the
+<code>iburst</code>
+option on your
+<code>server</code>
+entries.
<p>If you can also keep a good
<span class="file">ntp.drift</span>
<p>As soon as possible in the startup sequence, start
<code>ntpd(8)</code>
with at least the
-<code>-g</code> and perhaps the
-<code>-N</code> options.
+<code>-g</code>
+and perhaps the
+<code>-N</code>
+options.
Then,
start the rest of your "normal" processes.
This will give
<p>Finally,
if you have processes like
-<code>dovecot</code> or database servers
+<code>dovecot</code>
+or database servers
that require
monotonically-increasing time,
run
<code>ntp-wait(8)</code>
as late as possible in the boot sequence
(perhaps with the
-<code>-v</code> flag)
+<code>-v</code>
+flag)
and after
<code>ntp-wait(8)</code>
exits successfully
<h3 class="section">Frequency Discipline</h3>
-<p>Frequency Discipline
-The
+<p>The
<code>ntpd</code>
behavior at startup depends on whether the
frequency file, usually
<h3 class="section">Operating Modes</h3>
-<p>Operating Modes
-The
+<p>The
<code>ntpd</code>
utility can operate in any of several modes, including
symmetric active/passive, client/server broadcast/multicast and
processing, error checking and mitigation algorithms of
<code>ntpd</code>.
The
-<code>-q</code> option is intended for this purpose.
+<code>-q</code>
+option is intended for this purpose.
Setting this option will cause
<code>ntpd</code>
to exit just after
The procedure for initially
setting the clock is the same as in continuous mode; most
applications will probably want to specify the
-<code>iburst</code> keyword with the
-<code>server</code> configuration command.
+<code>iburst</code>
+keyword with the
+<code>server</code>
+configuration command.
With this
keyword a volley of messages are exchanged to groom the data and
the clock is set in about 10 s.
<p>When kernel support is available to discipline the clock
frequency, which is the case for stock Solaris, Tru64, Linux and
-.Fx
-,
+Fx,
a useful feature is available to discipline the clock
frequency.
First,
<h3 class="section">Poll Interval Control</h3>
-<p>Poll Interval Control
-This version of NTP includes an intricate state machine to
+<p>This version of NTP includes an intricate state machine to
reduce the network load while maintaining a quality of
synchronization consistent with the observed jitter and wander.
There are a number of ways to tailor the operation in order enhance
default minimum of 64 s to the default maximum of 1,024 s.
The
default minimum can be changed with the
-<code>tinker</code> <code>minpoll</code> command to a value not less than 16 s.
+<code>tinker</code>
+<code>minpoll</code>
+command to a value not less than 16 s.
This value is used for all
configured associations, unless overridden by the
-<code>minpoll</code> option on the configuration command.
+<code>minpoll</code>
+option on the configuration command.
Note that most device drivers
will not operate properly if the poll interval is less than 64 s
and that the broadcast server and manycast client associations will
<h3 class="section">The huff-n'-puff Filter</h3>
-<p>The huff-n'-puff Filter
-In scenarios where a considerable amount of data are to be
+<p>In scenarios where a considerable amount of data are to be
downloaded or uploaded over telephone modems, timekeeping quality
can be seriously degraded.
This occurs because the differential
offset.
<p>The filter is activated by the
-<code>tinker</code> command and
-<code>huffpuff</code> keyword, as described in
+<code>tinker</code>
+command and
+<code>huffpuff</code>
+keyword, as described in
<code>ntp.conf(5)</code>.
<div class="node">
<p><hr>
<h4 class="subsection">ntpd Files</h4>
<dl>
-<dt><span class="samp">Pa</span><dd>the default name of the configuration file
-<br><dt><span class="samp">Pa</span><dd>the default name of the drift file
-<br><dt><span class="samp">Pa</span><dd>the default name of the key file
+<dt><span class="file">/etc/ntp.conf</span><dd>the default name of the configuration file
+<br><dt><span class="file">/etc/ntp.drift</span><dd>the default name of the drift file
+<br><dt><span class="file">/etc/ntp.keys</span><dd>the default name of the key file
</dl>
<div class="node">
<p><hr>
<p>In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
-.Li
-http://www.ntp.org/
-.
+<code>http://www.ntp.org/</code>.
A snapshot of this documentation is available in HTML format in
<span class="file">/usr/share/doc/ntp</span>.
-.Rs
-.%A
-David
-L.
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-1)
-.%O
-RFC1059
-.Re
-.Rs
-.%A
-David
-L.
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-2)
-.%O
-RFC1119
-.Re
-.Rs
-.%A
-David
-L.
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-3)
-.%O
-RFC1305
-.Re
-.Rs
-.%A
-David
-L.
-Mills
-.%A
-J.
-Martin,
-Ed.
-.%A
-J.
-Burbank
-.%A
-W.
-Kasch
-.%T
-Network
-Time
-Protocol
-Version
-4:
-Protocol
-and
-Algorithms
-Specification
-.%O
-RFC5905
-.Re
-.Rs
-.%A
-David
-L.
-Mills
-.%A
-B.
-Haberman,
-Ed.
-.%T
-Network
-Time
-Protocol
-Version
-4:
-Autokey
-Specification
-.%O
-RFC5906
-.Re
-.Rs
-.%A
-H.
-Gerstung
-.%A
-C.
-Elliott
-.%A
-B.
-Haberman,
-Ed.
-.%T
-Definitions
-of
-Managed
-Objects
-for
-Network
-Time
-Protocol
-Version
-4:
-(NTPv4)
-.%O
-RFC5907
-.Re
-.Rs
-.%A
-R.
-Gayraud
-.%A
-B.
-Lourdelet
-.%T
-Network
-Time
-Protocol
-(NTP)
-Server
-Option
-for
-DHCPv6
-.%O
-RFC5908
-.Re
+<br>
+ David L. Mills, <em>Network Time Protocol (Version 1)</em>, RFC1059.
+<br>
+ David L. Mills, <em>Network Time Protocol (Version 2)</em>, RFC1119.
+<br>
+ David L. Mills, <em>Network Time Protocol (Version 3)</em>, RFC1305.
+<br>
+ David L. Mills, J. Martin, Ed., J. Burbank, W. Kasch, <em>Network Time Protocol Version 4: Protocol and Algorithms Specification</em>, RFC5905.
+<br>
+ David L. Mills, B. Haberman, Ed., <em>Network Time Protocol Version 4: Autokey Specification</em>, RFC5906.
+<br>
+ H. Gerstung, C. Elliott, B. Haberman, Ed., <em>Definitions of Managed Objects for Network Time Protocol Version 4: (NTPv4)</em>, RFC5907.
+<br>
+ R. Gayraud, B. Lourdelet, <em>Network Time Protocol (NTP) Server Option for DHCPv6</em>, RFC5908.
<div class="node">
<p><hr>
<a name="ntpd-Bugs"></a>Next: <a rel="next" accesskey="n" href="#ntpd-Notes">ntpd Notes</a>,
-.TH ntpd @NTPD_MS@ "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpd @NTPD_MS@ "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:18 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:02:55 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
to 022.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
.TP
-.BR \-a ", " -\-authreq
+.BR \-a ", " \-\-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
multicast client and symmetric passive associations.
This is the default.
.TP
-.BR \-A ", " -\-authnoreq
+.BR \-A ", " \-\-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
multicast client and symmetric passive associations.
This is almost never a good idea.
.TP
-.BR \-b ", " -\-bcastsync
+.BR \-b ", " \-\-bcastsync
Allow us to sync to broadcast servers.
.sp
.TP
\fI/etc/ntp.conf\fP
by default.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
\fI/etc/ntp.conf\fP
file.
.TP
-.BR \-g ", " -\-panicgate
+.BR \-g ", " \-\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-\fBinterface\fP command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.TP
.BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
.TP
-.BR \-L ", " -\-novirtualips
+.BR \-L ", " \-\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
consider using the configuration file \fBinterface\fP command, which
is more versatile.
.TP
-.BR \-M ", " -\-modifymmtimer
+.BR \-M ", " \-\-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
.TP
-.BR \-n ", " -\-nofork
+.BR \-n ", " \-\-nofork
Do not fork.
This option must not appear in combination with any of the following options:
wait-sync.
.sp
.TP
-.BR \-N ", " -\-nice
+.BR \-N ", " \-\-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
.TP
-.BR \-q ", " -\-quit
+.BR \-q ", " \-\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
saveconfigquit, wait-sync.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
.TP
-.BR \-x ", " -\-slew
+.BR \-x ", " \-\-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
.TP
-.BR \-m ", " -\-mdns
+.BR \-m ", " \-\-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
\fBNTPD_<option-name>\fP or \fBNTPD\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.SS "How NTP Operates"
The
.TP
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH "SEE ALSO"
.Xr ntp.conf 5 ,
.Xr ntpdate 8 ,
a busy primary server, rather than a high stratum workstation in
mind.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPD @NTPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:34 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:12 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ <server1> ... <serverN> ]
.Pp
.Sh DESCRIPTION
and maintains the system time of day in synchronism with Internet
standard time servers.
It is a complete implementation of the
-Network Time Protocol (NTP) version 4, as defined by RFC-5905,
+Network Time Protocol (NTP) version 4, as defined by RFC\-5905,
but also retains compatibility with
-version 3, as defined by RFC-1305, and versions 1
-and 2, as defined by RFC-1059 and RFC-1119, respectively.
+version 3, as defined by RFC\-1305, and versions 1
+and 2, as defined by RFC\-1059 and RFC\-1119, respectively.
.Pp
The
.Nm
-utility does most computations in 64-bit floating point
-arithmetic and does relatively clumsy 64-bit fixed point operations
+utility does most computations in 64\-bit floating point
+arithmetic and does relatively clumsy 64\-bit fixed point operations
only when necessary to preserve the ultimate precision, about 232
picoseconds.
While the ultimate precision is not achievable with
to 022.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
.sp
Force DNS resolution of following host names on the command line
to the IPv6 namespace.
-.It \-a ", " -\-authreq
+.It \-a ", " \-\-authreq
Require crypto authentication.
This option must not appear in combination with any of the following options:
authnoreq.
Require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is the default.
-.It \-A ", " -\-authnoreq
+.It \-A ", " \-\-authnoreq
Do not require crypto authentication.
This option must not appear in combination with any of the following options:
authreq.
Do not require cryptographic authentication for broadcast client,
multicast client and symmetric passive associations.
This is almost never a good idea.
-.It \-b ", " -\-bcastsync
+.It \-b ", " \-\-bcastsync
Allow us to sync to broadcast servers.
.sp
-.sp
.It \-c " \fIstring\fP, " \-\-configfile "=" \fIstring\fP
configuration file name.
.sp
The name and path of the configuration file,
\fI/etc/ntp.conf\fP
by default.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
.It \-f " \fIstring\fP, " \-\-driftfile "=" \fIstring\fP
frequency drift file name.
.sp
configuration specification in the
\fI/etc/ntp.conf\fP
file.
-.It \-g ", " -\-panicgate
+.It \-g ", " \-\-panicgate
Allow the first adjustment to be Big.
This option may appear an unlimited number of times.
.sp
given interface name. This option may appear multiple times. This option
also implies not opening other addresses, except wildcard and localhost.
This option is deprecated. Please consider using the configuration file
-\fBinterface\fP command, which is more versatile.
+\fBinterface\fP command, which is more versatile.
.It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP
path to symmetric keys.
.sp
This is the same operation as the
\fBlogfile\fP \fIlogfile\fP
configuration file directive.
-.It \-L ", " -\-novirtualips
+.It \-L ", " \-\-novirtualips
Do not listen to virtual interfaces.
.sp
Do not listen to virtual interfaces, defined as those with
names containing a colon. This option is deprecated. Please
consider using the configuration file \fBinterface\fP command, which
is more versatile.
-.It \-M ", " -\-modifymmtimer
+.It \-M ", " \-\-modifymmtimer
Modify Multimedia Timer (Windows only).
.sp
Set the Windows Multimedia Timer to highest resolution. This
ensures the resolution does not change while ntpd is running,
avoiding timekeeping glitches associated with changes.
-.It \-n ", " -\-nofork
+.It \-n ", " \-\-nofork
Do not fork.
This option must not appear in combination with any of the following options:
-wait-sync.
-.sp
+wait\-sync.
.sp
-.It \-N ", " -\-nice
+.It \-N ", " \-\-nice
Run at high priority.
.sp
To the extent permitted by the operating system, run
at the specified
\fBsched_setscheduler(SCHED_FIFO)\fP
priority.
-.It \-q ", " -\-quit
+.It \-q ", " \-\-quit
Set the time and quit.
This option must not appear in combination with any of the following options:
-saveconfigquit, wait-sync.
+saveconfigquit, wait\-sync.
.sp
\fBntpd\fP
will not daemonize and will exit after the clock is first
.It \-\-saveconfigquit "=\fIstring\fP"
Save parsed configuration and quit.
This option must not appear in combination with any of the following options:
-quit, wait-sync.
+quit, wait\-sync.
.sp
Cause \fBntpd\fP to parse its startup configuration file and save an
equivalent to the given filename and exit. This option was
make ARG an ntp variable (RW).
This option may appear an unlimited number of times.
.sp
-.sp
.It \-\-dvar "=\fIndvar\fP"
make ARG an ntp variable (RW|DEF).
This option may appear an unlimited number of times.
.sp
-.sp
.It \-w " \fInumber\fP, " \-\-wait\-sync "=" \fInumber\fP
Seconds to wait for first clock sync.
This option must not appear in combination with any of the following options:
otherwise it is \fBETIMEDOUT\fP.
This provides the option for a script starting \fBntpd\fP to easily
wait for the first set of the clock before proceeding.
-.It \-x ", " -\-slew
+.It \-x ", " \-\-slew
Slew up to 600 seconds.
.sp
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold.
Force substitution the CPU counter for \fBQueryPerformanceCounter\fP.
The CPU counter (RDTSC on x86) is used unconditionally with the
given frequency (in Hz).
-.It \-m ", " -\-mdns
+.It \-m ", " \-\-mdns
Register with mDNS as a NTP server.
.sp
Registers as an NTP server with the local mDNS server which allows
the server to be discovered via mDNS client lookup.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
.nf
- \fBNTPD_<option-name>\fP or \fBNTPD\fP
+ \fBNTPD_<option\-name>\fP or \fBNTPD\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Ss "How NTP Operates"
The
.Xr ntp.conf 5 .
