From: Harlan Stenn Date: Tue, 18 Dec 2012 09:00:04 +0000 (+0000) Subject: NTP_4_2_7P335 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79942adeffdd797cde76dd87f5252bb173fcdd0f;p=thirdparty%2Fntp.git NTP_4_2_7P335 bk: 50d03094dMywa-wGZmwuniZqzLacGA --- diff --git a/ChangeLog b/ChangeLog index f2d1be9127..3b8c6d5a29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +(4.2.7p335) 2012/12/18 Released by Harlan Stenn * Update documentation templates and definitions. * Create agtexi-file.tpl . (4.2.7p334) 2012/12/10 Released by Harlan Stenn diff --git a/ntpd/invoke-ntp.conf.texi b/ntpd/invoke-ntp.conf.texi index 8aaead8851..e066fbcded 100644 --- a/ntpd/invoke-ntp.conf.texi +++ b/ntpd/invoke-ntp.conf.texi @@ -1,14 +1,14 @@ -@node ntp.conf Invocation -@section Invoking ntp.conf +@node ntp.conf Notes +@section Notes about ntp.conf @pindex ntp.conf @cindex Network Time Protocol (NTP) daemon configuration file format @ignore # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed December 10, 2012 at 06:39:47 AM by AutoGen 5.16.2 +# It has been AutoGen-ed December 17, 2012 at 11:37:53 AM by AutoGen 5.16.2 # From the definitions ntp.conf.def -# and the template file agtexi-cmd.tpl +# and the template file agtexi-file.tpl @end ignore @@ -20,19 +20,17 @@ configuration file is read at initial startup by the daemon in order to specify the synchronization sources, modes and other related information. Usually, it is installed in the -.Pa -/etc +@file{/etc} directory, but could be installed elsewhere (see the daemon's @code{-c} command line option). The file format is similar to other -.Ux +@sc{UNIX} configuration files. Comments begin with a -.Ql -# +@quoteleft{}#@quoteright{} character and extend to the end of the line; blank lines are ignored. Configuration commands consist of an initial keyword @@ -46,85 +44,55 @@ and text strings. The rest of this page describes the configuration and control options. The -.Qq -Notes -on -Configuring -NTP -and -Setting -up -a -NTP -Subnet +"NotesonConfiguringNTPandSettingupaNTPSubnet" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) contains an extended discussion of these options. In addition to the discussion of general -.Sx -Configuration +@ref{Configuration}Configuration Options , there are sections describing the following supported functionality and the options used to control it: @itemize @bullet @item -.Sx -Authentication +@ref{Authentication}Authentication Support @item -.Sx -Monitoring +@ref{Monitoring}Monitoring Support @item -.Sx -Access +@ref{Access}Access Control Support @item -.Sx -Automatic +@ref{Automatic}Automatic NTP Configuration Options @item -.Sx -Reference +@ref{Reference}Reference Clock Support @item -.Sx -Miscellaneous +@ref{Miscellaneous}Miscellaneous Options @end itemize Following these is a section describing -.Sx -Miscellaneous +@ref{Miscellaneous}Miscellaneous Options . While there is a rich set of options available, the only required option is one or more -.Ic -pool -, -.Ic -server -, -.Ic -peer -, -.Ic -broadcast -or -.Ic -manycastclient -commands. -.Sh +@code{pool}, @code{server}, @code{peer}, @code{broadcast} or +@code{manycastclient} commands. +@node Configuration +@section Configuration + Configuration Support Following is a description of the configuration commands in @@ -136,7 +104,9 @@ classes of commands, configuration commands that configure a persistent association with a remote server or peer or reference clock, and auxiliary commands that specify environmental variables that control various related operations. -.Ss +@node Configuration +@section Configuration + Configuration Commands The various modes are determined by the command keyword and the @@ -157,8 +127,7 @@ in addition to the default support of the IPv4 address family. In a few cases, including the reslist billboard generated by ntpdc, IPv6 addresses are automatically generated. IPv6 addresses can be identified by the presence of colons -.Dq -\&: +@quotedblleft{}\&:@quotedblright{} in the address field. IPv6 addresses can be used almost everywhere where IPv4 addresses can be used, @@ -174,173 +143,53 @@ See IPv6 references for the equivalent classes for that address family. @table @samp @item Xo -.Op -Cm -burst -.Op -Cm -iburst -.Op -Cm -version -Ar -version -.Op -Cm -prefer -.Op -Cm -minpoll -Ar -minpoll -.Op -Cm -maxpoll -Ar -maxpoll -.Xc +[@code{burst} ] +[@code{iburst} ] +[@code{version} @code{Ar} @code{version} ] +[@code{prefer} ] +[@code{minpoll} @code{Ar} @code{minpoll} ] +[@code{maxpoll} @code{Ar} @code{maxpoll} ] @item Xo -.Op -Cm -key -Ar -key -\&| -Cm -autokey -.Op -Cm -burst -.Op -Cm -iburst -.Op -Cm -version -Ar -version -.Op -Cm -prefer -.Op -Cm -minpoll -Ar -minpoll -.Op -Cm -maxpoll -Ar -maxpoll -.Xc +[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ] +[@code{burst} ] +[@code{iburst} ] +[@code{version} @code{Ar} @code{version} ] +[@code{prefer} ] +[@code{minpoll} @code{Ar} @code{minpoll} ] +[@code{maxpoll} @code{Ar} @code{maxpoll} ] @item Xo -.Op -Cm -key -Ar -key -\&| -Cm -autokey -.Op -Cm -version -Ar -version -.Op -Cm -prefer -.Op -Cm -minpoll -Ar -minpoll -.Op -Cm -maxpoll -Ar -maxpoll -.Xc +[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ] +[@code{version} @code{Ar} @code{version} ] +[@code{prefer} ] +[@code{minpoll} @code{Ar} @code{minpoll} ] +[@code{maxpoll} @code{Ar} @code{maxpoll} ] @item Xo -.Op -Cm -key -Ar -key -\&| -Cm -autokey -.Op -Cm -version -Ar -version -.Op -Cm -prefer -.Op -Cm -minpoll -Ar -minpoll -.Op -Cm -ttl -Ar -ttl -.Xc +[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ] +[@code{version} @code{Ar} @code{version} ] +[@code{prefer} ] +[@code{minpoll} @code{Ar} @code{minpoll} ] +[@code{ttl} @code{Ar} @code{ttl} ] @item Xo -.Op -Cm -key -Ar -key -\&| -Cm -autokey -.Op -Cm -version -Ar -version -.Op -Cm -prefer -.Op -Cm -minpoll -Ar -minpoll -.Op -Cm -maxpoll -Ar -maxpoll -.Op -Cm -ttl -Ar -ttl -.Xc +[@code{key} @code{Ar} @code{key}\&| @code{Cm} @code{autokey} ] +[@code{version} @code{Ar} @code{version} ] +[@code{prefer} ] +[@code{minpoll} @code{Ar} @code{minpoll} ] +[@code{maxpoll} @code{Ar} @code{maxpoll} ] +[@code{ttl} @code{Ar} @code{ttl} ] @end multitable These five commands specify the time server name or address to be used and the mode in which to operate. The -.Ar -address -can be +@kbd{address} can be either a DNS name or an IP address in dotted-quad notation. Additional information on association behavior can be found in the -.Qq -Association -Management +"AssociationManagement" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . @table @samp @@ -358,8 +207,7 @@ In this mode the local clock can synchronized to the remote server, but the remote server can never be synchronized to the local clock. This command should -.Em -not +@emph{not} be used for type b or m addresses. @item Ic @@ -385,9 +233,7 @@ broadcast messages go only to the interface associated with the subnet specified, but multicast messages go to all interfaces. In broadcast mode the local server sends periodic broadcast messages to a client population at the -.Ar -address -specified, which is usually the broadcast address on (one of) the +@kbd{address} specified, which is usually the broadcast address on (one of) the local network(s) or a multicast address assigned to NTP. The IANA has assigned the multicast group address IPv4 224.0.1.1 and @@ -397,12 +243,8 @@ messages within administrative boundaries. Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broadcast client, see the -.Ic -broadcastclient -or -.Ic -multicastclient -commands +@code{broadcastclient} or +@code{multicastclient} commands below. @item Ic For type m addresses (only), this command mobilizes a @@ -410,9 +252,7 @@ manycast client mode association for the multicast address specified. In this case a specific address must be supplied which matches the address used on the -.Ic -manycastserver -command for +@code{manycastserver} command for the designated manycast servers. The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific @@ -420,23 +260,17 @@ means are taken to avoid spraying large areas of the Internet with these messages and causing a possibly massive implosion of replies at the sender. The -.Ic -manycastserver -command specifies that the local server +@code{manycastserver} command specifies that the local server is to operate in client mode with the remote servers that are discovered as the result of broadcast/multicast messages. The client broadcasts a request message to the group address associated with the specified -.Ar -address -and specifically enabled +@kbd{address} and specifically enabled servers respond to these messages. The client selects the servers providing the best time and continues as with the -.Ic -server -command. +@code{server} command. The remaining servers are discarded as if never heard. @@ -448,8 +282,7 @@ Options: All packets sent to and received from the server or peer are to include authentication fields encrypted using the autokey scheme described in -.Sx -Authentication +@ref{Authentication}Authentication Options . @item Cm @@ -461,9 +294,7 @@ can be changed with the calldelay command to allow additional time for a modem or ISDN call to complete. This is designed to improve timekeeping quality with the -.Ic -server -command and s addresses. +@code{server} command and s addresses. @item Cm When the server is unreachable, send a burst of eight packets instead of the usual one. @@ -473,18 +304,14 @@ changed with the calldelay command to allow additional time for a modem or ISDN call to complete. This is designed to speed the initial synchronization acquisition with the -.Ic -server -command and s addresses and when +@code{server} command and s addresses and when @code{ntpd(1ntpdmdoc)} is started with the @code{-q} option. @item Cm All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified -.Ar -key -identifier with values from 1 to 65534, inclusive. +@kbd{key} identifier with values from 1 to 65534, inclusive. The default is to include no encryption field. @item Cm @@ -493,15 +320,11 @@ These options specify the minimum and maximum poll intervals for NTP messages, as a power of 2 in seconds The maximum poll interval defaults to 10 (1,024 s), but can be increased by the -.Cm -maxpoll -option to an upper limit of 17 (36.4 h). +@code{maxpoll} option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the -.Cm -minpoll -option to a lower limit of 4 (16 s). +@code{minpoll} option to a lower limit of 4 (16 s). @item Cm Marks the server as unused, except for display purposes. The server is discarded by the selection algroithm. @@ -511,31 +334,20 @@ All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the -.Qq -Mitigation -Rules -and -the -prefer -Keyword +"MitigationRulesandthepreferKeyword" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) for further information. @item Cm This option is used only with broadcast server and manycast client modes. It specifies the time-to-live -.Ar -ttl -to +@kbd{ttl} to use on broadcast server and multicast server and the maximum -.Ar -ttl -for the expanding ring search with manycast +@kbd{ttl} for the expanding ring search with manycast client packets. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the @@ -547,7 +359,9 @@ Versions 1-4 are the choices, with version 4 the default. @end multitable -.Ss +@node Auxiliary +@section Auxiliary + Auxiliary Commands @table @samp @@ -563,8 +377,7 @@ Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in -.Sx -Authentication +@ref{Authentication}Authentication Options . @item Ic @@ -579,8 +392,7 @@ Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in -.Sx -Authentication +@ref{Authentication}Authentication Options . @item Ic @@ -595,13 +407,14 @@ Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric-key or public-key authentication as described in -.Sx -Authentication +@ref{Authentication}Authentication Options . @end multitable -.Sh +@node Authentication +@section Authentication + Authentication Support Authentication support allows the NTP client to verify that the @@ -644,26 +457,11 @@ are on the Building and Installing the Distribution page. Authentication is configured separately for each association using the -.Cm -key -or -.Cm -autokey -subcommand on the -.Ic -peer -, -.Ic -server -, -.Ic -broadcast -and -.Ic -manycastclient -configuration commands as described in -.Sx -Configuration +@code{key} or +@code{autokey} subcommand on the +@code{peer}, @code{server}, @code{broadcast} and +@code{manycastclient} configuration commands as described in +@ref{Configuration}Configuration Options page. The authentication @@ -691,17 +489,11 @@ the server certificate, verify its credentials and initialize the protocol The -.Cm -auth -flag controls whether new associations or +@code{auth} flag controls whether new associations or remote configuration commands require cryptographic authentication. This flag can be set or reset by the -.Ic -enable -and -.Ic -disable -commands and also by remote +@code{enable} and +@code{disable} commands and also by remote configuration commands sent by a @code{ntpdc(1ntpdcmdoc)} program running in @@ -716,9 +508,7 @@ even if not cryptographic authenticated. It should be understood that operating with the -.Ic -auth -flag disabled invites a significant vulnerability +@code{auth} flag disabled invites a significant vulnerability where a rogue hacker can masquerade as a falseticker and seriously disrupt system timekeeping. @@ -734,8 +524,7 @@ the authentication process itself. An attractive alternative where multicast support is available is manycast mode, in which clients periodically troll for servers as described in the -.Sx -Automatic +@ref{Automatic}Automatic NTP Configuration Options @@ -757,7 +546,9 @@ and reports at the NTP project page linked from .Li http://www.ntp.org/ . -.Ss +@node Symmetric-Key +@section Symmetric-Key + Symmetric-Key Cryptography The original RFC-1305 specification allows any one of possibly @@ -769,8 +560,7 @@ authenticate NTP packets. Keys and related information are specified in a key file, usually called -.Pa -ntp.keys +@file{ntp.keys}, , which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. @@ -785,15 +575,11 @@ utility programs. When @code{ntpd(1ntpdmdoc)} is first started, it reads the key file specified in the -.Ic -keys -configuration command and installs the keys +@code{keys} configuration command and installs the keys in the key cache. However, individual keys must be activated with the -.Ic -trusted -command before use. +@code{trusted} command before use. This allows, for instance, the installation of possibly several batches of keys and @@ -803,17 +589,15 @@ remotely using This also provides a revocation capability that can be used if a key becomes compromised. The -.Ic -requestkey -command selects the key used as the password for the +@code{requestkey} command selects the key used as the password for the @code{ntpdc(1ntpdcmdoc)} utility, while the -.Ic -controlkey -command selects the key used as the password for the +@code{controlkey} command selects the key used as the password for the @code{ntpq(1ntpqmdoc)} utility. -.Ss +@node Public +@section Public + Public Key Cryptography @@ -841,8 +625,7 @@ in which a pseudo-random key list is generated and used in reverse order. These schemes are described along with an executive summary, current status, briefing slides and reading list on the -.Sx -Autonomous +@ref{Autonomous}Autonomous Authentication page. @@ -860,10 +643,7 @@ along with the matching sign key. There are several schemes available in the OpenSSL software library, each identified by a specific string such as -.Cm -md5WithRSAEncryption -, -which stands for the MD5 message digest with RSA +@code{md5WithRSAEncryption}, which stands for the MD5 message digest with RSA encryption scheme. The current NTP distribution supports all the schemes in the OpenSSL library, including @@ -881,7 +661,9 @@ This requires the configuration file in all hosts to be engineered so that, even under anticipated failure conditions, the NTP subnet will form such that every group host can find a trail to at least one trusted host. -.Ss +@node Naming +@section Naming + Naming and Addressing @@ -916,7 +698,9 @@ For this reason operation with network address translation schemes is not possible. This reflects the intended robust security model where government and corporate NTP servers are operated outside firewall perimeters. -.Ss +@node Operation +@section Operation + Operation A specific