From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 20 Aug 2024 12:13:38 +0000 (+0200)
Subject: doc: clarify hostname with nts option
X-Git-Tag: 4.6~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d592349955910989bc8af88322d82dbf0fde135;p=thirdparty%2Fchrony.git

doc: clarify hostname with nts option
---

diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc
index 33705fdb..83de4852 100644
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@@ -126,6 +126,15 @@ mechanism. Unlike with the *key* option, the server and client do not need to
 share a key in a key file. NTS has a Key Establishment (NTS-KE) protocol using
 the Transport Layer Security (TLS) protocol to get the keys and cookies
 required by NTS for authentication of NTP packets.
++
+With this option, the hostname specified in the server or pool directive is the
+NTS-KE server or pool of NTS-KE servers respectively. The NTP server usually
+runs on the same host, but it can be separated from the NTS-KE server (the
+hostname or address of the NTP server is provided to the client by the NTS-KE
+server).
++
+The NTS-KE server can be specified by IP address if it is included in the
+server's certificate as a Subject Alternative Name (SAN).
 *certset* _ID_:::
 This option specifies which set of trusted certificates should be used to verify
 the server's certificate when the *nts* option is enabled. Sets of certificates