.Pp
Most operating systems and hardware of today incorporate a
-time-of-year (TOY) chip to maintain the time during periods when
+time\-of\-year (TOY) chip to maintain the time during periods when
the power is off.
When the machine is booted, the chip is used to
initialize the operating system time.
without discontinuities.
Under conditions of extreme network
congestion, the roundtrip delay jitter can exceed three seconds and
-the synchronization distance, which is equal to one-half the
+the synchronization distance, which is equal to one\-half the
roundtrip delay plus error budget terms, can become very large.
The
.Nm
.Fl x
option.
The maximum slew rate possible is limited
-to 500 parts-per-million (PPM) as a consequence of the correctness
+to 500 parts\-per\-million (PPM) as a consequence of the correctness
principles on which the NTP protocol and algorithm design are
based.
As a result, the local clock can take a long time to
.Pp
In spite of the above precautions, sometimes when large
frequency errors are present the resulting time offsets stray
-outside the 128-ms range and an eventual step or slew time
+outside the 128\-ms range and an eventual step or slew time
correction is required.
If following such a correction the
frequency error is so large that the first sample is outside the
.Pa ntp.drift
file then
.Xr ntpd 8
-will effectively "warm-start" and your system's clock will
+will effectively "warm\-start" and your system's clock will
be stable in under 11 seconds' time.
.Pp
As soon as possible in the startup sequence, start
.Cm dovecot
or database servers
that require
-monotonically-increasing time,
+monotonically\-increasing time,
run
-.Xr ntp-wait 8
+.Xr ntp\-wait 8
as late as possible in the boot sequence
(perhaps with the
.Fl v
flag)
and after
-.Xr ntp-wait 8
+.Xr ntp\-wait 8
exits successfully
it is as safe as it will ever be to start any process that require
stable time.
It normally operates continuously while
monitoring for small changes in frequency and trimming the clock
for the ultimate precision.
-However, it can operate in a one-time
+However, it can operate in a one\-time
mode where the time is set from an external server and frequency is
set from a previously recorded frequency file.
A
broadcast/multicast or manycast client can discover remote servers,
-compute server-client propagation delay correction factors and
+compute server\-client propagation delay correction factors and
configure itself automatically.
This makes it possible to deploy a
fleet of workstations without specifying configuration details
Then the
.Nm
is
-stopped and run in one-time mode as required.
+stopped and run in one\-time mode as required.
At each startup, the
frequency is read from the file and initializes the kernel
frequency.
Once this is done, the drift file is automatically
updated once per hour and is available to initialize the frequency
on subsequent daemon restarts.
-.Ss "The huff-n'-puff Filter"
+.Ss "The huff\-n'\-puff Filter"
In scenarios where a considerable amount of data are to be
downloaded or uploaded over telephone modems, timekeeping quality
can be seriously degraded.
step threshold and a step correction can occur during and after the
data transfer is in progress.
.Pp
-The huff-n'-puff filter is designed to correct the apparent time
+The huff\-n'\-puff filter is designed to correct the apparent time
offset in these cases.
It depends on knowledge of the propagation
delay when no other traffic is present.
Successful program execution.
.It 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The
.Nm
utility has gotten rather fat.
While not huge, it has gotten
-larger than might be desirable for an elevated-priority
+larger than might be desirable for an elevated\-priority
.Nm
running on a workstation, particularly since many of
the fancy features which consume the space were designed more with
a busy primary server, rather than a high stratum workstation in
mind.Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntpd\fP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntpd\fP
option definitions.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:09:56 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:03:32 AM by AutoGen 5.17.1pre11
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p344
+ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p345
USAGE: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:09:44 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:03:20 AM by AutoGen 5.17.1pre11
* From the definitions ntpdc-opts.def
* and the template file options
*
* ntpdc option static const strings
*/
static char const ntpdc_opt_strs[1862] =
-/* 0 */ "ntpdc 4.2.7p344\n"
+/* 0 */ "ntpdc 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1640 */ "no-load-opts\0"
/* 1653 */ "no\0"
/* 1656 */ "NTPDC\0"
-/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p344\n"
+/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1794 */ "$HOME\0"
/* 1800 */ ".\0"
/* 1802 */ ".ntprc\0"
/* 1809 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1843 */ "\n\n\0"
-/* 1846 */ "ntpdc 4.2.7p344";
+/* 1846 */ "ntpdc 4.2.7p345";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:09:44 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:03:20 AM by AutoGen 5.17.1pre11
* From the definitions ntpdc-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 15
-#define NTPDC_VERSION "4.2.7p344"
-#define NTPDC_FULL_VERSION "ntpdc 4.2.7p344"
+#define NTPDC_VERSION "4.2.7p345"
+#define NTPDC_FULL_VERSION "ntpdc 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpdc 1ntpdcman "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpdc 1ntpdcman "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:52 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:28 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.\"
.B .
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-i ", " -\-interactive
+.BR \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-l ", " -\-listpeers
+.BR \-l ", " \-\-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
.TP
-.BR \-n ", " -\-numeric
+.BR \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.TP
-.BR \-p ", " -\-peers
+.BR \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-s ", " -\-showpeers
+.BR \-s ", " \-\-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
If one or more request options are included on the command line
when
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
-preferred peer also determines the validity of the PPS signal - if
+preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
.TP
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPDC 1ntpdcmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:58 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:34 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ host ...]
.Pp
.Sh DESCRIPTION
.Nm .
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-i ", " -\-interactive
+.It \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-l ", " -\-listpeers
+.It \-l ", " \-\-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
-.It \-n ", " -\-numeric
+.It \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
-converting to the canonical host names.
-.It \-p ", " -\-peers
+converting to the canonical host names.
+.It \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-s ", " -\-showpeers
+.It \-s ", " \-\-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
of their state. This is equivalent to the 'dmpeers' interactive command.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPDC_<option-name>\fP or \fBNTPDC\fP
+ \fBNTPDC_<option\-name>\fP or \fBNTPDC\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
If one or more request options are included on the command line
when
.Ss "Control Message Commands"
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
-These are read-only commands
+These are read\-only commands
in that they make no modification of the server configuration
state.
.Bl -tag -width indent
A
.Ql \&+
denotes symmetric active, a
-.Ql \&-
+.Ql \&\-
indicates symmetric passive, a
.Ql \&=
means the
On
.Ic hostnames
.Cm no
-only IP-addresses
+only IP\-addresses
will be displayed.
.It Ic dmpeers
A slightly different peer summary list.
Most of these values are described in the NTP
Version 2 specification.
.It Ic pstats Ar peer_address Oo Ar ... Oc
-Show per-peer statistic counters associated with the specified
+Show per\-peer statistic counters associated with the specified
peer(s).
.It Ic clockinfo Ar clock_peer_address Oo Ar ... Oc
Obtain and print information concerning a peer clock.
values obtained provide information on the setting of fudge factors
and other clock performance information.
.It Ic kerninfo
-Obtain and print kernel phase-lock loop operating parameters.
+Obtain and print kernel phase\-lock loop operating parameters.
This information is available only if the kernel has been specially
modified for a precision timekeeping function.
.It Ic loopinfo Op Cm oneline | Cm multiline
loop filter by the packet processing code.
The
.Sq frequency
-is the frequency error of the local clock in parts-per-million
+is the frequency error of the local clock in parts\-per\-million
(ppm).
The
.Sq time_const
controls the stiffness of the
-phase-lock loop and thus the speed at which it can adapt to
+phase\-lock loop and thus the speed at which it can adapt to
oscillator drift.
The
.Sq watchdog timer
Print a variety of system state variables, i.e., state related
to the local server.
All except the last four lines are described
-in the NTP Version 3 specification, RFC-1305.
+in the NTP Version 3 specification, RFC\-1305.
.Pp
The
.Sq system flags
Print statistics counters related to memory allocation
code.
.It Ic iostats
-Print statistics counters maintained in the input-output
+Print statistics counters maintained in the input\-output
module.
.It Ic timerstats
Print statistics counters maintained in the timer/event queue
from topologically remote hosts.
While the reconfiguration facility
will work well with a server on the local host, and may work
-adequately between time-synchronized hosts on the same LAN, it will
+adequately between time\-synchronized hosts on the same LAN, it will
work very poorly for more distant hosts.
As such, if reasonable
passwords are chosen, care is taken in the distribution and
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
-preferred peer also determines the validity of the PPS signal - if
+preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
.It Xo Ic addserver Ar peer_address
parameter can be the broadcast
address of the local network or a multicast group address assigned
to NTP.
-If a multicast address, a multicast-capable kernel is
+If a multicast address, a multicast\-capable kernel is
required.
.It Ic unconfig Ar peer_address Oo Ar ... Oc
This command causes the configured bit to be removed from the
which is useful for testing.
The default for this flag is enable.
.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency
+Enables the pulse\-per\-second (PPS) signal when frequency
and time is disciplined by the precision time kernel modifications.
See the
.Qq A Kernel Model for Precision Timekeeping
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Sh AUTHORS
The formatting directives in this document came from FreeBSD.
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The
.Pp
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBntpdc\fP
+This manual page was \fIAutoGen\fP\-erated from the \fBntpdc\fP
option definitions.
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p344 of <code>ntpdc</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p344
+<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p345
USAGE: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
<p>Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
<dl>
<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-.TH ntpdc @NTPDC_MS@ "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpdc @NTPDC_MS@ "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:52 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:28 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.\"
.B .
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-i ", " -\-interactive
+.BR \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-l ", " -\-listpeers
+.BR \-l ", " \-\-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
.TP
-.BR \-n ", " -\-numeric
+.BR \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.TP
-.BR \-p ", " -\-peers
+.BR \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-s ", " -\-showpeers
+.BR \-s ", " \-\-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
If one or more request options are included on the command line
when
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
-preferred peer also determines the validity of the PPS signal - if
+preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
.TP
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPDC @NTPDC_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:09:58 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:03:34 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ host ...]
.Pp
.Sh DESCRIPTION
.Nm .
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-i ", " -\-interactive
+.It \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, listpeers, peers, showpeers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-l ", " -\-listpeers
+.It \-l ", " \-\-listpeers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary of
their state. This is equivalent to the 'listpeers' interactive command.
-.It \-n ", " -\-numeric
+.It \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
-converting to the canonical host names.
-.It \-p ", " -\-peers
+converting to the canonical host names.
+.It \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
command.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-s ", " -\-showpeers
+.It \-s ", " \-\-showpeers
Show a list of the peers.
This option must not appear in combination with any of the following options:
command.
of their state. This is equivalent to the 'dmpeers' interactive command.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPDC_<option-name>\fP or \fBNTPDC\fP
+ \fBNTPDC_<option\-name>\fP or \fBNTPDC\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
If one or more request options are included on the command line
when
.Ss "Control Message Commands"
Query commands result in NTP mode 7 packets containing requests for
information being sent to the server.
-These are read-only commands
+These are read\-only commands
in that they make no modification of the server configuration
state.
.Bl -tag -width indent
A
.Ql \&+
denotes symmetric active, a
-.Ql \&-
+.Ql \&\-
indicates symmetric passive, a
.Ql \&=
means the
On
.Ic hostnames
.Cm no
-only IP-addresses
+only IP\-addresses
will be displayed.
.It Ic dmpeers
A slightly different peer summary list.
Most of these values are described in the NTP
Version 2 specification.
.It Ic pstats Ar peer_address Oo Ar ... Oc
-Show per-peer statistic counters associated with the specified
+Show per\-peer statistic counters associated with the specified
peer(s).
.It Ic clockinfo Ar clock_peer_address Oo Ar ... Oc
Obtain and print information concerning a peer clock.
values obtained provide information on the setting of fudge factors
and other clock performance information.
.It Ic kerninfo
-Obtain and print kernel phase-lock loop operating parameters.
+Obtain and print kernel phase\-lock loop operating parameters.
This information is available only if the kernel has been specially
modified for a precision timekeeping function.
.It Ic loopinfo Op Cm oneline | Cm multiline
loop filter by the packet processing code.
The
.Sq frequency
-is the frequency error of the local clock in parts-per-million
+is the frequency error of the local clock in parts\-per\-million
(ppm).
The
.Sq time_const
controls the stiffness of the
-phase-lock loop and thus the speed at which it can adapt to
+phase\-lock loop and thus the speed at which it can adapt to
oscillator drift.
The
.Sq watchdog timer
Print a variety of system state variables, i.e., state related
to the local server.
All except the last four lines are described
-in the NTP Version 3 specification, RFC-1305.
+in the NTP Version 3 specification, RFC\-1305.
.Pp
The
.Sq system flags
Print statistics counters related to memory allocation
code.
.It Ic iostats
-Print statistics counters maintained in the input-output
+Print statistics counters maintained in the input\-output
module.
.It Ic timerstats
Print statistics counters maintained in the timer/event queue
from topologically remote hosts.
While the reconfiguration facility
will work well with a server on the local host, and may work
-adequately between time-synchronized hosts on the same LAN, it will
+adequately between time\-synchronized hosts on the same LAN, it will
work very poorly for more distant hosts.
As such, if reasonable
passwords are chosen, care is taken in the distribution and
keyword indicates a preferred peer (and thus will
be used primarily for clock synchronisation if possible).
The
-preferred peer also determines the validity of the PPS signal - if
+preferred peer also determines the validity of the PPS signal \- if
the preferred peer is suitable for synchronisation so is the PPS
signal.
.It Xo Ic addserver Ar peer_address
parameter can be the broadcast
address of the local network or a multicast group address assigned
to NTP.
-If a multicast address, a multicast-capable kernel is
+If a multicast address, a multicast\-capable kernel is
required.
.It Ic unconfig Ar peer_address Oo Ar ... Oc
This command causes the configured bit to be removed from the
which is useful for testing.
The default for this flag is enable.
.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency
+Enables the pulse\-per\-second (PPS) signal when frequency
and time is disciplined by the precision time kernel modifications.
See the
.Qq A Kernel Model for Precision Timekeeping
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "SEE ALSO"
.Xr ntp.conf 5 ,
.Sh AUTHORS
The formatting directives in this document came from FreeBSD.