combination of authentication scheme (none, symmetric key, public key) and identity scheme is called @@ -934,26 +718,14 @@ The cryptotype of an association is determined at the time of mobilization, either at configuration time or some time later when a message of appropriate cryptotype arrives. When mobilized by a -.Ic -server -or -.Ic -peer -configuration command and no -.Ic -key -or -.Ic -autokey -subcommands are present, the association is not +@code{server} or +@code{peer} configuration command and no +@code{key} or +@code{autokey} subcommands are present, the association is not authenticated; if the -.Ic -key -subcommand is present, the association is authenticated +@code{key} subcommand is present, the association is authenticated using the symmetric key ID specified; if the -.Ic -autokey -subcommand is present, the association is authenticated +@code{autokey} subcommand is present, the association is authenticated using Autokey. When multiple identity schemes are supported in the Autokey @@ -1010,7 +782,9 @@ servers (or the same server, although that might not be useful). But, wise security policy might preclude some cryptotype combinations; for instance, running an identity scheme with one server and no authentication with another might not be wise. -.Ss +@node Key +@section Key + Key Management The cryptographic values used by the Autokey protocol are @@ -1045,12 +819,10 @@ The certificate extension fields must not contain either a subject key identifier or a issuer key identifier field; however, an extended key usage field for a trusted host must contain the value -.Cm -trustRoot -; -. -Other extension fields are ignored. -.Ss +@code{trustRoot};. Other extension fields are ignored. +@node Authentication +@section Authentication + Authentication Commands @table @samp @@ -1070,63 +842,20 @@ Specifies the key identifier to use with the utility, which uses the standard protocol defined in RFC-1305. The -.Ar -key -argument is +@kbd{key} argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive. @item Xo -.Op -Cm -cert -Ar -file -.Op -Cm -leap -Ar -file -.Op -Cm -randfile -Ar -file -.Op -Cm -host -Ar -file -.Op -Cm -sign -Ar -file -.Op -Cm -gq -Ar -file -.Op -Cm -gqpar -Ar -file -.Op -Cm -iffpar -Ar -file -.Op -Cm -mvpar -Ar -file -.Op -Cm -pw -Ar -password -.Xc +[@code{cert} @code{Ar} @code{file} ] +[@code{leap} @code{Ar} @code{file} ] +[@code{randfile} @code{Ar} @code{file} ] +[@code{host} @code{Ar} @code{file} ] +[@code{sign} @code{Ar} @code{file} ] +[@code{gq} @code{Ar} @code{file} ] +[@code{gqpar} @code{Ar} @code{file} ] +[@code{iffpar} @code{Ar} @code{file} ] +[@code{mvpar} @code{Ar} @code{file} ] +[@code{pw} @code{Ar} @code{password} ] This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -1137,19 +866,15 @@ the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the -.Ic -keysdir -command or default -.Pa -/usr/local/etc +@code{keysdir} command or default +@file{/usr/local/etc}. . Following are the subcommands: @table @samp @item Cm Specifies the location of the required host public certificate file. This overrides the link -.Pa -ntpkey_cert_ +@file{ntpkey_cert_}NsArhostname Ns Ar hostname @@ -1158,8 +883,7 @@ in the keys directory. Specifies the location of the optional GQ parameters file. This overrides the link -.Pa -ntpkey_gq_ +@file{ntpkey_gq_}NsArhostname Ns Ar hostname @@ -1168,8 +892,7 @@ in the keys directory. Specifies the location of the required host key file. This overrides the link -.Pa -ntpkey_key_ +@file{ntpkey_key_}NsArhostname Ns Ar hostname @@ -1177,8 +900,7 @@ in the keys directory. @item Cm Specifies the location of the optional IFF parameters file.This overrides the link -.Pa -ntpkey_iff_ +@file{ntpkey_iff_}NsArhostname Ns Ar hostname @@ -1186,15 +908,13 @@ in the keys directory. @item Cm Specifies the location of the optional leapsecond file. This overrides the link -.Pa -ntpkey_leap +@file{ntpkey_leap} in the keys directory. @item Cm Specifies the location of the optional MV parameters file. This overrides the link -.Pa -ntpkey_mv_ +@file{ntpkey_mv_}NsArhostname Ns Ar hostname @@ -1212,8 +932,7 @@ The defaults are described in the main text above. Specifies the location of the optional sign key file. This overrides the link -.Pa -ntpkey_sign_ +@file{ntpkey_sign_}NsArhostname Ns Ar hostname @@ -1244,8 +963,7 @@ path This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is -.Pa -/usr/local/etc/ +@file{/usr/local/etc/}. . .It Ic @@ -1258,9 +976,7 @@ utility program, which uses a proprietary protocol specific to this implementation of @code{ntpd(1ntpdmdoc)}. The -.Ar -key -argument is a key identifier +@kbd{key} argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive. .It @@ -1296,117 +1012,70 @@ and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The -.Ar -key -arguments are 32-bit unsigned +@kbd{key} arguments are 32-bit unsigned integers with values from 1 to 65,534. @end multitable -.Ss +@node Error +@section Error + Error Codes The following error codes are reported via the NTP control and monitoring protocol trap mechanism. @table @samp @item 101 -.Pq -bad -field -format -or -length +(badfieldformatorlength) The packet has invalid version, length or format. @item 102 -.Pq -bad -timestamp +(badtimestamp) The packet timestamp is the same or older than the most recent received. This could be due to a replay or a server clock time step. @item 103 -.Pq -bad -filestamp +(badfilestamp) The packet filestamp is the same or older than the most recent received. This could be due to a replay or a key file generation error. @item 104 -.Pq -bad -or -missing -public -key +(badormissingpublickey) The public key is missing, has incorrect format or is an unsupported type. @item 105 -.Pq -unsupported -digest -type +(unsupporteddigesttype) The server requires an unsupported digest/signature scheme. @item 106 -.Pq -mismatched -digest -types +(mismatcheddigesttypes) Not used. @item 107 -.Pq -bad -signature -length +(badsignaturelength) The signature length does not match the current public key. @item 108 -.Pq -signature -not -verified +(signaturenotverified) The message fails the signature check. It could be bogus or signed by a different private key. @item 109 -.Pq -certificate -not -verified +(certificatenotverified) The certificate is invalid or signed with the wrong key. @item 110 -.Pq -certificate -not -verified +(certificatenotverified) The certificate is not yet valid or has expired or the signature could not be verified. @item 111 -.Pq -bad -or -missing -cookie +(badormissingcookie) The cookie is missing, corrupted or bogus. @item 112 -.Pq -bad -or -missing -leapseconds -table +(badormissingleapsecondstable) The leapseconds table is missing, corrupted or bogus. @item 113 -.Pq -bad -or -missing -certificate +(badormissingcertificate) The certificate is missing, corrupted or bogus. @item 114 -.Pq -bad -or -missing -identity +(badormissingidentity) The identity key is missing, corrupt or bogus. @end multitable -.Sh +@node Monitoring +@section Monitoring + Monitoring Support @code{ntpd(1ntpdmdoc)} @@ -1414,42 +1083,36 @@ includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the -.Ic -statistics -command below +@code{statistics} command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the -.Pa -./scripts +@file{./scripts} directory of this distribution. Using these facilities and -.Ux +@sc{UNIX} @code{cron(8)} jobs, the data can be automatically summarized and archived for retrospective analysis. -.Ss +@node Monitoring +@section Monitoring + Monitoring Commands @table @samp @item Ic Enables writing of statistics records. Currently, four kinds of -.Ar -name -statistics are supported. +@kbd{name} statistics are supported. @table @samp @item Cm Enables recording of clock driver statistics information. Each update received from a clock driver appends a line of the following form to the file generation set named -.Cm -clockstats -: -.Bd +@code{clockstats}: .Bd -literal 49213 525.624 127.127.4.1 93 226 00:08:29.606 D .Ed @@ -1471,10 +1134,7 @@ It enables recording of cryptographic public key protocol information. Each message received by the protocol module appends a line of the following form to the file generation set named -.Cm -cryptostats -: -.Bd +@code{cryptostats}: .Bd -literal 49213 525.624 127.127.4.1 message .Ed @@ -1485,8 +1145,7 @@ The next field shows the peer address in dotted-quad notation, The final message field includes the message type and certain ancillary information. See the -.Sx -Authentication +@ref{Authentication}Authentication Options section for further information. @item Cm @@ -1494,10 +1153,7 @@ Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named -.Cm -loopstats -: -.Bd +@code{loopstats}: .Bd -literal 50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 .Ed @@ -1516,10 +1172,7 @@ signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named -.Cm -peerstats -: -.Bd +@code{peerstats}: .Bd -literal 48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674 .Ed @@ -1541,10 +1194,7 @@ special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named -.Cm -rawstats -: -.Bd +@code{rawstats}: .Bd -literal 50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 .Ed @@ -1564,10 +1214,7 @@ Enables recording of ntpd statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named -.Cm -sysstats -: -.Bd +@code{sysstats}: .Bd -literal 50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 .Ed @@ -1609,9 +1256,7 @@ Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) -.Cm -filegen -filename prefix to be modified for file generation sets, which +@code{filegen} filename prefix to be modified for file generation sets, which is useful for handling statistics logs. .It Cm @@ -1619,27 +1264,10 @@ filegen Ar name Xo -.Op -Cm -file -Ar -filename -.Op -Cm -type -Ar -typename -.Op -Cm -link -| -nolink -.Op -Cm -enable -| -disable -.Xc +[@code{file} @code{Ar} @code{filename} ] +[@code{type} @code{Ar} @code{typename} ] +[@code{link} | @code{nolink} ] +[@code{enable} | @code{disable} ] Configures setting of generation file set name. Generation file sets provide a means for handling files that are @@ -1663,70 +1291,40 @@ program running at a remote location. @table @samp @item Cm This is the type of the statistics records, as shown in the -.Cm -statistics -command. +@code{statistics} command. @item Cm This is the file name for the statistics records. Filenames of set members are built from three concatenated elements -.Ar -Cm -prefix -, -.Ar -Cm -filename -and -.Ar -Cm -suffix -: -@table @samp +@kbd{Cm} @kbd{prefix}, @kbd{Cm} @kbd{filename} and +@kbd{Cm} @kbd{suffix}: @table @samp @item Cm This is a constant filename path. It is not subject to modifications via the -.Ar -filegen -option. +@kbd{filegen} option. It is defined by the server, usually specified as a compile-time constant. It may, however, be configurable for individual file generation sets via other commands. For example, the prefix used with -.Ar -loopstats -and -.Ar -peerstats -generation can be configured using the -.Ar -statsdir -option explained above. +@kbd{loopstats} and +@kbd{peerstats} generation can be configured using the +@kbd{statsdir} option explained above. @item Cm This string is directly concatenated to the prefix mentioned above (no intervening -.Ql -/ -) -. +@quoteleft{}/).@quoteright{} This can be modified using the file argument to the -.Ar -filegen -statement. +@kbd{filegen} statement. No -.Pa -.. +@file{..} elements are allowed in this component to prevent filenames referring to parts outside the filesystem hierarchy denoted by -.Ar -prefix -. -@item Cm +@kbd{prefix}. @item Cm This part is reflects individual elements of a file set. It is generated according to the type of a file set. @@ -1752,15 +1350,10 @@ separating files belonging to different @code{ntpd(1ntpdmdoc)} server incarnations. The set member filename is built by appending a -.Ql -\&. +@quoteleft{}\&.@quoteright{} to concatenated -.Ar -prefix -and -.Ar -filename -strings, and +@kbd{prefix} and +@kbd{filename} strings, and appending the decimal representation of the process ID of the @code{ntpd(1ntpdmdoc)} server process. @@ -1770,32 +1363,15 @@ A day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix consists of a -.Ql -\&. +@quoteleft{}\&.@quoteright{} and a day specification in the form -.Cm -YYYYMMdd -. -.Cm -YYYY -is a 4-digit year number (e.g., 1992). -.Cm -MM -is a two digit month number. -.Cm -dd -is a two digit day number. +@code{YYYYMMdd}. @code{YYYY} is a 4-digit year number (e.g., 1992). +@code{MM} is a two digit month number. +@code{dd} is a two digit day number. Thus, all information written at 10 December 1992 would end up in a file named -.Ar -prefix -.Ar -filename -Ns -.19921210 -. -@item Cm +@kbd{prefix} @kbd{filename} @kbd{Ns}.19921210. @item Cm Any file set member contains data related to a certain week of a year. The term week is defined by computing day-of-year @@ -1803,10 +1379,7 @@ modulo 7. Elements of such a file generation set are distinguished by appending the following suffix to the file set filename base: A dot, a 4-digit year number, the letter -.Cm -W -, -and a 2-digit week number. +@code{W}, and a 2-digit week number. For example, information from January, 10th 1992 would end up in a file with suffix .No @@ -1829,21 +1402,12 @@ This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter -.Cm -a -, -and an 8-digit number. +@code{a}, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying -.Cm -enable -; -output is prevented by specifying -.Cm -disable -. - +@code{enable}; output is prevented by specifying +@code{disable}. @end multitable .It Cm @@ -1854,22 +1418,14 @@ It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying -.Cm -link -and disabled using -.Cm -nolink -. -If link is specified, a +@code{link} and disabled using +@code{nolink}. If link is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter -.Cm -C -, -and the pid of the ntpd server process. +@code{C}, and the pid of the ntpd server process. When the number of links is greater than one, the file is unlinked. This @@ -1887,7 +1443,9 @@ Enables or disables the recording function. @end multitable @end multitable -.Sh +@node Access +@section Access + Access Control Support @@ -1904,22 +1462,11 @@ The list is searched in order with the last match found defining the restriction flags associated with the entry. Additional information and examples can be found in the -.Qq -Notes -on -Configuring -NTP -and -Setting -up -a -NTP -Subnet +"NotesonConfiguringNTPandSettingupaNTPSubnet" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . @@ -1950,7 +1497,9 @@ an indefinate period. When a client or network is denied access for an indefinate period, the only way at present to remove the restrictions is by restarting the server. -.Ss +@node The +@section The + The Kiss-of-Death Packet @@ -1966,16 +1515,10 @@ KoD packets have the leap bits set unsynchronized and stratum set to zero and the reference identifier field set to a four-byte ASCII code. If the -.Cm -noserve -or -.Cm -notrust -flag of the matching restrict list entry is set, +@code{noserve} or +@code{notrust} flag of the matching restrict list entry is set, the code is "DENY"; if the -.Cm -limited -flag is set and the rate limit +@code{limited} flag is set and the rate limit is exceeded, the code is "RATE". Finally, if a cryptographic violation occurs, the code is "CRYP". @@ -1991,41 +1534,24 @@ to restart the protocol at both the client and server. This happens automatically at the client when the association times out. It will happen at the server only if the server operator cooperates. -.Ss +@node Access +@section Access + Access Control Commands @table @samp @item Xo -.Op -Cm -average -Ar -avg -.Op -Cm -minimum -Ar -min -.Op -Cm -monitor -Ar -prob -.Xc +[@code{average} @code{Ar} @code{avg} ] +[@code{minimum} @code{Ar} @code{min} ] +[@code{monitor} @code{Ar} @code{prob} ] Set the parameters of the -.Cm -limited -facility which protects the server from +@code{limited} facility which protects the server from client abuse. The -.Cm -average -subcommand specifies the minimum average packet +@code{average} subcommand specifies the minimum average packet spacing, while the -.Cm -minimum -subcommand specifies the minimum packet spacing. +@code{minimum} subcommand specifies the minimum packet spacing. Packets that violate these minima are discarded and a kiss-o'-death packet returned if enabled. The default @@ -2033,55 +1559,25 @@ minimum average and minimum