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
The
.Pp
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBntpdc\fP
+This manual page was \fIAutoGen\fP\-erated from the \fBntpdc\fP
option definitions.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:10:28 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:04:04 AM by AutoGen 5.17.1pre11
# From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpq - standard NTP query program - Ver. 4.2.7p344
+ntpq - standard NTP query program - Ver. 4.2.7p345
USAGE: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:02 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:03:37 AM by AutoGen 5.17.1pre11
* From the definitions ntpq-opts.def
* and the template file options
*
* ntpq option static const strings
*/
static char const ntpq_opt_strs[1833] =
-/* 0 */ "ntpq 4.2.7p344\n"
+/* 0 */ "ntpq 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1627 */ "no-load-opts\0"
/* 1640 */ "no\0"
/* 1643 */ "NTPQ\0"
-/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p344\n"
+/* 1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1769 */ "$HOME\0"
/* 1775 */ ".\0"
/* 1777 */ ".ntprc\0"
/* 1784 */ "http://bugs.ntp.org, bugs@ntp.org\0"
-/* 1818 */ "ntpq 4.2.7p344";
+/* 1818 */ "ntpq 4.2.7p345";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:02 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:03:36 AM by AutoGen 5.17.1pre11
* From the definitions ntpq-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 14
-#define NTPQ_VERSION "4.2.7p344"
-#define NTPQ_FULL_VERSION "ntpq 4.2.7p344"
+#define NTPQ_VERSION "4.2.7p345"
+#define NTPQ_FULL_VERSION "ntpq 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpq 1ntpqman "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpq 1ntpqman "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:24 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:00 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
a timeout will be twice the timeout value set.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-p ", " -\-peers
+.BR \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-i ", " -\-interactive
+.BR \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-n ", " -\-numeric
+.BR \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.TP
.BR \-\-old\-rv
Always output status line with readvar.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPQ 1ntpqmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:30 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:06 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ host ...]
.Pp
.Sh DESCRIPTION
The program may be run either in interactive mode or controlled using
command line arguments.
Requests to read and write arbitrary
-variables can be assembled, with raw and pretty-printed output
+variables can be assembled, with raw and pretty\-printed output
options being available.
The
.Nm
command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
-be comma-separated and not contain white space.
+be comma\-separated and not contain white space.
The
.Ic rmvars
command can be used to remove individual variables from the list,
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-p ", " -\-peers
+.It \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-i ", " -\-interactive
+.It \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-n ", " -\-numeric
+.It \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.It \-\-old\-rv
Always output status line with readvar.
.sp
newer ntpq to behave identically in this regard.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPQ_<option-name>\fP or \fBNTPQ\fP
+ \fBNTPQ_<option\-name>\fP or \fBNTPQ\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "FILES"
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBntpq\fP
+This manual page was \fIAutoGen\fP\-erated from the \fBntpq\fP
option definitions.
and determine the performance of
<code>ntpd</code>, the NTP daemon.
- <p>This document applies to version 4.2.7p344 of <code>ntpq</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntpq</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
<p>Specifying a
command line option other than
-<code>-i</code> or
-<code>-n</code> will
+<code>-i</code>
+or
+<code>-n</code>
+will
cause the specified query (queries) to be sent to the indicated
host(s) immediately.
Otherwise,
<h3 class="section">Internal Commands</h3>
-<p>Internal Commands
-Interactive format commands consist of a keyword followed by zero
+<p>Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
uniquely identify the command need be typed.
requests being sent to a server.
These are described following.
<dl>
-<dt><span class="samp">Ic</span><br><dt><span class="samp">Ic</span><dd>A
-\&?
+<dt>? [<kbd>command_keyword</kbd>]<br><dt><code>help</code> [<kbd>command_keyword</kbd>]<dd>A
+?
by itself will print a list of all the command
keywords known to this incarnation of
<code>ntpq</code>.
A
-\&?
+?
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
<code>ntpq</code>
than this manual
page.
-<br><dt><span class="samp">Ic</span><dd><code>...</code> <br><dt><span class="samp">Ic</span><br><dt><span class="samp">Ic</span><dd>The data carried by NTP mode 6 messages consists of a list of
+<br><dt><code>addvars</code> <kbd>variable_name</kbd>[<code>=value</code>]<dd><code>...</code>
+
+ <p>rmvars<kbd>variable_name</kbd><code>...</code>
+clearvars
+The data carried by NTP mode 6 messages consists of a list of
items of the form
variable_name=value,
where the
<code>ntpq</code>
utility maintains an internal list in which data to be included in control
messages can be assembled, and sent using the
-<code>readlist</code> and
-<code>writelist</code> commands described below.
+<code>readlist</code>
+and
+<code>writelist</code>
+commands described below.
The
-<code>addvars</code> command allows variables and their optional values to be added to
+<code>addvars</code>
+command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
be comma-separated and not contain white space.
The
-<code>rmvars</code> command can be used to remove individual variables from the list,
+<code>rmvars</code>
+command can be used to remove individual variables from the list,
while the
-<code>clearlist</code> command removes all variables from the
+<code>clearlist</code>
+command removes all variables from the
list.
-<br><dt><span class="samp">Ic</span><dd>Normally
+authenticate[yes]|no
+Normally
<code>ntpq</code>
does not authenticate requests unless
they are write requests.
The command
-authenticate yes
+authenticateyes
causes
<code>ntpq</code>
to send authentication with all requests it
Authenticated requests causes some servers to handle
requests slightly differently, and can occasionally melt the CPU in
fuzzballs if you turn authentication on before doing a
-<code>peer</code> display.
+<code>peer</code>
+display.
The command
authenticate
causes
to display whether or not
<code>ntpq</code>
is currently autheinticating requests.
-<br><dt><span class="samp">Ic</span><dd>Causes output from query commands to be "cooked", so that
+cooked
+Causes output from query commands to be "cooked", so that
variables which are recognized by
<code>ntpq</code>
will have their
<code>ntpq</code>
thinks should have a decodable value but didn't are
marked with a trailing
-\&?.
-<br><dt><span class="samp">Xo</span><dd><code>debug</code> .Oo
-<code>more</code> | <code>less</code> | <code>off</code> .Oc
+?.
+debugOo<code>more</code>|<code>less</code>|<code>off</code>Oc
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
-<br><dt><span class="samp">Ic</span><dd>Specify a time interval to be added to timestamps included in
+delay<kbd>milliseconds</kbd>
+Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
(unreliable) server reconfiguration over long delay network paths
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
-<br><dt><span class="samp">Ic</span><dd>Set the host to which future queries will be sent.
-<code>hostname</code> may be either a host name or a numeric address.
-<br><dt><span class="samp">Ic</span><dd>If
-<code>yes</code> is specified, host names are printed in
+host<kbd>hostname</kbd>
+Set the host to which future queries will be sent.
+<kbd>hostname</kbd>
+may be either a host name or a numeric address.
+hostnames[<code>yes</code>|<code>Cm</code><code>no</code>]
+If
+<code>yes</code>
+is specified, host names are printed in
information displays.
If
-<code>no</code> is specified, numeric
+<code>no</code>
+is specified, numeric
addresses are printed instead.
The default is
-<code>yes</code>, unless
+<code>yes</code>,
+unless
modified using the command line
-<code>-n</code> switch.
-<br><dt><span class="samp">Ic</span><dd>This command allows the specification of a key number to be
+<code>-n</code>
+switch.
+keyid<kbd>keyid</kbd>
+This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to a key number the server has been configured to use for this
purpose.
-<br><dt><span class="samp">Ic</span><dd><code>1</code> | <code>2</code> | <code>3</code> | <code>4</code> .Oc
-Sets the NTP version number which
+ntpversion<code>Oo</code>
+<code>1</code>|
+<code>2</code>|
+<code>3</code>|
+<code>4</code>
+Oc
+
+ <p>Sets the NTP version number which
<code>ntpq</code>
claims in
packets.
to be no servers left which demand version 1.
With no argument, displays the current NTP version that will be used
when communicating with servers.
-<br><dt><span class="samp">Ic</span><dd>Exit
+quit
+Exit
<code>ntpq</code>
-<br><dt><span class="samp">Ic</span><dd>This command prompts you to type in a password (which will not
+passwd
+This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
-<br><dt><span class="samp">Ic</span><dd>Causes all output from query commands is printed as received
+raw
+Causes all output from query commands is printed as received
from the remote server.
The only formating/interpretation done on
the data is to transform nonascii data into a printable (but barely
understandable) form.
-<br><dt><span class="samp">Ic</span><dd>Specify a timeout period for responses to server queries.
+timeout<kbd>milliseconds</kbd>
+Specify a timeout period for responses to server queries.
The
default is about 5000 milliseconds.
Note that since
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntpq - standard NTP query program - Ver. 4.2.7p343
+<pre class="example">ntpq - standard NTP query program - Ver. 4.2.7p344
USAGE: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution
-.TH ntpq @NTPQ_MS@ "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpq @NTPQ_MS@ "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:24 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:00 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl
.\"
a timeout will be twice the timeout value set.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
and is added to the list of commands to be executed on the specified
host(s).
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-p ", " -\-peers
+.BR \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
.TP
-.BR \-i ", " -\-interactive
+.BR \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
.TP
-.BR \-n ", " -\-numeric
+.BR \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.TP
.BR \-\-old\-rv
Always output status line with readvar.
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "FILES"
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPQ @NTPQ_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:30 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:06 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
[ host ...]
.Pp
.Sh DESCRIPTION
The program may be run either in interactive mode or controlled using
command line arguments.
Requests to read and write arbitrary
-variables can be assembled, with raw and pretty-printed output
+variables can be assembled, with raw and pretty\-printed output
options being available.
The
.Nm
command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
-be comma-separated and not contain white space.
+be comma\-separated and not contain white space.
The
.Ic rmvars
command can be used to remove individual variables from the list,
.El
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
The following argument is interpreted as an interactive format command
and is added to the list of commands to be executed on the specified
host(s).
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-p ", " -\-peers
+.It \-p ", " \-\-peers
Print a list of the peers.
This option must not appear in combination with any of the following options:
interactive.
.sp
Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
-.It \-i ", " -\-interactive
+.It \-i ", " \-\-interactive
Force ntpq to operate in interactive mode.
This option must not appear in combination with any of the following options:
command, peers.
.sp
Force ntpq to operate in interactive mode. Prompts will be written
to the standard output and commands read from the standard input.
-.It \-n ", " -\-numeric
+.It \-n ", " \-\-numeric
numeric host addresses.
.sp
Output all host addresses in dotted\-quad numeric format rather than
-converting to the canonical host names.
+converting to the canonical host names.
.It \-\-old\-rv
Always output status line with readvar.
.sp
newer ntpq to behave identically in this regard.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPQ_<option-name>\fP or \fBNTPQ\fP
+ \fBNTPQ_<option\-name>\fP or \fBNTPQ\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "FILES"
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBntpq\fP
+This manual page was \fIAutoGen\fP\-erated from the \fBntpq\fP
option definitions.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:10:45 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:04:19 AM by AutoGen 5.17.1pre11
# From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p344
+ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p345
USAGE: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-n no nofork Do not fork
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
please fill me in...
@end table
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version 4.2.7p345 of NTP.
@node ntpsnmpd Authors
@subsection ntpsnmpd Authors
Heiko Gerstung@*
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:33 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:04:08 AM by AutoGen 5.17.1pre11
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
* ntpsnmpd option static const strings
*/
static char const ntpsnmpd_opt_strs[1561] =
-/* 0 */ "ntpsnmpd 4.2.7p344\n"
+/* 0 */ "ntpsnmpd 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 1360 */ "no-load-opts\0"
/* 1373 */ "no\0"
/* 1376 */ "NTPSNMPD\0"
-/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p344\n"
+/* 1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1490 */ "$HOME\0"
/* 1496 */ ".\0"
/* 1498 */ ".ntprc\0"
/* 1505 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1539 */ "\n\n\0"
-/* 1542 */ "ntpsnmpd 4.2.7p344";
+/* 1542 */ "ntpsnmpd 4.2.7p345";
/*
* nofork option description:
/*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:33 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:04:08 AM by AutoGen 5.17.1pre11
* From the definitions ntpsnmpd-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 8
-#define NTPSNMPD_VERSION "4.2.7p344"
-#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p344"
+#define NTPSNMPD_VERSION "4.2.7p345"
+#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntpsnmpd 1ntpsnmpdman "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpsnmpd 1ntpsnmpdman "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:41 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:16 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
.Xr ntpd 1ntpdmdoc .
.SH "OPTIONS"
.TP
-.BR \-n ", " -\-nofork
+.BR \-n ", " \-\-nofork
Do not fork.
.sp
.TP
-.BR \-p ", " -\-syslog
+.BR \-p ", " \-\-syslog
Log to syslog().
.sp
.TP
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.B
currently uses a private MIB OID,
If you have
.Xr snmpwalk 1
installed you can run
-.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
and their current values.
.SH "ENVIRONMENT"
.BR Li ntpEntTimeDistance
please fill me in...
.PP
-This document corresponds to version @VERSION@ of NTP.
-.PP
+This document corresponds to version 4.2.7p345 of NTP..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:47 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:21 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
.Xr ntpd 1ntpdmdoc .
.Sh "OPTIONS"
.Bl -tag
-.It \-n ", " -\-nofork
+.It \-n ", " \-\-nofork
Do not fork.
.sp
-.sp
-.It \-p ", " -\-syslog
+.It \-p ", " \-\-syslog
Log to syslog().
.sp
-.sp
.It \-\-agentxsocket "=\fIstring\fP"
The socket address ntpsnmpd uses to connect to net\-snmpd.
The default \fIstring\fP for this option is:
Another common alternative is \fItcp:localhost:705\fP.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPSNMPD_<option-name>\fP or \fBNTPSNMPD\fP
+ \fBNTPSNMPD_<option\-name>\fP or \fBNTPSNMPD\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Nm
currently uses a private MIB OID,
If you have
.Xr snmpwalk 1
installed you can run
-.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
and their current values.
.Sh "ENVIRONMENT"
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Heiko Gerstung"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
please fill me in...
.El
.Pp
-This document corresponds to version @VERSION@ of NTP.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
+This document corresponds to version 4.2.7p345 of NTP..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntpsnmpd\fP
option definitions.
<p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code>
operations and determine performance. It uses the standard NTP mode 6 control
- <p>This document applies to version 4.2.7p344 of <code>ntpsnmpd</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntpsnmpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description
-.TH ntpsnmpd @NTPSNMPD_MS@ "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH ntpsnmpd @NTPSNMPD_MS@ "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:41 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:16 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl
.\"
.Xr ntpd @NTPD_MS@ .