are 5 and 2, respectively. The monitor subcommand specifies the probability of discard for packets that overflow the rate-control window. @item Xo -.Op -Cm -mask -Ar -mask -.Op -Ar -flag -... -.Xc +[@code{mask} @code{Ar} @code{mask} ] +[@kbd{flag}... ] The -.Ar -address -argument expressed in +@kbd{address} argument expressed in dotted-quad form is the address of a host or network. Alternatively, the -.Ar -address -argument can be a valid host DNS name. +@kbd{address} argument can be a valid host DNS name. The -.Ar -mask -argument expressed in dotted-quad form defaults to -.Cm -255.255.255.255 -, -meaning that the -.Ar -address -is treated as the address of an individual host. +@kbd{mask} argument expressed in dotted-quad form defaults to +255.255.255.255, meaning that the +@kbd{address} is treated as the address of an individual host. A default entry (address -.Cm -0.0.0.0 -, -mask -.Cm -0.0.0.0 -) -is always included and is always the first entry in the list. +0.0.0.0, mask +0.0.0.0) is always included and is always the first entry in the list. Note that text string -.Cm -default -, -with no mask option, may +@code{default}, with no mask option, may be used to indicate the default entry. In the current implementation, -.Cm -flag -always +@code{flag} always restricts access, i.e., an entry with no flags indicates that free access to the server is to be given. The flags are not orthogonal, @@ -2115,9 +1611,7 @@ monitoring capability of @code{ntpd(1ntpdmdoc)}. Thus, monitoring is always active as long as there is a restriction entry with the -.Cm -limited -flag. +@code{limited} flag. @item Cm Declare traps set by matching hosts to be low priority. The @@ -2169,17 +1663,11 @@ Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both -.Cm -ntpport -and -.Cm -non-ntpport -may +@code{ntpport} and +@code{non-ntpport} may be specified. The -.Cm -ntpport -is considered more specific and +@code{ntpport} is considered more specific and is sorted later in the list. @item Cm Deny packets that do not match the current NTP version. @@ -2196,12 +1684,16 @@ with the default entry (i.e., everything besides your own NTP server is unrestricted). @end multitable -.Sh +@node Automatic +@section Automatic + Automatic NTP Configuration Options -.Ss +@node Manycasting +@section Manycasting + Manycasting Manycasting is a automatic discovery and configuration paradigm new to NTPv4. @@ -2239,13 +1731,8 @@ as well and is highly recommended, especially for broadcast modes. A persistent manycast client association is configured using the manycastclient command, which is similar to the server command but with a multicast (IPv4 class -.Cm -D -or IPv6 prefix -.Cm -FF -) -group address. +@code{D} or IPv6 prefix +@code{FF}) group address. The IANA has designated IPv4 address 224.1.1.1 and IPv6 address FF05::101 (site local) for NTP. When more servers are needed, it broadcasts manycast @@ -2257,9 +1744,7 @@ as different group address, each one serving as a template for a future ephemeral unicast client/server association. Manycast servers configured with the -.Ic -manycastserver -command listen on the specified group address for manycast +@code{manycastserver} command listen on the specified group address for manycast client messages. Note the distinction between manycast client, which actively broadcasts messages, and manycast server, @@ -2297,28 +1782,14 @@ as much as possible the volume of manycast client messages and the effects of implosion due to near-simultaneous arrival of manycast server messages. The strategy is determined by the -.Ic -manycastclient -, -.Ic -tos -and -.Ic -ttl -configuration commands. +@code{manycastclient}, @code{tos} and +@code{ttl} configuration commands. The manycast poll interval is normally eight times the system poll interval, which starts out at the -.Cm -minpoll -value specified in the -.Ic -manycastclient -, -command and, under normal circumstances, increments to the -.Cm -maxpolll -value specified in this command. +@code{minpoll} value specified in the +@code{manycastclient}, command and, under normal circumstances, increments to the +@code{maxpolll} value specified in this command. Initially, the TTL is set at the minimum hops specified by the ttl command. At each retransmission the TTL is increased until reaching @@ -2329,58 +1800,32 @@ Further retransmissions use the same TTL. The quality and reliability of the suite of associations discovered by the manycast client is determined by the NTP mitigation algorithms and the -.Cm -minclock -and -.Cm -minsane -values specified in the -.Ic -tos -configuration command. +@code{minclock} and +@code{minsane} values specified in the +@code{tos} configuration command. At least -.Cm -minsane -candidate servers must be available and the mitigation +@code{minsane} candidate servers must be available and the mitigation algorithms produce at least -.Cm -minclock -survivors in order to synchronize the clock. +@code{minclock} survivors in order to synchronize the clock. Byzantine agreement principles require at least four candidates in order to correctly discard a single falseticker. For legacy purposes, -.Cm -minsane -defaults to 1 and -.Cm -minclock -defaults to 3. +@code{minsane} defaults to 1 and +@code{minclock} defaults to 3. For manycast service -.Cm -minsane -should be explicitly set to 4, assuming at least that +@code{minsane} should be explicitly set to 4, assuming at least that number of servers are available. If at least -.Cm -minclock -servers are found, the manycast poll interval is immediately +@code{minclock} servers are found, the manycast poll interval is immediately set to eight times -.Cm -maxpoll -. -If less than -.Cm -minclock -servers are found when the TTL has reached the maximum hops, +@code{maxpoll}. If less than +@code{minclock} servers are found when the TTL has reached the maximum hops, the manycast poll interval is doubled. For each transmission after that, the poll interval is doubled again until reaching the maximum of eight times -.Cm -maxpoll -. -Further transmissions use the same poll interval and +@code{maxpoll}. Further transmissions use the same poll interval and TTL values. Note that while all this is going on, each client/server association found is operating normally @@ -2391,9 +1836,7 @@ specified by the network router configuration and, in the case of IPv6, the link/site scope prefix. By default, the increment for TTL hops is 32 starting from 31; however, the -.Ic -ttl -configuration command can be +@code{ttl} configuration command can be used to modify the values to match the scope rules. It is often useful to narrow the range of acceptable @@ -2407,26 +1850,15 @@ in TTL range will eventually find all primary servers in TTL range, which is probably not the most common objective in large networks. The -.Ic -tos -command can be used to modify this behavior. +@code{tos} command can be used to modify this behavior. Servers with stratum below -.Cm -floor -or above -.Cm -ceiling -specified in the -.Ic -tos -command are strongly discouraged during the selection +@code{floor} or above +@code{ceiling} specified in the +@code{tos} command are strongly discouraged during the selection process; however, these servers may be temporally accepted if the number of servers within TTL range is less than -.Cm -minclock -. - +@code{minclock}. The above actions occur for each manycast client message, which repeats at the designated poll interval. However, once the ephemeral client association is mobilized, @@ -2434,10 +1866,7 @@ subsequent manycast server replies are discarded, since that would result in a duplicate association. If during a poll interval the number of client associations falls below -.Cm -minclock -, -all manycast client prototype associations are reset +@code{minclock}, all manycast client prototype associations are reset to the initial poll interval and TTL hops and operation resumes from the beginning. It is important to avoid @@ -2446,9 +1875,7 @@ all manycast servers in TTL range to respond. The result could well be an implosion, either minor or major, depending on the number of servers in range. The recommended value for -.Cm -maxpoll -is 12 (4,096 s). +@code{maxpoll} is 12 (4,096 s). It is possible and frequently