.SH "OPTIONS"
.TP
-.BR \-n ", " -\-nofork
+.BR \-n ", " \-\-nofork
Do not fork.
.sp
.TP
-.BR \-p ", " -\-syslog
+.BR \-p ", " \-\-syslog
Log to syslog().
.sp
.TP
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.B
currently uses a private MIB OID,
If you have
.Xr snmpwalk 1
installed you can run
-.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
and their current values.
.SH "ENVIRONMENT"
.BR Li ntpEntTimeDistance
please fill me in...
.PP
-This document corresponds to version @VERSION@ of NTP.
-.PP
+This document corresponds to version 4.2.7p345 of NTP..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:10:47 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:21 AM by AutoGen 5.17.1pre11
.\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
.Xr ntpd @NTPD_MS@ .
.Sh "OPTIONS"
.Bl -tag
-.It \-n ", " -\-nofork
+.It \-n ", " \-\-nofork
Do not fork.
.sp
-.sp
-.It \-p ", " -\-syslog
+.It \-p ", " \-\-syslog
Log to syslog().
.sp
-.sp
.It \-\-agentxsocket "=\fIstring\fP"
The socket address ntpsnmpd uses to connect to net\-snmpd.
The default \fIstring\fP for this option is:
Another common alternative is \fItcp:localhost:705\fP.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTPSNMPD_<option-name>\fP or \fBNTPSNMPD\fP
+ \fBNTPSNMPD_<option\-name>\fP or \fBNTPSNMPD\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Nm
currently uses a private MIB OID,
If you have
.Xr snmpwalk 1
installed you can run
-.Dl % snmpwalk -v2c -c public localhost enterprises.5597.99
+.Dl % snmpwalk \-v2c \-c public localhost enterprises.5597.99
to see a list of all currently supported NTP MIB objects
and their current values.
.Sh "ENVIRONMENT"
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Heiko Gerstung"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
please fill me in...
.El
.Pp
-This document corresponds to version @VERSION@ of NTP.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntpsnmpd\fP
+This document corresponds to version 4.2.7p345 of NTP..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntpsnmpd\fP
option definitions.
# - Numeric values increment
# - empty 'increments' to 1
# - NEW 'increments' to empty
-point=344
+point=345
### betapoint is normally modified by script.
# ntp-stable Beta number (betapoint)
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:06:56 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:00:34 AM by AutoGen 5.17.1pre11
# From the definitions ntp-wait-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
+/deacon/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
running under Perl version 5.8.8.
Usage: ntp-wait [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
Harlan Stenn@*
@node ntp-wait Notes
@subsection ntp-wait Notes
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version 4.2.7p345 of NTP.
-.TH ntp-wait 1ntp-waitman "03 Jan 2013" "ntp (4.2.7p344)" "User Commands"
+.TH ntp-wait 1ntp-waitman "04 Jan 2013" "ntp (4.2.7p345)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:06:52 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:00:30 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-wait-opts.def
.\" and the template file agman-cmd.tpl
.\"
We will sleep for \fIsecs-between-tries\fP after each query of ntpd
that returns "the time is not yet stable".
.TP
-.BR \-v ", " -\-
+.BR \-v ", " \-\-
Be verbose.
.sp
By default, ntp-wait is silent. With this option, ntp-wait
\fBNTP_WAIT_<option-name>\fP or \fBNTP_WAIT\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "EXIT STATUS"
.TP
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH AUTHORS
.An "Harlan Stenn"
.SH "COPYRIGHT"
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-.PP
+This document corresponds to version 4.2.7p345 of NTP..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp-wait\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_WAIT 1ntp-waitmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:06:58 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:00:36 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-wait-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
.Sh DESCRIPTION
.Nm
will send at most
-.Ar num-tries
+.Ar num\-tries
queries to
.Xr ntpd 8 ,
sleeping for
-.Ar secs-between-tries
+.Ar secs\-between\-tries
after each status return that says
.Xr ntpd 8
has not yet produced a synchronized and stable system clock.
.sp
We will sleep for \fIsecs\-between\-tries\fP after each query of ntpd
that returns "the time is not yet stable".
-.It \-v ", " -\-
+.It \-v ", " \-\-
Be verbose.
.sp
By default, ntp\-wait is silent. With this option, ntp\-wait
will provide status information.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
.nf
- \fBNTP_WAIT_<option-name>\fP or \fBNTP_WAIT\fP
+ \fBNTP_WAIT_<option\-name>\fP or \fBNTP_WAIT\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "EXIT STATUS"
Successful program execution.
.It 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Harlan Stenn"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp-wait\fP
+This document corresponds to version 4.2.7p345 of NTP..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp\-wait\fP
option definitions.
and only then start any applicaitons (like database servers) that require
accurate and stable time.
- <p>This document applies to version 4.2.7p344 of <code>ntp-wait</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntp-wait</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
+<pre class="example">/deacon/backroom/snaps/ntp-dev/A.snap/scripts/ntp-wait version [unknown] calling Getopt::Std::getopts (version 1.05 [paranoid]),
running under Perl version 5.8.8.
Usage: ntp-wait [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
<p>Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
<dl>
<dt><span class="samp">version</span><dd>Only print the version. This is the default.
<h4 class="subsection">ntp-wait Notes</h4>
-<p>This document corresponds to version of NTP.
+<p>This document corresponds to version 4.2.7p345 of NTP.
</body></html>
-.TH ntp-wait @NTP_WAIT_MS@ "03 Jan 2013" "ntp (4.2.7p344)" "User Commands"
+.TH ntp-wait @NTP_WAIT_MS@ "04 Jan 2013" "ntp (4.2.7p345)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:06:52 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:00:30 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-wait-opts.def
.\" and the template file agman-cmd.tpl
.\"
We will sleep for \fIsecs-between-tries\fP after each query of ntpd
that returns "the time is not yet stable".
.TP
-.BR \-v ", " -\-
+.BR \-v ", " \-\-
Be verbose.
.sp
By default, ntp-wait is silent. With this option, ntp-wait
\fBNTP_WAIT_<option-name>\fP or \fBNTP_WAIT\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH "EXIT STATUS"
.TP
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.TP
+.BR 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen-users@lists.sourceforge.net. Thank you.
.SH AUTHORS
.An "Harlan Stenn"
.SH "COPYRIGHT"
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-.PP
+This document corresponds to version 4.2.7p345 of NTP..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp-wait\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:06:58 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:00:36 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-wait-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
.Sh DESCRIPTION
.Nm
will send at most
-.Ar num-tries
+.Ar num\-tries
queries to
.Xr ntpd 8 ,
sleeping for
-.Ar secs-between-tries
+.Ar secs\-between\-tries
after each status return that says
.Xr ntpd 8
has not yet produced a synchronized and stable system clock.
.sp
We will sleep for \fIsecs\-between\-tries\fP after each query of ntpd
that returns "the time is not yet stable".
-.It \-v ", " -\-
+.It \-v ", " \-\-
Be verbose.
.sp
By default, ntp\-wait is silent. With this option, ntp\-wait
will provide status information.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
.nf
- \fBNTP_WAIT_<option-name>\fP or \fBNTP_WAIT\fP
+ \fBNTP_WAIT_<option\-name>\fP or \fBNTP_WAIT\fP
.fi
.ad
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.Sh "EXIT STATUS"
Successful program execution.
.It 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error. Please report
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Harlan Stenn"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp-wait\fP
+This document corresponds to version 4.2.7p345 of NTP..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp\-wait\fP
option definitions.
#
# EDIT THIS FILE WITH CAUTION (invoke-sntp.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:11:33 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:05:18 AM by AutoGen 5.17.1pre11
# From the definitions sntp-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p344
+sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p345
USAGE: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
Dave Hart@*
@node sntp Notes
@subsection sntp Notes
-This document corresponds to version @VERSION@ of
+This document corresponds to version 4.2.7p345 of
@code{sntp}.
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:02:56 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 08:57:36 AM by AutoGen 5.17.1pre11
* From the definitions sntp-opts.def
* and the template file options
*
* sntp option static const strings
*/
static char const sntp_opt_strs[2500] =
-/* 0 */ "sntp 4.2.7p344\n"
+/* 0 */ "sntp 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2244 */ "LOAD_OPTS\0"
/* 2254 */ "no-load-opts\0"
/* 2267 */ "SNTP\0"
-/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p344\n"
+/* 2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ hostname-or-IP ...]\n\0"
/* 2433 */ "$HOME\0"
/* 2441 */ ".ntprc\0"
/* 2448 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2482 */ "\n\n\0"
-/* 2485 */ "sntp 4.2.7p344";
+/* 2485 */ "sntp 4.2.7p345";
/*
* ipv4 option description with
/*
* EDIT THIS FILE WITH CAUTION (sntp-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:02:55 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 08:57:36 AM by AutoGen 5.17.1pre11
* From the definitions sntp-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 23
-#define SNTP_VERSION "4.2.7p344"
-#define SNTP_FULL_VERSION "sntp 4.2.7p344"
+#define SNTP_VERSION "4.2.7p345"
+#define SNTP_FULL_VERSION "sntp 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH sntp 1sntpman "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH sntp 1sntpman "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:28 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:05:14 AM by AutoGen 5.17.1pre11
.\" From the definitions sntp-opts.def
.\" and the template file agman-cmd.tpl
.\"
of the host is reported.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
returned for the DNS lookup of the supplied host-name are on
different machines, so we can send concurrent queries.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.sp
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
-correction using \fBsettimeofday(2)\fP.
+correction using \fBsettimeofday(2)\fP.
.TP
.BR \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
Send \fBint\fP as our NTP protocol version.
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
.TP
-.BR \-r ", " -\-usereservedport
+.BR \-r ", " \-\-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
.TP
-.BR \-S ", " -\-step
+.BR \-S ", " \-\-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
.TP
-.BR \-s ", " -\-slew
+.BR \-s ", " \-\-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
.TP
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.TP
.BR Li "sntp ntpserver.somewhere"
and can be run as an unprivileged command
to check the current time and error in the local clock.
.TP
-.BR Li "sntp -a ntpserver.somewhere"
+.BR Li "sntp \-a ntpserver.somewhere"
With suitable privilege,
run as a command
or from a
.Xr cron 8
job,
-.Ic "sntp -a"
+.Ic "sntp \-a"
will reset the local clock from a synchronized specified server,
like the (deprecated)
.Xr ntpdate 1ntpdatemdoc ,
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of
-.B .
-.PP
+This document corresponds to version 4.2.7p345 of
+.B ..pp
This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt SNTP 1sntpmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:35 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:05:20 AM by AutoGen 5.17.1pre11
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
-[ hostname-or-IP ...]
+.Op Fl \-option\-name Ar value
+[ hostname\-or\-IP ...]
.Pp
.Sh DESCRIPTION
.Nm
.Pp
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
-.Ic "'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'"
+.Ic "'1996\-10\-15 20:17:25.123 (+0800) +4.567 +/\- 0.089 [host] IP sN'"
where the
.Ic "'(+0800)'"
means that to get to UTC from the reported local time one must
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic "'+/- 0.089'"
+.Ic "'+/\- 0.089'"
is the reported
.Em synchronization distance
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic "'+/- ?'" .
+.Ic "'+/\- ?'" .
If the
.Em host
is different from the
of the host is reported.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
as part of a DNS lookup are assumed to be for a single instance of
\fBntpd\fP, and therefore \fBsntp\fP will send queries to these IPs
one after another, with a 2\-second gap in between each query.
-.sp
The \fB\-c\fP or \fB\-\-concurrent\fP flag says that any IPs
returned for the DNS lookup of the supplied host\-name are on
different machines, so we can send concurrent queries.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
.It \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
KoD history filename.
The default \fIfile\-name\fP for this option is:
.ti +4
- /var/db/ntp-kod
+ /var/db/ntp\-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
.sp
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
-correction using \fBsettimeofday(2)\fP.
+correction using \fBsettimeofday(2)\fP.
.It \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
-.It \-r ", " -\-usereservedport
+.It \-r ", " \-\-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
-.It \-S ", " -\-step
+.It \-S ", " \-\-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
-.sp
-.It \-s ", " -\-slew
+.It \-s ", " \-\-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
-.sp
.It \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
The number of seconds to wait for responses.
This option takes an integer number as its argument.
If we are not setting the time, wait for all pending responses.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBSNTP_<option-name>\fP or \fBSNTP\fP
+ \fBSNTP_<option\-name>\fP or \fBSNTP\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Bl -tag -width indent
.It Li "sntp ntpserver.somewhere"
is the simplest use of this program
and can be run as an unprivileged command
to check the current time and error in the local clock.
-.It Li "sntp -a ntpserver.somewhere"
+.It Li "sntp \-a ntpserver.somewhere"
With suitable privilege,
run as a command
or from a
.Xr cron 8
job,
-.Ic "sntp -a"
+.Ic "sntp \-a"
will reset the local clock from a synchronized specified server,
like the (deprecated)
.Xr ntpdate 1ntpdatemdoc ,
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Johannes Maximilian Kuehn"
.An "Harlan Stenn"
.An "Dave Hart"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of
-.Nm .
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
+This document corresponds to version 4.2.7p345 of
+.Nm ..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBsntp\fP
option definitions.
clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job.
- <p>This document applies to version 4.2.7p344 of <code>sntp</code>.
+ <p>This document applies to version 4.2.7p345 of <code>sntp</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p344
+<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p345
USAGE: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
[ hostname-or-IP ...]
Flg Arg Option-Name Description
<p>Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
<dl>
<dt><span class="samp">version</span><dd>Only print the version. This is the default.
<h4 class="subsection">sntp Notes</h4>
-<p>This document corresponds to version of
+<p>This document corresponds to version 4.2.7p345 of
<code>sntp</code>.
<div class="node">
-.TH sntp @SNTP_MS@ "03 Jan 2013" "4.2.7p344" "User Commands"
+.TH sntp @SNTP_MS@ "04 Jan 2013" "4.2.7p345" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:28 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:05:14 AM by AutoGen 5.17.1pre11
.\" From the definitions sntp-opts.def
.\" and the template file agman-cmd.tpl
.\"
of the host is reported.
.SH "OPTIONS"
.TP
-.BR \-4 ", " -\-ipv4
+.BR \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
.TP
-.BR \-6 ", " -\-ipv6
+.BR \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
returned for the DNS lookup of the supplied host-name are on
different machines, so we can send concurrent queries.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
.sp
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
-correction using \fBsettimeofday(2)\fP.