useful to configure a host as both manycast client and manycast server. @@ -2461,12 +1888,8 @@ subnet of two primary servers and a hundred or more dependent clients. With two exceptions, all servers and clients have identical configuration files including both -.Ic -multicastclient -and -.Ic -multicastserver -commands using, for instance, multicast group address +@code{multicastclient} and +@code{multicastserver} commands using, for instance, multicast group address 239.1.1.1. The only exception is that each primary server configuration file must include commands for the primary @@ -2474,15 +1897,11 @@ reference source such as a GPS receiver. The remaining configuration files for all secondary servers and clients have the same contents, except for the -.Ic -tos -command, which is specific for each stratum level. +@code{tos} command, which is specific for each stratum level. For stratum 1 and stratum 2 servers, that command is not necessary. For stratum 3 and above servers the -.Cm -floor -value is set to the intended stratum number. +@code{floor} value is set to the intended stratum number. Thus, all stratum 3 configuration files are identical, all stratum 4 files are identical and so forth. @@ -2517,7 +1936,9 @@ the rascals, sets the clock and then departs. Servers do not have to be configured in advance and all clients throughout the network can have the same configuration file. -.Ss +@node Manycast +@section Manycast + Manycast Interactions with @@ -2551,36 +1972,15 @@ At the same time, the manycast scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. -.Ss +@node Manycast +@section Manycast + Manycast Options @table @samp @item Xo .Oo -.Cm -ceiling -Ar -ceiling -| -.Cm -cohort -{ -0.Cm -floor -Ar -floor -| -.Cm -minclock -Ar -minclock -| -.Cm -minsane -Ar -minsane -.Oc -.Xc +@code{ceiling} @code{Ar} @code{ceiling} | @code{cohort}{ @code{0} | @code{1}} | @code{floor} @code{Ar} @code{floor} | @code{minclock} @code{Ar} @code{minclock} | @code{minsane} @code{Ar} @code{minsane} .Oc This command affects the clock selection and clustering algorithms. It can be used to select the quality and @@ -2591,12 +1991,8 @@ as follows: @table @samp @item Cm Peers with strata above -.Cm -ceiling -will be discarded if there are at least -.Cm -minclock -peers remaining. +@code{ceiling} will be discarded if there are at least +@code{minclock} peers remaining. This value defaults to 15, but can be changed to any number from 1 to 15. @item Cm @@ -2609,20 +2005,14 @@ are present. The default is to enable these replies. @item Cm Peers with strata below -.Cm -floor -will be discarded if there are at least -.Cm -minclock -peers remaining. +@code{floor} will be discarded if there are at least +@code{minclock} peers remaining. This value defaults to 1, but can be changed to any number from 1 to 15. @item Cm The clustering algorithm repeatedly casts out outlyer associations until no more than -.Cm -minclock -associations remain. +@code{minclock} associations remain. This value defaults to 3, but can be changed to any number from 1 to the number of configured sources. @@ -2636,9 +2026,7 @@ The default is 1 for legacy purposes. However, according to principles of Byzantine agreement, -.Cm -minsane -should be at least 4 in order to detect and discard +@code{minsane} should be at least 4 in order to detect and discard a single falseticker. @end multitable @@ -2656,7 +2044,9 @@ The default is eight multiples of 32 starting at 31. @end multitable -.Sh +@node Reference +@section Reference + Reference Clock Support @@ -2665,54 +2055,31 @@ satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can be found in the -.Qq -Reference -Clock -Drivers +"ReferenceClockDrivers" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . Additional information can be found in the pages linked there, including the -.Qq -Debugging -Hints -for -Reference -Clock -Drivers +"DebuggingHintsforReferenceClockDrivers" and -.Qq -How -To -Write -a -Reference -Clock -Driver +"HowToWriteaReferenceClockDriver" pages (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . In addition, support for a PPS signal is available as described in the -.Qq -Pulse-per-second -(PPS) -Signal -Interfacing +"Pulse-per-second(PPS)SignalInterfacing" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . Many @@ -2720,17 +2087,11 @@ drivers support special line discipline/streams modules which can significantly improve the accuracy using the driver. These are described in the -.Qq -Line -Disciplines -and -Streams -Drivers +"LineDisciplinesandStreamsDrivers" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . @@ -2772,101 +2133,59 @@ u .Sm on where -.Ar -t -is an integer +@kbd{t} is an integer denoting the clock type and -.Ar -u -indicates the unit +@kbd{u} indicates the unit number in the range 0-3. While it may seem overkill, it is in fact sometimes useful to configure multiple reference clocks of the same type, in which case the unit numbers must be unique. The -.Ic -server -command is used to configure a reference +@code{server} command is used to configure a reference clock, where the -.Ar -address -argument in that command +@kbd{address} argument in that command is the clock address. The -.Cm -key -, -.Cm -version -and -.Cm -ttl -options are not used for reference clock support. +@code{key}, @code{version} and +@code{ttl} options are not used for reference clock support. The -.Cm -mode -option is added for reference clock support, as +@code{mode} option is added for reference clock support, as described below. The -.Cm -prefer -option can be useful to +@code{prefer} option can be useful to persuade the server to cherish a reference clock with somewhat more enthusiasm than other reference clocks or peers. Further information on this option can be found in the -.Qq -Mitigation -Rules -and -the -prefer -Keyword +"MitigationRulesandthepreferKeyword" (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) page. The -.Cm -minpoll -and -.Cm -maxpoll -options have +@code{minpoll} and +@code{maxpoll} options have meaning only for selected clock drivers. See the individual clock driver document pages for additional information. The -.Ic -fudge -command is used to provide additional +@code{fudge} command is used to provide additional information for individual clock drivers and normally follows immediately after the -.Ic -server -command. +@code{server} command. The -.Ar -address -argument specifies the clock address. +@kbd{address} argument specifies the clock address. The -.Cm -refid -and -.Cm -stratum -options can be used to +@code{refid} and +@code{stratum} options can be used to override the defaults for the device. There are two optional device-dependent time offsets and four flags that can be included in the -.Ic -fudge -command as well. +@code{fudge} command as well. The stratum number of a reference clock is by default zero. Since the @@ -2877,20 +2196,18 @@ one. In order to provide engineered backups, it is often useful to specify the reference clock stratum as greater than zero. The -.Cm -stratum -option is used for this purpose. +@code{stratum} option is used for this purpose. Also, in cases involving both a reference clock and a pulse-per-second (PPS) discipline signal, it is useful to specify the reference clock identifier as other than the default, depending on the driver. The -.Cm -refid -option is used for this purpose. +@code{refid} option is used for this purpose. Except where noted, these options apply to all clock drivers. -.Ss +@node Reference +@section Reference + Reference Clock Commands @@ -2907,25 +2224,10 @@ Ar u .Sm on -.Op -Cm -prefer -.Op -Cm -mode -Ar -int -.Op -Cm -minpoll -Ar -int -.Op -Cm -maxpoll -Ar -int -.Xc +[@code{prefer} ] +[@code{mode} @code{Ar} @code{int} ] +[@code{minpoll} @code{Ar} @code{int} ] +[@code{maxpoll} @code{Ar} @code{int} ] This command can be used to configure reference clocks in special ways. The options are interpreted as follows: @@ -2936,18 +2238,11 @@ All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the -.Qq -Mitigation -Rules -and -the -prefer -Keyword +"MitigationRulesandthepreferKeyword" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) for further information. @item Cm @@ -2963,19 +2258,11 @@ These options