+correction using \fBsettimeofday(2)\fP.
.TP
.BR \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
Send \fBint\fP as our NTP protocol version.
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
.TP
-.BR \-r ", " -\-usereservedport
+.BR \-r ", " \-\-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
.TP
-.BR \-S ", " -\-step
+.BR \-S ", " \-\-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
.TP
-.BR \-s ", " -\-slew
+.BR \-s ", " \-\-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
.TP
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
.TP
.BR Li "sntp ntpserver.somewhere"
and can be run as an unprivileged command
to check the current time and error in the local clock.
.TP
-.BR Li "sntp -a ntpserver.somewhere"
+.BR Li "sntp \-a ntpserver.somewhere"
With suitable privilege,
run as a command
or from a
.Xr cron 8
job,
-.Ic "sntp -a"
+.Ic "sntp \-a"
will reset the local clock from a synchronized specified server,
like the (deprecated)
.Xr ntpdate @NTPDATE_MS@ ,
.SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of
-.B .
-.PP
+This document corresponds to version 4.2.7p345 of
+.B ..pp
This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt SNTP @SNTP_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:35 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:05:20 AM by AutoGen 5.17.1pre11
.\" From the definitions sntp-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
-[ hostname-or-IP ...]
+.Op Fl \-option\-name Ar value
+[ hostname\-or\-IP ...]
.Pp
.Sh DESCRIPTION
.Nm
.Pp
The default is to write the estimated correct local date and time (i.e. not
UTC) to the standard output in a format like:
-.Ic "'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'"
+.Ic "'1996\-10\-15 20:17:25.123 (+0800) +4.567 +/\- 0.089 [host] IP sN'"
where the
.Ic "'(+0800)'"
means that to get to UTC from the reported local time one must
(so 4.567 seconds must be added to the local clock to get it to be correct).
Note that the number of decimals printed for this value will change
based on the reported precision of the server.
-.Ic "'+/- 0.089'"
+.Ic "'+/\- 0.089'"
is the reported
.Em synchronization distance
(in seconds), which represents the maximum error due to all causes.
If the server does not report valid data needed to calculate the
synchronization distance, this will be reported as
-.Ic "'+/- ?'" .
+.Ic "'+/\- ?'" .
If the
.Em host
is different from the
of the host is reported.
.Sh "OPTIONS"
.Bl -tag
-.It \-4 ", " -\-ipv4
+.It \-4 ", " \-\-ipv4
Force IPv4 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv6.
.sp
Force DNS resolution of the following host names on the command line
to the IPv4 namespace.
-.It \-6 ", " -\-ipv6
+.It \-6 ", " \-\-ipv6
Force IPv6 DNS name resolution.
This option must not appear in combination with any of the following options:
ipv4.
as part of a DNS lookup are assumed to be for a single instance of
\fBntpd\fP, and therefore \fBsntp\fP will send queries to these IPs
one after another, with a 2\-second gap in between each query.
-.sp
The \fB\-c\fP or \fB\-\-concurrent\fP flag says that any IPs
returned for the DNS lookup of the supplied host\-name are on
different machines, so we can send concurrent queries.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
.It \-g " \fImilliseconds\fP, " \-\-gap "=" \fImilliseconds\fP
The gap (in milliseconds) between time requests.
This option takes an integer number as its argument.
KoD history filename.
The default \fIfile\-name\fP for this option is:
.ti +4
- /var/db/ntp-kod
+ /var/db/ntp\-kod
.sp
Specifies the filename to be used for the persistent history of KoD
responses received from servers.
.sp
If the time adjustment is less than \fIsteplimit\fP milliseconds,
slew the amount using \fBadjtime(2)\fP. Otherwise, step the
-correction using \fBsettimeofday(2)\fP.
+correction using \fBsettimeofday(2)\fP.
.It \-o " \fInumber\fP, " \-\-ntpversion "=" \fInumber\fP
Send \fBint\fP as our NTP protocol version.
This option takes an integer number as its argument.
.sp
When sending requests to a remote server, tell them we are running
NTP protocol version \fIntpversion\fP .
-.It \-r ", " -\-usereservedport
+.It \-r ", " \-\-usereservedport
Use the NTP Reserved Port (port 123).
.sp
Use port 123, which is reserved for NTP, for our network
communications.
-.It \-S ", " -\-step
+.It \-S ", " \-\-step
OK to 'step' the time with \fBsettimeofday(2)\fP.
.sp
-.sp
-.It \-s ", " -\-slew
+.It \-s ", " \-\-slew
OK to 'slew' the time with \fBadjtime(2)\fP.
.sp
-.sp
.It \-t " \fIseconds\fP, " \-\-timeout "=" \fIseconds\fP
The number of seconds to wait for responses.
This option takes an integer number as its argument.
If we are not setting the time, wait for all pending responses.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBSNTP_<option-name>\fP or \fBSNTP\fP
+ \fBSNTP_<option\-name>\fP or \fBSNTP\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
.Bl -tag -width indent
.It Li "sntp ntpserver.somewhere"
is the simplest use of this program
and can be run as an unprivileged command
to check the current time and error in the local clock.
-.It Li "sntp -a ntpserver.somewhere"
+.It Li "sntp \-a ntpserver.somewhere"
With suitable privilege,
run as a command
or from a
.Xr cron 8
job,
-.Ic "sntp -a"
+.Ic "sntp \-a"
will reset the local clock from a synchronized specified server,
like the (deprecated)
.Xr ntpdate @NTPDATE_MS@ ,
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh AUTHORS
.An "Johannes Maximilian Kuehn"
.An "Harlan Stenn"
.An "Dave Hart"
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of
-.Nm .
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBsntp\fP
+This document corresponds to version 4.2.7p345 of
+.Nm ..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBsntp\fP
option definitions.
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi)
#
-# It has been AutoGen-ed January 3, 2013 at 01:11:09 PM by AutoGen 5.17.1pre11
+# It has been AutoGen-ed January 4, 2013 at 09:04:41 AM by AutoGen 5.17.1pre11
# From the definitions ntp-keygen-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@exampleindent 0
@example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p344
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p345
USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
Print the program version to standard out, optionally with licensing
information, then exit 0. The optional argument specifies how much licensing
-detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the
-first letter of the argument is examined:
+detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument.
+Only the first letter of the argument is examined:
@table @samp
@item version
as the write password by default.
@node ntp-keygen Notes
@subsection ntp-keygen Notes
-This document corresponds to version @VERSION@ of NTP.
+This document corresponds to version 4.2.7p345 of NTP.
Portions of this document came from FreeBSD.
@node ntp-keygen Bugs
@subsection ntp-keygen Bugs
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:51 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:04:25 AM by AutoGen 5.17.1pre11
* From the definitions ntp-keygen-opts.def
* and the template file options
*
* ntp-keygen option static const strings
*/
static char const ntp_keygen_opt_strs[2358] =
-/* 0 */ "ntp-keygen (ntp) 4.2.7p344\n"
+/* 0 */ "ntp-keygen (ntp) 4.2.7p345\n"
"Copyright (C) 1970-2013 The University of Delaware, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
/* 2136 */ "no-load-opts\0"
/* 2149 */ "no\0"
/* 2152 */ "NTP_KEYGEN\0"
-/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p344\n"
+/* 2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p345\n"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 2279 */ "$HOME\0"
/* 2285 */ ".\0"
/* 2287 */ ".ntprc\0"
/* 2294 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 2328 */ "\n\n\0"
-/* 2331 */ "ntp-keygen (ntp) 4.2.7p344";
+/* 2331 */ "ntp-keygen (ntp) 4.2.7p345";
/*
* imbits option description:
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed January 3, 2013 at 01:10:51 PM by AutoGen 5.17.1pre11
+ * It has been AutoGen-ed January 4, 2013 at 09:04:25 AM by AutoGen 5.17.1pre11
* From the definitions ntp-keygen-opts.def
* and the template file options
*
} teOptIndex;
#define OPTION_CT 26
-#define NTP_KEYGEN_VERSION "4.2.7p344"
-#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p344"
+#define NTP_KEYGEN_VERSION "4.2.7p345"
+#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.7p345"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
-.TH ntp-keygen 1ntp-keygenman "03 Jan 2013" "ntp (4.2.7p344)" "User Commands"
+.TH ntp-keygen 1ntp-keygenman "04 Jan 2013" "ntp (4.2.7p345)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:02 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:36 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.\"
equivalent to "@code{-C des-ede3-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-e ", " -\-id\-key
+.BR \-e ", " \-\-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
.TP
-.BR \-G ", " -\-gq\-params
+.BR \-G ", " \-\-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
.TP
-.BR \-H ", " -\-host\-key
+.BR \-H ", " \-\-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
.TP
-.BR \-I ", " -\-iffkey
+.BR \-I ", " \-\-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
is also a part of the self-signed host certificate's subject and
issuer names in the form \fBhost@group\fP and should match the
'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
-\fBntpd\fP's configuration file.
+\fBntpd\fP's configuration file.
.TP
.BR \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
set certificate lifetime.
.sp
Set the certificate expiration to lifetime days from now.
.TP
-.BR \-M ", " -\-md5key
+.BR \-M ", " \-\-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.sp
The number of bits in the prime modulus. The default is 512.
.TP
-.BR \-P ", " -\-pvt\-cert
+.BR \-P ", " \-\-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
.TP
-.BR \-T ", " -\-trusted\-cert
+.BR \-T ", " \-\-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
The
p Ar password
.PP
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:11 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:43 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
digital signature and challenge/response identification algorithms
compatible with the Internet standard security infrastructure.
.Pp
-All files are in PEM-encoded printable ASCII format,
+All files are in PEM\-encoded printable ASCII format,
so they can be embedded as MIME attachments in mail to other sites
and certificate authorities.
By default, files are not encrypted.
.Pp
When used to generate message digest keys, the program produces a file
-containing ten pseudo-random printable ASCII strings suitable for the
+containing ten pseudo\-random printable ASCII strings suitable for the
MD5 message digest algorithm included in the distribution.
If the OpenSSL library is installed, it produces an additional ten
-hex-encoded random bit strings suitable for the SHA1 and other message
+hex\-encoded random bit strings suitable for the SHA1 and other message
digest algorithms.
The message digest keys file must be distributed and stored
using secure means beyond the scope of NTP itself.
Other files and links are usually installed in
.Pa /usr/local/etc ,
which is normally in a shared filesystem in
-NFS-mounted networks and cannot be changed by shared clients.
+NFS\-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
.Ar keysdir
configuration command in such cases.
have been removed, use the
.Nm
command without arguments to generate a
-default RSA host key and matching RSA-MD5 certificate with expiration
+default RSA host key and matching RSA\-MD5 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
this program is run.
-This of course creates a chicken-and-egg problem
+This of course creates a chicken\-and\-egg problem
when the host is started for the first time.
Accordingly, the host time
-should be set by some other means, such as eyeball-and-wristwatch, at
+should be set by some other means, such as eyeball\-and\-wristwatch, at
least so that the certificate lifetime is within the current year.
After that and when the host is synchronized to a proventic source, the
-certificate should be re-generated.
+certificate should be re\-generated.
.Pp
Additional information on trusted groups and identity schemes is on the
-.Dq Autokey Public-Key Authentication
+.Dq Autokey Public\-Key Authentication
page.
.Pp
The
All files are installed by default in the keys directory
.Pa /usr/local/etc ,
which is normally in a shared filesystem
-in NFS-mounted networks.
+in NFS\-mounted networks.
The actual location of the keys directory
and each file can be overridden by configuration commands,
but this is not recommended.
.Pp
Normally, files containing private values,
including the host key, sign key and identification parameters,
-are permitted root read/write-only;
+are permitted root read/write\-only;
while others containing public values are permitted world readable.
Alternatively, files containing private values can be encrypted
and these files permitted world readable,
or if all
.Cm ntpkey
files have been removed,
-the program generates a RSA host key file and matching RSA-MD5 certificate file,
+the program generates a RSA host key file and matching RSA\-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
to the respective files.
environment variable used by the OpenSSL library as the path to
.Cm /.rnd .
.Pp
-Installing the keys as root might not work in NFS-mounted
+Installing the keys as root might not work in NFS\-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
All files are installed by default in the keys directory
.Pa /usr/local/etc ,
which is normally in a shared filesystem
-in NFS-mounted networks.
+in NFS\-mounted networks.
The actual location of the keys directory
and each file can be overridden by configuration commands,
but this is not recommended.
.Pp
Normally, files containing private values,
including the host key, sign key and identification parameters,
-are permitted root read/write-only;
+are permitted root read/write\-only;
while others containing public values are permitted world readable.
Alternatively, files containing private values can be encrypted
and these files permitted world readable,
or if all
.Cm ntpkey
files have been removed,
-the program generates a RSA host key file and matching RSA-MD5 certificate file,
+the program generates a RSA host key file and matching RSA\-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
to the respective files.
environment variable used by the OpenSSL library as the path to
.Cm /.rnd .
.Pp
-Installing the keys as root might not work in NFS-mounted
+Installing the keys as root might not work in NFS\-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
.Xr ntp.conf 5 .
The default cryptotype uses RSA encryption, MD5 message digest
and TC identification.
-First, configure a NTP subnet including one or more low-stratum
+First, configure a NTP subnet including one or more low\-stratum
trusted hosts from which all other hosts derive synchronization
directly or indirectly.
Trusted hosts have trusted certificates;
.Cm RSA
or
.Cm DSA .
-The most often need to do this is when a DSA-signed certificate is used.
+The most often need to do this is when a DSA\-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
.Nm
to generate the host key file
.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
and trusted private certificate file
-.Pa ntpkey_RSA-MD5_cert_ Ns Ar alice.filestamp .
+.Pa ntpkey_RSA\-MD5_cert_ Ns Ar alice.filestamp .
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
The
.Ar scheme
can be one of the following:
-. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
+. Cm RSA\-MD2 , RSA\-MD5 , RSA\-SHA , RSA\-SHA1 , RSA\-MDC2 , RSA\-RIPEMD160 , DSA\-SHA ,
or
-.Cm DSA-SHA1 .
+.Cm DSA\-SHA1 .
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-.Cm RSA-MD5 .
+.Cm RSA\-MD5 .
.It Fl d
Enable debugging.
-This option displays the cryptographic data produced in eye-friendly billboards.
+This option displays the cryptographic data produced in eye\-friendly billboards.
.It Fl e
Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
.It Fl p Ar password
Encrypt generated files containing private data with
.Ar password
-and the DES-CBC algorithm.
+and the DES\-CBC algorithm.
.It Fl q
Set the password for reading files to password.
.It Fl S Oo Cm RSA | DSA Oc
and in the file name for identity files.
.It Fl T
Generate a trusted certificate.
-By default, the program generates a non-trusted certificate.
+By default, the program generates a non\-trusted certificate.
.It Fl V Ar nkeys
-Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+Generate parameters and keys for the Mu\-Varadharajan (MV) identification scheme.
.El
.Ss Random Seed File
All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
-the internal pseudo-random number generator used
+the internal pseudo\-random number generator used
by the library routines.
The OpenSSL library uses a designated random seed file for this purpose.
The file must be available when starting the NTP daemon and
for each generation, for otherwise the random number sequence
would be predictable.
Various means dependent on external events, such as keystroke intervals,
-can be used to do this and some systems have built-in entropy sources.
+can be used to do this and some systems have built\-in entropy sources.
Suitable means are described in the OpenSSL software documentation,
but are outside the scope of this page.
.Pp
.Xr ntpd 1ntpdmdoc
daemon.
Cryptographic values are encoded first using ASN.1 rules,
-then encrypted if necessary, and finally written PEM-encoded
+then encrypted if necessary, and finally written PEM\-encoded
printable ASCII format preceded and followed by MIME content identifier lines.
.Pp
The format of the symmetric keys file is somewhat different
than the other files in the interest of backward compatibility.
-Since DES-CBC is deprecated in NTPv4, the only key format of interest
+Since DES\-CBC is deprecated in NTPv4, the only key format of interest
is MD5 alphanumeric strings.
Following hte heard the keys are
entered one per line in the format
.D1 Ar keyno type key
where
.Ar keyno
-is a positive integer in the range 1-65,535,
+is a positive integer in the range 1\-65,535,
.Ar type
is the string MD5 defining the key format and
.Ar key
scheme is one of
RSA\-MD2, RSA\-MD5, RSA\-SHA, RSA\-SHA1, RSA\-MDC2, RSA\-RIPEMD160,
DSA\-SHA, or DSA\-SHA1.
-.sp
Select the certificate message digest/signature encryption scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
private keys. The default is three\-key triple DES in CBC mode,
equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-e ", " -\-id\-key
+.It \-e ", " \-\-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
-.It \-G ", " -\-gq\-params
+.It \-G ", " \-\-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.It \-H ", " -\-host\-key
+.It \-H ", " \-\-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
-.It \-I ", " -\-iffkey
+.It \-I ", " \-\-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
is also a part of the self\-signed host certificate's subject and
issuer names in the form \fBhost@group\fP and should match the
\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
-\fBntpd\fP's configuration file.
+\fBntpd\fP's configuration file.
.It \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
-.It \-M ", " -\-md5key
+.It \-M ", " \-\-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.in -4
.sp
The number of bits in the prime modulus. The default is 512.
-.It \-P ", " -\-pvt\-cert
+.It \-P ", " \-\-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
subject and issuer fields, as with \fB\-i group\fP. The group name, or
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
-.It \-T ", " -\-trusted\-cert
+.It \-T ", " \-\-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
This option has not been fully documented.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
+ \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
The
.Fl p Ar password
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
It can take quite a while to generate some cryptographic values,
.Pp
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP
option definitions.
printable ASCII format so they can be embedded as MIME attachments in
mail to other sites.
- <p>This document applies to version 4.2.7p344 of <code>ntp-keygen</code>.
+ <p>This document applies to version 4.2.7p345 of <code>ntp-keygen</code>.
<div class="node">
<p><hr>
<p>Some files used by this program are encrypted using a private password.
The
-<code>-p</code> option specifies the password for local encrypted files and the
-<code>-q</code> option the password for encrypted files sent to remote sites.
+<code>-p</code>
+option specifies the password for local encrypted files and the
+<code>-q</code>
+option the password for encrypted files sent to remote sites.
If no password is specified, the host name returned by the Unix
<code>gethostname</code>()
function, normally the DNS name of the host is used.
<p>The
-<code>pw</code> option of the
-<code>crypto</code> configuration command specifies the read
+<kbd>pw</kbd>
+option of the
+<kbd>crypto</kbd>
+configuration command specifies the read
password for previously encrypted local files.
This must match the local password used by this program.
If not specified, the host name is used.
Thus, if files are generated by this program without password,
they can be read back by
-<code>ntpd</code> without password but only on the same host.
+<kbd>ntpd</kbd>
+without password but only on the same host.
<p>Normally, encrypted files for each host are generated by that host and
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-<code>ntp.keys</code>, is usually installed in
+<kbd>ntp.keys</kbd>,
+is usually installed in
<span class="file">/etc</span>.
Other files and links are usually installed in
<span class="file">/usr/local/etc</span>,
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
-<code>keysdir</code> configuration command in such cases.
+<kbd>keysdir</kbd>
+configuration command in such cases.
Normally, this is in
<span class="file">/etc</span>.
<p>This program directs commentary and error messages to the standard
error stream
-<code>stderr</code> and remote files to the standard output stream
-<code>stdout</code> where they can be piped to other applications or redirected to files.
+<kbd>stderr</kbd>
+and remote files to the standard output stream
+<kbd>stdout</kbd>
+where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-<code>ntpkey</code> and include the file type, generating host and filestamp,
+<kbd>ntpkey</kbd>
+and include the file type, generating host and filestamp,
as described in the
Cryptographic Data Files
section below.
<div class="node">
<p><hr>
-<a name="Running"></a>
+<a name="Running-the-Program"></a>
<br>
</div>
-<h3 class="section">Running</h3>
+<h3 class="section">Running the Program</h3>
-<p>Running
-the
-Program
-To test and gain experience with Autokey concepts, log in as root and
+<p>To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually
<span class="file">/usr/local/etc</span>
When run for the first time, or if all files with names beginning with
-<code>ntpkey</code> have been removed, use the
+<kbd>ntpkey</kbd>
+have been removed, use the
<code>ntp-keygen</code>
command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
Designate one of them as the trusted host (TH) using
<code>ntp-keygen</code>
with the
-<code>-T</code> option and configure it to synchronize from reliable Internet servers.
+<code>-T</code>
+option and configure it to synchronize from reliable Internet servers.
Then configure the other hosts to synchronize to the TH directly or
indirectly.
A certificate trail is created when Autokey asks the immediately
By default, the host key is also the sign key used to encrypt
signatures.
A different sign key can be assigned using the
-<code>-S</code> option and this can be either RSA or DSA type.
+<code>-S</code>
+option and this can be either RSA or DSA type.
By default, the signature
message digest type is MD5, but any combination of sign key type and
message digest type supported by the OpenSSL library can be specified
using the
-<code>-c</code> option.
+<code>-c</code>
+option.
The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
this program is run.
<p>The
<code>ntpd(1ntpdmdoc)</code>
configuration command
-<code>crypto</code> <code>pw</code> <code>password</code> specifies the read password for previously encrypted files.
+<code>crypto</code> <code>pw</code> <kbd>password</kbd>
+specifies the read password for previously encrypted files.
The daemon expires on the spot if the password is missing
or incorrect.
For convenience, if a file has been previously encrypted,
these files can be read by that host with no explicit password.
<p>File names begin with the prefix
-<code>ntpkey_</code> and end with the postfix
-<code>_hostname.filestamp</code>, where
-<code>hostname</code> is the owner name, usually the string returned
+<code>ntpkey_</code>
+and end with the postfix
+<kbd>_hostname.filestamp</kbd>,
+where
+<kbd>hostname</kbd>
+is the owner name, usually the string returned
by the Unix gethostname() routine, and
-<code>filestamp</code> is the NTP seconds when the file was generated, in decimal digits.
+<kbd>filestamp</kbd>
+is the NTP seconds when the file was generated, in decimal digits.
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-<code>rm</code> <code>ntpkey\&*</code> command or all files generated
+<code>rm</code> <code>ntpkey*</code>
+command or all files generated
at a specific time can be removed by a
-<code>rm</code> <code>\&*filestamp</code> command.
+<code>rm</code>
+<kbd>*filestamp</kbd>
+command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
and generation date and time as comments.
recognized in monitoring data.
<div class="node">
<p><hr>
-<a name="Running"></a>
+<a name="Running-the-program"></a>
<br>
</div>
-<h3 class="section">Running</h3>
+<h3 class="section">Running the program</h3>
-<p>Running
-the
-program
-The safest way to run the
+<p>The safest way to run the
<code>ntp-keygen</code>
program is logged in directly as root.
The recommended procedure is change to the keys directory,
then run the program.
When run for the first time,
or if all
-<code>ntpkey</code> files have been removed,
+<code>ntpkey</code>
+files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
as the other files, are probably not compatible with anything other than Autokey.
<p>Running the program as other than root and using the Unix
-<code>su</code> command
+<code>su</code>
+command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-<code>.rnd</code> in the user home directory.
+<code>.rnd</code>
+in the user home directory.
However, there should be only one
-<code>.rnd</code>, most conveniently
+<code>.rnd</code>,
+most conveniently
in the root directory, so it is convenient to define the
-<code>$RANDFILE</code> environment variable used by the OpenSSL library as the path to
-<code>/.rnd</code>.
-Installing the keys as root might not work in NFS-mounted
+<code>$RANDFILE</code>
+environment variable used by the OpenSSL library as the path to
+<code>/.rnd</code>.
+
+ <p>Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
<span class="file">/etc</span>
using the
-<code>keysdir</code> command.
+<code>keysdir</code>
+command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
recognized in monitoring data.
<div class="node">
<p><hr>
-<a name="Running"></a>
+<a name="Running-the-program"></a>
<br>
</div>
-<h3 class="section">Running</h3>
+<h3 class="section">Running the program</h3>
-<p>Running
-the
-program
-The safest way to run the
+<p>The safest way to run the
<code>ntp-keygen</code>
program is logged in directly as root.
The recommended procedure is change to the keys directory,
then run the program.
When run for the first time,
or if all
-<code>ntpkey</code> files have been removed,
+<code>ntpkey</code>
+files have been removed,
the program generates a RSA host key file and matching RSA-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
as the other files, are probably not compatible with anything other than Autokey.
<p>Running the program as other than root and using the Unix
-<code>su</code> command
+<code>su</code>
+command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-<code>.rnd</code> in the user home directory.
+<code>.rnd</code>
+in the user home directory.
However, there should be only one
-<code>.rnd</code>, most conveniently
+<code>.rnd</code>,
+most conveniently
in the root directory, so it is convenient to define the
-<code>$RANDFILE</code> environment variable used by the OpenSSL library as the path to
-<code>/.rnd</code>.
-Installing the keys as root might not work in NFS-mounted
+<code>$RANDFILE</code>
+environment variable used by the OpenSSL library as the path to
+<code>/.rnd</code>.
+
+ <p>Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
<span class="file">/etc</span>
using the
-<code>keysdir</code> command.
+<code>keysdir</code>
+command.
There is no need for one client to read the keys and certificates
of other clients or servers, as these data are obtained automatically
by the Autokey protocol.
Each cryptographic configuration involves selection of a signature scheme
and identification scheme, called a cryptotype,
as explained in the
-<a href="#Authentication">Authentication</a>Authentication
-Options
+<a href="#Authentication-Options">Authentication Options</a>
section of
<code>ntp.conf(5)</code>.
The default cryptotype uses RSA encryption, MD5 message digest
a certificate trail ending at a trusted host.
The trail is defined by static configuration file entries
or dynamic means described on the
-<a href="#Automatic">Automatic</a>Automatic
-NTP
-Configuration
-Options
+<a href="#Automatic-NTP-Configuration-Options">Automatic NTP Configuration Options</a>
section of
<code>ntp.conf(5)</code>.
<p>On each trusted host as root, change to the keys directory.
To insure a fresh fileset, remove all
-<code>ntpkey</code> files.
+<code>ntpkey</code>
+files.
Then run
<code>ntp-keygen</code>
-<code>-T</code> to generate keys and a trusted certificate.
+<code>-T</code>
+to generate keys and a trusted certificate.
On all other hosts do the same, but leave off the
-<code>-T</code> flag to generate keys and nontrusted certificates.
+<code>-T</code>
+flag to generate keys and nontrusted certificates.
When complete, start the NTP daemons beginning at the lowest stratum
and working up the tree.
It may take some time for Autokey to instantiate the certificate trails
scheme than the default, run
<code>ntp-keygen</code>
with the
-<code>-S</code> <code>-type</code> option, where
-<code>type</code> is either
-<code>RSA</code> or
-<code>DSA</code>. The most often need to do this is when a DSA-signed certificate is used.
+<code>-S</code> <kbd>-type</kbd>
+option, where
+<kbd>type</kbd>
+is either
+<code>RSA</code>
+or
+<code>DSA</code>.
+The most often need to do this is when a DSA-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
<code>ntp-keygen</code>
with the
-<code>-c</code> <code>-scheme</code> option and selected
-<code>scheme</code> as needed.
+<code>-c</code> <kbd>-scheme</kbd>
+option and selected
+<kbd>scheme</kbd>
+as needed.
f
<code>ntp-keygen</code>
is run again without these options, it generates a new certificate
at which time the protocol is restarted.
<div class="node">
<p><hr>
-<a name="Identity"></a>
+<a name="Identity-Schemes"></a>
<br>
</div>
-<h3 class="section">Identity</h3>
+<h3 class="section">Identity Schemes</h3>
-<p>Identity
-Schemes
-As mentioned on the Autonomous Authentication page,
+<p>As mentioned on the Autonomous Authentication page,
the default TC identity scheme is vulnerable to a middleman attack.
However, there are more secure identity schemes available,
including PC, IFF, GQ and MV described on the
"Identification Schemes"
page
(maybe available at
-.Li
-http://www.eecis.udel.edu/%7emills/keygen.html
-)
-.
+<code>http://www.eecis.udel.edu/%7emills/keygen.html</code>).
These schemes are based on a TA, one or more trusted hosts
and some number of nontrusted hosts.
Trusted hosts prove identity using values provided by the TA,
<p>The PC scheme supports only one trusted host in the group.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-P</code> <code>-p</code> <code>-password</code> to generate the host key file
-<span class="file">ntpkey_RSAkey_</span>NsAralice.filestamp
+<code>-P</code>
+<code>-p</code> <kbd>-password</kbd>
+to generate the host key file
+<span class="file">ntpkey_RSAkey_</span><kbd>alice.filestamp</kbd>
and trusted private certificate file
-<span class="file">ntpkey_RSA-MD5_cert_</span>NsAralice.filestamp.
+<span class="file">ntpkey_RSA-MD5_cert_</span><kbd>alice.filestamp</kbd>.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
-<span class="file">ntpkey_host_</span>NsArbob
+<span class="file">ntpkey_host_</span><kbd>bob</kbd>
to the host key file and soft link
-<span class="file">ntpkey_cert_</span>NsArbob
+<span class="file">ntpkey_cert_</span><kbd>bob</kbd>
to the private certificate file.
Note the generic links are on bob, but point to files generated
by trusted host alice.
generate the IFF parameter file.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-T</code> <code>-I</code> <code>-p</code> <code>-password</code> to produce her parameter file
-<span class="file">ntpkey_IFFpar_</span>NsAralice.filestamp,
+<code>-T</code>
+<code>-I</code>
+<code>-p</code> <kbd>-password</kbd>
+to produce her parameter file
+<span class="file">ntpkey_IFFpar_</span><kbd>alice.filestamp</kbd>,
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-<span class="file">ntpkey_iff_</span>NsAralice
+<span class="file">ntpkey_iff_</span><kbd>alice</kbd>
to this file.
If there are no hosts restricted to operate only as clients,
there is nothing further to do.
from the parameter file and distributed to all restricted clients.
After generating the parameter file, on alice run
<code>ntp-keygen</code>
-<code>-e</code> and pipe the output to a file or mail program.
+<code>-e</code>
+and pipe the output to a file or mail program.
Copy or mail this file to all restricted clients.
On these clients install a soft link from the generic
-<span class="file">ntpkey_iff_</span>NsAralice
+<span class="file">ntpkey_iff_</span><kbd>alice</kbd>
to this file.
To further protect the integrity of the keys,
each file can be encrypted with a secret password.
in the group, generate the IFF parameter file.
On trusted host alice run
<code>ntp-keygen</code>
-<code>-T</code> <code>-G</code> <code>-p</code> <code>-password</code> to produce her parameter file
-<span class="file">ntpkey_GQpar_</span>NsAralice.filestamp,
+<code>-T</code>
+<code>-G</code>
+<code>-p</code> <kbd>-password</kbd>
+to produce her parameter file
+<span class="file">ntpkey_GQpar_</span><kbd>alice.filestamp</kbd>,
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-<span class="file">ntpkey_gq_</span>NsAralice
+<span class="file">ntpkey_gq_</span><kbd>alice</kbd>
to this file.
In addition, on each host bob install a soft link
from generic
-<span class="file">ntpkey_gq_</span>NsArbob
+<span class="file">ntpkey_gq_</span><kbd>bob</kbd>
to this file.
As the GQ scheme updates the GQ parameters file and certificate
at the same time, keys and certificates can be regenerated as needed.
and bob one of her clients.
On TA trish run
<code>ntp-keygen</code>
-<code>-V</code> <code>-n</code> <code>-p</code> <code>-password</code>, where
-<code>n</code> is the number of revokable keys (typically 5) to produce
+<code>-V</code> <kbd>-n</kbd>
+<code>-p</code> <kbd>-password</kbd>,
+where
+<kbd>n</kbd>
+is the number of revokable keys (typically 5) to produce
the parameter file
-<span class="file">ntpkeys_MVpar_</span>NsArtrish.filestamp
+<span class="file">ntpkeys_MVpar_</span><kbd>trish.filestamp</kbd>
and client key files
-<span class="file">ntpkeys_MVkeyd_</span>NsArtrish.filestamp
+<span class="file">ntpkeys_MVkeyd_</span><kbd>trish.filestamp</kbd>
where
-<code>d</code> is the key number (0 \&<
-<code>d</code> \&<
-<code>n</code>). Copy the parameter file to alice and install a soft link
+<kbd>d</kbd>
+is the key number (0 \&<
+<kbd>d</kbd>
+\&<
+<kbd>n</kbd>).
+Copy the parameter file to alice and install a soft link
from the generic
-<span class="file">ntpkey_mv_</span>NsAralice
+<span class="file">ntpkey_mv_</span><kbd>alice</kbd>
to this file.
Copy one of the client key files to alice for later distribution
to her clients.
since they all work the same way.
Alice copies the client key file to all of her cliens.
On client bob install a soft link from generic
-<span class="file">ntpkey_mvkey_</span>NsArbob
+<span class="file">ntpkey_mvkey_</span><kbd>bob</kbd>
to the client key file.
As the MV scheme is independent of keys and certificates,
these files can be refreshed as needed.
<div class="node">
<p><hr>
-<a name="Command"></a>
+<a name="Command-Line-Options"></a>
<br>
</div>
-<h3 class="section">Command</h3>
+<h3 class="section">Command Line Options</h3>
-<p>Command
-Line
-Options
<dl>
-<dt><span class="samp">Fl</span><dd>Select certificate message digest/signature encryption scheme.
+<dt><code>-c</code> <kbd>-scheme</kbd><dd>Select certificate message digest/signature encryption scheme.
The
-<code>scheme</code> can be one of the following:
-.
-Cm
-RSA-MD2
-,
-RSA-MD5
-,
-RSA-SHA
-,
-RSA-SHA1
-,
-RSA-MDC2
-,
-RSA-RIPEMD160
-,
-DSA-SHA
-,
-or
-<code>DSA-SHA1</code>. Note that RSA schemes must be used with a RSA sign key and DSA
+<kbd>scheme</kbd>
+can be one of the following:
+
+ <p>or
+<code>DSA-SHA1</code>.
+Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-<code>RSA-MD5</code>. <br><dt><span class="samp">Fl</span><dd>Enable debugging.
+<code>RSA-MD5</code>.
+<br><dt><code>-d</code><dd>Enable debugging.
This option displays the cryptographic data produced in eye-friendly billboards.
-<br><dt><span class="samp">Fl</span><dd>Write the IFF client keys to the standard output.
+<br><dt><code>-e</code><dd>Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters and keys for the GQ identification scheme,
+<br><dt><code>-G</code><dd>Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate keys for the GQ identification scheme
+<br><dt><code>-g</code><dd>Generate keys for the GQ identification scheme
using the existing GQ parameters.
If the GQ parameters do not yet exist, create them first.
-<br><dt><span class="samp">Fl</span><dd>Generate new host keys, obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters for the IFF identification scheme,
+<br><dt><code>-H</code><dd>Generate new host keys, obsoleting any that may exist.
+<br><dt><code>-I</code><dd>Generate parameters for the IFF identification scheme,
obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Set the suject name to
-<code>name</code>. This is used as the subject field in certificates
+<br><dt><code>-i</code> <kbd>-name</kbd><dd>Set the suject name to
+<kbd>name</kbd>.
+This is used as the subject field in certificates
and in the file name for host and sign keys.
-<br><dt><span class="samp">Fl</span><dd>Generate MD5 keys, obsoleting any that may exist.
-<br><dt><span class="samp">Fl</span><dd>Generate a private certificate.
+<br><dt><code>-M</code><dd>Generate MD5 keys, obsoleting any that may exist.
+<br><dt><code>-P</code><dd>Generate a private certificate.
By default, the program generates public certificates.
-<br><dt><span class="samp">Fl</span><dd>Encrypt generated files containing private data with
-<code>password</code> and the DES-CBC algorithm.
-<br><dt><span class="samp">Fl</span><dd>Set the password for reading files to password.
-<br><dt><span class="samp">Fl</span><dd>Generate a new sign key of the designated type,
+<br><dt><code>-p</code> <kbd>-password</kbd><dd>Encrypt generated files containing private data with
+<kbd>password</kbd>
+and the DES-CBC algorithm.
+<br><dt><code>-q</code><dd>Set the password for reading files to password.
+<br><dt><code>-S</code> <code>-Oo</code> <code>-Cm</code> <code>-RSA</code> <code>-</code> | <code>-DSA</code> <code>-Oc</code><dd>Generate a new sign key of the designated type,
obsoleting any that may exist.
By default, the program uses the host key as the sign key.
-<br><dt><span class="samp">Fl</span><dd>Set the issuer name to
-<code>name</code>. This is used for the issuer field in certificates
+<br><dt><code>-s</code> <kbd>-name</kbd><dd>Set the issuer name to
+<kbd>name</kbd>.
+This is used for the issuer field in certificates
and in the file name for identity files.
-<br><dt><span class="samp">Fl</span><dd>Generate a trusted certificate.
+<br><dt><code>-T</code><dd>Generate a trusted certificate.
By default, the program generates a non-trusted certificate.
-<br><dt><span class="samp">Fl</span><dd>Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+<br><dt><code>-V</code> <kbd>-nkeys</kbd><dd>Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
</dl>
+<div class="node">
<p><hr>
-<a name="Random"></a>
+<a name="Random-Seed-File"></a>
<br>
</div>
-<h3 class="section">Random</h3>
+<h3 class="section">Random Seed File</h3>
-<p>Random
-Seed
-File
-All cryptographically sound key generation schemes must have means
+<p>All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
the internal pseudo-random number generator used
by the library routines.
<p>The entropy seed used by the OpenSSL library is contained in a file,
usually called
-<code>.rnd</code>, which must be available when starting the NTP daemon
+<code>.rnd</code>,
+which must be available when starting the NTP daemon
or the
<code>ntp-keygen</code>
program.
The NTP daemon will first look for the file
using the path specified by the
-<code>randfile</code> subcommand of the
-<code>crypto</code> configuration command.
+<code>randfile</code>
+subcommand of the
+<code>crypto</code>
+configuration command.
If not specified in this way, or when starting the
<code>ntp-keygen</code>
program,
the OpenSSL library will look for the file using the path specified
by the
-.Ev
-RANDFILE
+Ev RANDFILE
environment variable in the user home directory,
whether root or some other user.
If the
-.Ev
-RANDFILE
+Ev RANDFILE
environment variable is not present,
the library will look for the
-<code>.rnd</code> file in the user home directory.
+<code>.rnd</code>
+file in the user home directory.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
exits with a suitable error message.
<div class="node">
<p><hr>
-<a name="Cryptographic"></a>
+<a name="Cryptographic-Data-Files"></a>
<br>
</div>
-<h3 class="section">Cryptographic</h3>
+<h3 class="section">Cryptographic Data Files</h3>
-<p>Cryptographic
-Data
-Files
-All other file formats begin with two lines.
+<p>All other file formats begin with two lines.
The first contains the file name, including the generated host name
and filestamp.
The second contains the datestamp in conventional Unix date format.
is MD5 alphanumeric strings.
Following hte heard the keys are
entered one per line in the format
-.D1
-Ar
-keyno
-type
-key
-where
-<code>keyno</code> is a positive integer in the range 1-65,535,
-<code>type</code> is the string MD5 defining the key format and
-<code>key</code> is the key itself,
+<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd>
+</pre>
+ <p>where
+<kbd>keyno</kbd>
+is a positive integer in the range 1-65,535,
+<kbd>type</kbd>
+is the string MD5 defining the key format and
+<kbd>key</kbd>
+is the key itself,
which is a printable ASCII string 16 characters or less in length.
Each character is chosen from the 93 printable characters
in the range 0x21 through 0x7f excluding space and the
<p>The
<code>ntp-keygen</code>
program generates a MD5 symmetric keys file
-<span class="file">ntpkey_MD5key_</span>NsArhostname.filestamp.
+<span class="file">ntpkey_MD5key_</span><kbd>hostname.filestamp</kbd>.
Since the file contains private shared keys,
it should be visible only to root and distributed by secure means
to other subnet hosts.
<div class="node">
<p><hr>
<a name="ntp_002dkeygen-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
-<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p343
+<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p344
USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
<p><hr>
<a name="ntp_002dkeygen-imbits"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-certificate"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-cipher"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-id_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-gq_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-host_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-iffkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-ident"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-lifetime"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-md5key"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-modulus"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-pvt_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dpasswd">ntp-keygen pvt-passwd</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-pvt_002dpasswd"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-get_002dpvt_002dpasswd">ntp-keygen get-pvt-passwd</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-get_002dpvt_002dpasswd"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-pvt_002dpasswd">ntp-keygen pvt-passwd</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-sign_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-get_002dpvt_002dpasswd">ntp-keygen get-pvt-passwd</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-subject_002dname"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-trusted_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-mv_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-mv_002dkeys"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-config"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<p><hr>
<a name="ntp_002dkeygen-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<h4 class="subsection">ntp-keygen Usage</h4>
<p>The
-<code>-p</code> <code>-password</code> option specifies the write password and
-<code>-q</code> <code>-password</code> option the read password for previously encrypted files.
+<code>-p</code> <kbd>-password</kbd>
+option specifies the write password and
+<code>-q</code> <kbd>-password</kbd>
+option the read password for previously encrypted files.
The
<code>ntp-keygen</code>
program prompts for the password if it reads an encrypted file
<p><hr>
<a name="ntp_002dkeygen-Notes"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
<div class="node">
<p><hr>
<a name="ntp_002dkeygen-Bugs"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
-Up: <a rel="up" accesskey="u" href="#Cryptographic">Cryptographic</a>
+Up: <a rel="up" accesskey="u" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
<br>
</div>
-.TH ntp-keygen @NTP_KEYGEN_MS@ "03 Jan 2013" "ntp (4.2.7p344)" "User Commands"
+.TH ntp-keygen @NTP_KEYGEN_MS@ "04 Jan 2013" "ntp (4.2.7p345)" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.man)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:02 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:36 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.\"
equivalent to "@code{-C des-ede3-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
.TP
-.BR \-d ", " -\-debug\-level
+.BR \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
This option takes an integer number as its argument.
.sp
.TP
-.BR \-e ", " -\-id\-key
+.BR \-e ", " \-\-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
.TP
-.BR \-G ", " -\-gq\-params
+.BR \-G ", " \-\-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
.TP
-.BR \-H ", " -\-host\-key
+.BR \-H ", " \-\-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
.TP
-.BR \-I ", " -\-iffkey
+.BR \-I ", " \-\-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
is also a part of the self-signed host certificate's subject and
issuer names in the form \fBhost@group\fP and should match the
'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
-\fBntpd\fP's configuration file.
+\fBntpd\fP's configuration file.
.TP
.BR \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
set certificate lifetime.
.sp
Set the certificate expiration to lifetime days from now.
.TP
-.BR \-M ", " -\-md5key
+.BR \-M ", " \-\-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.sp
The number of bits in the prime modulus. The default is 512.
.TP
-.BR \-P ", " -\-pvt\-cert
+.BR \-P ", " \-\-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
.TP
-.BR \-T ", " -\-trusted\-cert
+.BR \-T ", " \-\-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2man'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation-notes environment files examples exit-status errors
+ compatibility see-also conforming-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.SH USAGE
The
p Ar password
.PP
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.SH NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.PP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
option definitions.
-.Dd January 3 2013
+.Dd January 4 2013
.Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed January 3, 2013 at 01:11:11 PM by AutoGen 5.17.1pre11
+.\" It has been AutoGen-ed January 4, 2013 at 09:04:43 AM by AutoGen 5.17.1pre11
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.\" Mixture of short (flag) options and long options
.Op Fl flags
.Op Fl flag Ar value
-.Op Fl \-option-name Ar value
+.Op Fl \-option\-name Ar value
.Pp
All arguments must be options.
.Pp
digital signature and challenge/response identification algorithms
compatible with the Internet standard security infrastructure.
.Pp
-All files are in PEM-encoded printable ASCII format,
+All files are in PEM\-encoded printable ASCII format,
so they can be embedded as MIME attachments in mail to other sites
and certificate authorities.
By default, files are not encrypted.
.Pp
When used to generate message digest keys, the program produces a file
-containing ten pseudo-random printable ASCII strings suitable for the
+containing ten pseudo\-random printable ASCII strings suitable for the
MD5 message digest algorithm included in the distribution.
If the OpenSSL library is installed, it produces an additional ten
-hex-encoded random bit strings suitable for the SHA1 and other message
+hex\-encoded random bit strings suitable for the SHA1 and other message
digest algorithms.
The message digest keys file must be distributed and stored
using secure means beyond the scope of NTP itself.
Other files and links are usually installed in
.Pa /usr/local/etc ,
which is normally in a shared filesystem in
-NFS-mounted networks and cannot be changed by shared clients.
+NFS\-mounted networks and cannot be changed by shared clients.
The location of the keys directory can be changed by the
.Ar keysdir
configuration command in such cases.
have been removed, use the
.Nm
command without arguments to generate a
-default RSA host key and matching RSA-MD5 certificate with expiration
+default RSA host key and matching RSA\-MD5 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
this program is run.
-This of course creates a chicken-and-egg problem
+This of course creates a chicken\-and\-egg problem
when the host is started for the first time.
Accordingly, the host time
-should be set by some other means, such as eyeball-and-wristwatch, at
+should be set by some other means, such as eyeball\-and\-wristwatch, at
least so that the certificate lifetime is within the current year.
After that and when the host is synchronized to a proventic source, the
-certificate should be re-generated.
+certificate should be re\-generated.
.Pp
Additional information on trusted groups and identity schemes is on the
-.Dq Autokey Public-Key Authentication
+.Dq Autokey Public\-Key Authentication
page.
.Pp
The
All files are installed by default in the keys directory
.Pa /usr/local/etc ,
which is normally in a shared filesystem
-in NFS-mounted networks.
+in NFS\-mounted networks.
The actual location of the keys directory
and each file can be overridden by configuration commands,
but this is not recommended.
.Pp
Normally, files containing private values,
including the host key, sign key and identification parameters,
-are permitted root read/write-only;
+are permitted root read/write\-only;
while others containing public values are permitted world readable.
Alternatively, files containing private values can be encrypted
and these files permitted world readable,
or if all
.Cm ntpkey
files have been removed,
-the program generates a RSA host key file and matching RSA-MD5 certificate file,
+the program generates a RSA host key file and matching RSA\-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
to the respective files.
environment variable used by the OpenSSL library as the path to
.Cm /.rnd .
.Pp
-Installing the keys as root might not work in NFS-mounted
+Installing the keys as root might not work in NFS\-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
All files are installed by default in the keys directory
.Pa /usr/local/etc ,
which is normally in a shared filesystem
-in NFS-mounted networks.
+in NFS\-mounted networks.
The actual location of the keys directory
and each file can be overridden by configuration commands,
but this is not recommended.
.Pp
Normally, files containing private values,
including the host key, sign key and identification parameters,
-are permitted root read/write-only;
+are permitted root read/write\-only;
while others containing public values are permitted world readable.
Alternatively, files containing private values can be encrypted
and these files permitted world readable,
or if all
.Cm ntpkey
files have been removed,
-the program generates a RSA host key file and matching RSA-MD5 certificate file,
+the program generates a RSA host key file and matching RSA\-MD5 certificate file,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
to the respective files.
environment variable used by the OpenSSL library as the path to
.Cm /.rnd .
.Pp
-Installing the keys as root might not work in NFS-mounted
+Installing the keys as root might not work in NFS\-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
.Xr ntp.conf 5 .
The default cryptotype uses RSA encryption, MD5 message digest
and TC identification.
-First, configure a NTP subnet including one or more low-stratum
+First, configure a NTP subnet including one or more low\-stratum
trusted hosts from which all other hosts derive synchronization
directly or indirectly.
Trusted hosts have trusted certificates;
.Cm RSA
or
.Cm DSA .
-The most often need to do this is when a DSA-signed certificate is used.
+The most often need to do this is when a DSA\-signed certificate is used.
If it is necessary to use a different certificate scheme than the default,
run
.Nm
to generate the host key file
.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
and trusted private certificate file
-.Pa ntpkey_RSA-MD5_cert_ Ns Ar alice.filestamp .
+.Pa ntpkey_RSA\-MD5_cert_ Ns Ar alice.filestamp .
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host bob install a soft link from the generic name
The
.Ar scheme
can be one of the following:
-. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
+. Cm RSA\-MD2 , RSA\-MD5 , RSA\-SHA , RSA\-SHA1 , RSA\-MDC2 , RSA\-RIPEMD160 , DSA\-SHA ,
or
-.Cm DSA-SHA1 .
+.Cm DSA\-SHA1 .
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key.
The default without this option is
-.Cm RSA-MD5 .
+.Cm RSA\-MD5 .
.It Fl d
Enable debugging.
-This option displays the cryptographic data produced in eye-friendly billboards.
+This option displays the cryptographic data produced in eye\-friendly billboards.
.It Fl e
Write the IFF client keys to the standard output.
This is intended for automatic key distribution by mail.
.It Fl p Ar password
Encrypt generated files containing private data with
.Ar password
-and the DES-CBC algorithm.
+and the DES\-CBC algorithm.
.It Fl q
Set the password for reading files to password.
.It Fl S Oo Cm RSA | DSA Oc
and in the file name for identity files.
.It Fl T
Generate a trusted certificate.
-By default, the program generates a non-trusted certificate.
+By default, the program generates a non\-trusted certificate.
.It Fl V Ar nkeys
-Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
+Generate parameters and keys for the Mu\-Varadharajan (MV) identification scheme.
.El
.Ss Random Seed File
All cryptographically sound key generation schemes must have means
to randomize the entropy seed used to initialize
-the internal pseudo-random number generator used
+the internal pseudo\-random number generator used
by the library routines.
The OpenSSL library uses a designated random seed file for this purpose.
The file must be available when starting the NTP daemon and
for each generation, for otherwise the random number sequence
would be predictable.
Various means dependent on external events, such as keystroke intervals,
-can be used to do this and some systems have built-in entropy sources.
+can be used to do this and some systems have built\-in entropy sources.
Suitable means are described in the OpenSSL software documentation,
but are outside the scope of this page.
.Pp
.Xr ntpd @NTPD_MS@
daemon.
Cryptographic values are encoded first using ASN.1 rules,
-then encrypted if necessary, and finally written PEM-encoded
+then encrypted if necessary, and finally written PEM\-encoded
printable ASCII format preceded and followed by MIME content identifier lines.
.Pp
The format of the symmetric keys file is somewhat different
than the other files in the interest of backward compatibility.
-Since DES-CBC is deprecated in NTPv4, the only key format of interest
+Since DES\-CBC is deprecated in NTPv4, the only key format of interest
is MD5 alphanumeric strings.
Following hte heard the keys are
entered one per line in the format
.D1 Ar keyno type key
where
.Ar keyno
-is a positive integer in the range 1-65,535,
+is a positive integer in the range 1\-65,535,
.Ar type
is the string MD5 defining the key format and
.Ar key
scheme is one of
RSA\-MD2, RSA\-MD5, RSA\-SHA, RSA\-SHA1, RSA\-MDC2, RSA\-RIPEMD160,
DSA\-SHA, or DSA\-SHA1.
-.sp
Select the certificate message digest/signature encryption scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
private keys. The default is three\-key triple DES in CBC mode,
equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers
available in "\fBopenssl \-h\fP" output.
-.It \-d ", " -\-debug\-level
+.It \-d ", " \-\-debug\-level
Increase debug verbosity level.
This option may appear an unlimited number of times.
.sp
-.sp
.It \-D " \fInumber\fP, " \-\-set\-debug\-level "=" \fInumber\fP
Set the debug verbosity level.
This option may appear an unlimited number of times.
This option takes an integer number as its argument.
.sp
-.sp
-.It \-e ", " -\-id\-key
+.It \-e ", " \-\-id\-key
Write IFF or GQ identity keys.
.sp
Write the IFF or GQ client keys to the standard output. This is
intended for automatic key distribution by mail.
-.It \-G ", " -\-gq\-params
+.It \-G ", " \-\-gq\-params
Generate GQ parameters and keys.
.sp
Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
-.It \-H ", " -\-host\-key
+.It \-H ", " \-\-host\-key
generate RSA host key.
.sp
Generate new host keys, obsoleting any that may exist.
-.It \-I ", " -\-iffkey
+.It \-I ", " \-\-iffkey
generate IFF parameters.
.sp
Generate parameters for the IFF identification scheme, obsoleting
is also a part of the self\-signed host certificate's subject and
issuer names in the form \fBhost@group\fP and should match the
\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in
-\fBntpd\fP's configuration file.
+\fBntpd\fP's configuration file.
.It \-l " \fIlifetime\fP, " \-\-lifetime "=" \fIlifetime\fP
set certificate lifetime.
This option takes an integer number as its argument.
.sp
Set the certificate expiration to lifetime days from now.
-.It \-M ", " -\-md5key
+.It \-M ", " \-\-md5key
generate MD5 keys.
.sp
Generate MD5 keys, obsoleting any that may exist.
.in -4
.sp
The number of bits in the prime modulus. The default is 512.
-.It \-P ", " -\-pvt\-cert
+.It \-P ", " \-\-pvt\-cert
generate PC private certificate.
.sp
Generate a private certificate. By default, the program generates
subject and issuer fields, as with \fB\-i group\fP. The group name, or
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
-.It \-T ", " -\-trusted\-cert
+.It \-T ", " \-\-trusted\-cert
trusted certificate (TC scheme).
.sp
Generate a trusted certificate. By default, the program generates
This option has not been fully documented.
.It \-? , " \-\-help"
Display usage information and exit.
-.It \-! , " \-\-more-help"
+.It \-! , " \-\-more\-help"
Pass the extended usage information through a pager.
-.It \-> " [\fIrcfile\fP]," " \-\-save-opts" "[=\fIrcfile\fP]"
+.It \-> " [\fIrcfile\fP]," " \-\-save\-opts" "[=\fIrcfile\fP]"
Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
-.It \-< " \fIrcfile\fP," " \-\-load-opts" "=\fIrcfile\fP," " \-\-no-load-opts"
+.It \-< " \fIrcfile\fP," " \-\-load\-opts" "=\fIrcfile\fP," " \-\-no\-load\-opts"
Load options from \fIrcfile\fP.
-The \fIno-load-opts\fP form will disable the loading
-of earlier RC/INI files. \fI\-\-no-load-opts\fP is handled early,
+The \fIno\-load\-opts\fP form will disable the loading
+of earlier RC/INI files. \fI\-\-no\-load\-opts\fP is handled early,
out of order.
.It \- " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
Output version of program and exit. The default mode is `v', a simple
by loading values from configuration ("RC" or ".INI") file(s) and values from
environment variables named:
.nf
- \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP
+ \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP
.fi
.ad
The environmental presets take precedence (are processed later than)
The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP".
If any of these are directories, then the file \fI.ntprc\fP
is searched for within those directories.
+cvt_prog='/usr/local/gnu/share/autogen/texi2mdoc'
+cvt_prog=`cd \`dirname "$cvt_prog"\` >/dev/null && pwd
+ `/`basename "$cvt_prog"`
+cd $tmp_dir
+test \-x "$cvt_prog" || die "'$cvt_prog' is not executable"
+{
+ list='synopsis description options option\-presets'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list name
+ list='implementation\-notes environment files examples exit\-status errors
+ compatibility see\-also conforming\-to history authors copyright bugs
+ notes'
+ for f in $list ; do cat $f ; echo ; done > .end\-doc
+ rm \-f $list
+ list=`ls \-1 *`' .end\-doc'
+ for f in $list ; do cat $f ; echo ; done
+ rm \-f $list
+} 1>.doc 2>/dev/null
+sed \-f .cmds .doc | /usr/local/gnu/bin/grep \-E \-v '^[ ]*$' | $cvt_prog
.Sh USAGE
The
.Fl p Ar password
A specified configuration file could not be loaded.
.It 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
-it to autogen-users@lists.sourceforge.net. Thank you.
+it to autogen\-users@lists.sourceforge.net. Thank you.
.El
.Sh "AUTHORS"
The University of Delaware
.Sh "COPYRIGHT"
-Copyright (C) 1970-2013 The University of Delaware all rights reserved.
+Copyright (C) 1970\-2013 The University of Delaware all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS
It can take quite a while to generate some cryptographic values,
.Pp
Please report bugs to http://bugs.ntp.org .Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
.Sh NOTES
-This document corresponds to version @VERSION@ of NTP.
-Portions of this document came from FreeBSD.
-.Pp
-This manual page was \fIAutoGen\fP-erated from the \fBntp-keygen\fP
+This document corresponds to version 4.2.7p345 of NTP.
+Portions of this document came from FreeBSD..Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP
option definitions.
projects / thirdparty / ntp.git / commitdiff