specify the minimum and maximum polling interval for reference clock messages, as a power of 2 in seconds For most directly connected reference clocks, both -.Cm -minpoll -and -.Cm -maxpoll -default to 6 (64 s). +@code{minpoll} and +@code{maxpoll} default to 6 (64 s). For modem reference clocks, -.Cm -minpoll -defaults to 10 (17.1 m) and -.Cm -maxpoll -defaults to 14 (4.5 h). +@code{minpoll} defaults to 10 (17.1 m) and +@code{maxpoll} defaults to 14 (4.5 h). The allowable range is 4 (16 s) to 17 (36.4 h) inclusive. @end multitable @@ -2994,54 +2281,19 @@ Ar u .Sm on -.Op -Cm -time1 -Ar -sec -.Op -Cm -time2 -Ar -sec -.Op -Cm -stratum -Ar -int -.Op -Cm -refid -Ar -string -.Op -Cm -mode -Ar -int -.Op -Cm -flag1 -Cm -0.Op -Cm -flag2 -Cm -0.Op -Cm -flag3 -Cm -0.Op -Cm -flag4 -Cm -0.Xc +[@code{time1} @code{Ar} @code{sec} ] +[@code{time2} @code{Ar} @code{sec} ] +[@code{stratum} @code{Ar} @code{int} ] +[@code{refid} @code{Ar} @code{string} ] +[@code{mode} @code{Ar} @code{int} ] +[@code{flag1} @code{Cm} @code{0}\&| @code{Cm} @code{1} ] +[@code{flag2} @code{Cm} @code{0}\&| @code{Cm} @code{1} ] +[@code{flag3} @code{Cm} @code{0}\&| @code{Cm} @code{1} ] +[@code{flag4} @code{Cm} @code{0}\&| @code{Cm} @code{1} ] This command can be used to configure reference clocks in special ways. It must immediately follow the -.Ic -server -command which configures the driver. +@code{server} command which configures the driver. Note that the same capability is possible at run time using the @code{ntpdc(1ntpdcmdoc)} @@ -3069,22 +2321,15 @@ Note: in order to facilitate calibration when more than one radio clock or PPS signal is supported, a special calibration feature is available. It takes the form of an argument to the -.Ic -enable -command described in -.Sx -Miscellaneous +@code{enable} command described in +@ref{Miscellaneous}Miscellaneous Options page and operates as described in the -.Qq -Reference -Clock -Drivers +"ReferenceClockDrivers" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . @item Cm @@ -3092,15 +2337,11 @@ Specifies a fixed-point decimal number in seconds, which is interpreted in a driver-dependent way. See the descriptions of specific drivers in the -.Qq -Reference -Clock -Drivers +"ReferenceClockDrivers" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . @item Cm @@ -3131,29 +2372,22 @@ interpretation of these values, and whether they are used at all, is a function of the particular clock driver. However, by convention -.Cm -flag4 -is used to enable recording monitoring +@code{flag4} is used to enable recording monitoring data to the -.Cm -clockstats -file configured with the -.Ic -filegen -command. +@code{clockstats} file configured with the +@code{filegen} command. Further information on the -.Ic -filegen -command can be found in -.Sx -Monitoring +@code{filegen} command can be found in +@ref{Monitoring}Monitoring Options . @end multitable @end multitable -.Sh +@node Miscellaneous +@section Miscellaneous + Miscellaneous Options @table @samp @@ -3204,58 +2438,10 @@ drift file is located in, and that file system links, symbolic or otherwise, should be avoided. @item Xo .Oo -.Cm -auth -| -Cm -bclient -| -.Cm -calibrate -| -Cm -kernel -| -.Cm -monitor -| -Cm -ntp -| -.Cm -pps -| -Cm -stats -.Oc -.Xc +@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc @item Xo .Oo -.Cm -auth -| -Cm -bclient -| -.Cm -calibrate -| -Cm -kernel -| -.Cm -monitor -| -Cm -ntp -| -.Cm -pps -| -Cm -stats -.Oc -.Xc +@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc Provides a way to enable or disable various server options. Flags not mentioned are unaffected. Note that all of these flags @@ -3268,93 +2454,55 @@ Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. The default for this flag is -.Ic -enable -. -@item Cm +@code{enable}. @item Cm Enables the server to listen for a message from a broadcast or multicast server, as in the -.Ic -multicastclient -command with default +@code{multicastclient} command with default address. The default for this flag is -.Ic -disable -. -@item Cm +@code{disable}. @item Cm Enables the calibrate feature for reference clocks. The default for this flag is -.Ic -disable -. -@item Cm +@code{disable}. @item Cm Enables the kernel time discipline, if available. The default for this flag is -.Ic -enable -if support is available, otherwise -.Ic -disable -. -@item Cm +@code{enable} if support is available, otherwise +@code{disable}. @item Cm Enables the monitoring facility. See the @code{ntpdc(1ntpdcmdoc)} program and the -.Ic -monlist -command or further information. +@code{monlist} command or further information. The default for this flag is -.Ic -enable -. -@item Cm +@code{enable}. @item Cm Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is -.Ic -enable -. -@item Cm +@code{enable}. @item Cm Enables the pulse-per-second (PPS) signal when frequency and time is disciplined by the precision time kernel modifications. See the -.Qq -A -Kernel -Model -for -Precision -Timekeeping +"AKernelModelforPrecisionTimekeeping" (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) page for further information. The default for this flag is -.Ic -disable -. -@item Cm +@code{disable}. @item Cm Enables the statistics facility. See the -.Sx -Monitoring +@ref{Monitoring}Monitoring Options section for further information. The default for this flag is -.Ic -disable -. - +@code{disable}. @end multitable .It Ic @@ -3380,90 +2528,56 @@ This command controls the amount and type of output written to the system @code{syslog(3)} facility or the alternate -.Ic -logfile -log file. +@code{logfile} log file. By default, all output is turned on. All -.Ar -configkeyword -keywords can be prefixed with -.Ql -= -, -.Ql -+ +@kbd{configkeyword} keywords can be prefixed with +@quoteleft{}=,@quoteright{} +@quoteleft{}+@quoteright{} and -.Ql -- -, +@quoteleft{}-,@quoteright{} where -.Ql -= +@quoteleft{}=@quoteright{} sets the @code{syslog(3)} priority mask, -.Ql -+ +@quoteleft{}+@quoteright{} adds and -.Ql -- +@quoteleft{}-@quoteright{} removes messages. @code{syslog(3)} messages can be controlled in four classes .Po -.Cm -clock -, -.Cm -peer -, -.Cm -sys -and -.Cm -sync -.Pc +@code{clock}, @code{peer}, @code{sys} and +@code{sync} .Pc . Within these classes four types of messages can be controlled: informational messages .Po -.Cm -info -.Pc +@code{info} .Pc , event messages .Po -.Cm -events -.Pc +@code{events} .Pc , statistics messages .Po -.Cm -statistics -.Pc +@code{statistics} .Pc and status messages .Po -.Cm -status -.Pc +@code{status} .Pc . Configuration keywords are formed by concatenating the message class with the event class. The -.Cm -all -prefix can be used instead of a message class. +@code{all} prefix can be used instead of a message class. A message class may also be followed by the -.Cm -all -keyword to enable/disable all +@code{all} keyword to enable/disable all messages of the respective message class.Thus, a minimal log configuration could look like this: .Bd @@ -3518,15 +2632,11 @@ value .Sm on is followed by the -.Cm -default -keyword, the +@code{default} keyword, the variable will be listed as part of the default system variables .Po @code{ntpq(1ntpqmdoc)} -.Ic -rv -command +@code{rv} command .Pc ) . @@ -3536,9 +2646,7 @@ They are not related to the protocol other that they can be listed. The known protocol variables will always override any variables defined via the -.Ic -setvar -mechanism. +@code{setvar} mechanism. There are three special variables that contain the names of all variable of the same group. The @@ -3559,42 +2667,7 @@ Xo Ic tinker .Oo -.Cm -allan -Ar -allan -| -.Cm -dispersion -Ar -dispersion -| -.Cm -freq -Ar -freq -| -.Cm -huffpuff -Ar -huffpuff -| -.Cm -panic -Ar -panic -| -.Cm -step -Ar -srep -| -.Cm -stepout -Ar -stepout -.Oc -.Xc +@code{allan} @code{Ar} @code{allan} | @code{dispersion} @code{Ar} @code{dispersion} | @code{freq} @code{Ar} @code{freq} | @code{huffpuff} @code{Ar} @code{huffpuff} | @code{panic} @code{Ar} @code{panic} | @code{step} @code{Ar} @code{srep} | @code{stepout} @code{Ar} @code{stepout} .Oc This command can be used to alter several system variables in very exceptional circumstances. It should occur in the @@ -3665,17 +2738,8 @@ Ic trap Ar host_address -.Op -Cm -port -Ar -port_number -.Op -Cm -interface -Ar -interface_address -.Xc +[@code{port} @code{Ar} @code{port_number} ] +[@code{interface} @code{Ar} @code{interface_address} ] This command configures a trap receiver at the given host address and port number for sending messages with the specified local interface address. @@ -3712,141 +2776,3 @@ using the @code{agtexi-cmd} template and the option descriptions for the @code{n This software is released under the NTP license, . @menu -* ntp.conf usage:: ntp.conf help/usage (@option{--help}) -* ntp.conf config:: presetting/configuring ntp.conf -* ntp.conf exit status:: exit status -* ntp.conf Files:: Files -* ntp.conf See Also:: See Also -* ntp.conf Bugs:: Bugs -* ntp.conf Notes:: Notes -@end menu - -@node ntp.conf usage -@subsection ntp.conf help/usage (@option{--help}) -@cindex ntp.conf help - -This is the automatically generated usage text for ntp.conf. - -The text printed is the same whether selected with the @code{help} option -(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print -the usage text by passing it through a pager program. -@code{more-help} is disabled on platforms without a working -@code{fork(2)} function. The @code{PAGER} environment variable is -used to select the program, defaulting to @file{more}. Both will exit -with a status code of 0. - -@exampleindent 0 -@example -ntp.conf is unavailable - no --help -@end example -@exampleindent 4 - - - -@node ntp.conf config -@subsection presetting/configuring ntp.conf - -Any option that is not marked as @i{not presettable} may be preset by -loading values from environment variables named @code{NTP.CONF} and @code{NTP.CONF_}. @code{} must be one of -the options listed above in upper case and segmented with underscores. -The @code{NTP.CONF} variable will be tokenized and parsed like -the command line. The remaining variables are tested for existence and their -values are treated like option arguments. - - -The command line options relating to configuration and/or usage help are: - -@subsubheading version - -Print the program version to standard out, optionally with licensing -information, then exit 0. The optional argument specifies how much licensing -detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the -first letter of the argument is examined: - -@table @samp -@item version -Only print the version. This is the default. -@item copyright -Name the copyright usage licensing terms. -@item verbose -Print the full copyright usage licensing terms. -@end table - -@node ntp.conf exit status -@subsection ntp.conf exit status - -One of the following exit values will be returned: -@table @samp -@item 0 (EXIT_SUCCESS) -Successful program execution. -@item 1 (EXIT_FAILURE) -The operation failed or the command syntax was not valid. -@end table -@node ntp.conf Files -@subsection ntp.conf Files -@table @samp -@item Pa -the default name of the configuration file -@item Pa -private MD5 keys -@item Pa -RSA private key -@item Pa -RSA public key -@item Pa -Diffie-Hellman agreement parameters - -@end multitable -@node ntp.conf See Also -@subsection ntp.conf See Also -.Sh -SEE -ALSO -@code{ntpd(1ntpdmdoc)}, -@code{ntpdc(1ntpdcmdoc)}, -@code{ntpq(1ntpqmdoc)} - -In addition to the manual pages provided, -comprehensive documentation is available on the world wide web -at -.Li -http://www.ntp.org/ -. -A snapshot of this documentation is available in HTML format in -.Pa -/usr/share/doc/ntp -. -.Rs -.%A -David -L. -Mills -.%T -Network -Time -Protocol -(Version -4) -.%O -RFC5905 -.Re -@node ntp.conf Bugs -@subsection ntp.conf Bugs -The syntax checking is not picky; some combinations of -ridiculous and even hilarious options and modes may not be -detected. - -The -.Pa -ntpkey_ -Ns -Ar -host -files are really digital -certificates. -These should be obtained via secure directory -services when they become universally available. -@node ntp.conf Notes -@subsection ntp.conf Notes -This document corresponds to version @VERSION@ of NTP. -This document was derived from FreeBSD. diff --git a/ntpd/invoke-ntp.keys.texi b/ntpd/invoke-ntp.keys.texi index 3921e590e8..f1debb67c0 100644 --- a/ntpd/invoke-ntp.keys.texi +++ b/ntpd/invoke-ntp.keys.texi @@ -1,23 +1,21 @@ -@node ntp.keys Invocation -@section Invoking ntp.keys +@node ntp.keys Notes +@section Notes about ntp.keys @pindex ntp.keys @cindex NTP symmetric key file format @ignore # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed December 10, 2012 at 06:39:49 AM by AutoGen 5.16.2 +# It has been AutoGen-ed December 18, 2012 at 03:31:40 AM by AutoGen 5.16.2 # From the definitions ntp.keys.def -# and the template file agtexi-cmd.tpl +# and the template file agtexi-file.tpl @end ignore This document describes the format of an NTP symmetric key file. For a description of the use of this type of file, see the -.Qq -Authentication -Support +"AuthenticationSupport" section of the @code{ntp.conf(5)} page. @@ -25,9 +23,7 @@ page. @code{ntpd(8)} reads its keys from a file specified using the @code{-k} command line option or the -.Ic -keys -statement in the configuration file. +@code{keys} statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, @@ -45,29 +41,17 @@ type key where -.Ar -keyno -is a positive integer (between 1 and 65534), -.Ar -type -is the message digest algorithm, +@kbd{keyno} is a positive integer (between 1 and 65534), +@kbd{type} is the message digest algorithm, and -.Ar -key -is the key itself. +@kbd{key} is the key itself. The -.Ar -key -may be given in a format +@kbd{key} may be given in a format controlled by the -.Ar -type -field. +@kbd{type} field. The -.Ar -type -.Li +@kbd{type} .Li MD5 is always supported. If @@ -76,9 +60,7 @@ ntpd was built with the OpenSSL library then any digest library supported by that library may be specified. However, if compliance with FIPS 140-2 is required the -.Ar -type -must be either +@kbd{type} must be either .Li SHA or @@ -120,90 +102,3 @@ using the @code{agtexi-cmd} template and the option descriptions for the @code{n This software is released under the NTP license, . @menu -* ntp.keys usage:: ntp.keys help/usage (@option{--help}) -* ntp.keys config:: presetting/configuring ntp.keys -* ntp.keys exit status:: exit status -* ntp.keys Files:: Files -* ntp.keys See Also:: See Also -* ntp.keys Notes:: Notes -@end menu - -@node ntp.keys usage -@subsection ntp.keys help/usage (@option{--help}) -@cindex ntp.keys help - -This is the automatically generated usage text for ntp.keys. - -The text printed is the same whether selected with the @code{help} option -(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print -the usage text by passing it through a pager program. -@code{more-help} is disabled on platforms without a working -@code{fork(2)} function. The @code{PAGER} environment variable is -used to select the program, defaulting to @file{more}. Both will exit -with a status code of 0. - -@exampleindent 0 -@example -ntp.keys is unavailable - no --help -@end example -@exampleindent 4 - - - -@node ntp.keys config -@subsection presetting/configuring ntp.keys - -Any option that is not marked as @i{not presettable} may be preset by -loading values from environment variables named @code{NTP.KEYS} and @code{NTP.KEYS_}. @code{} must be one of -the options listed above in upper case and segmented with underscores. -The @code{NTP.KEYS} variable will be tokenized and parsed like -the command line. The remaining variables are tested for existence and their -values are treated like option arguments. - - -The command line options relating to configuration and/or usage help are: - -@subsubheading version - -Print the program version to standard out, optionally with licensing -information, then exit 0. The optional argument specifies how much licensing -detail to provide. The default is to print just the version. The licensing infomation may be selected with an option argument. Only the -first letter of the argument is examined: - -@table @samp -@item version -Only print the version. This is the default. -@item copyright -Name the copyright usage licensing terms. -@item verbose -Print the full copyright usage licensing terms. -@end table - -@node ntp.keys exit status -@subsection ntp.keys exit status - -One of the following exit values will be returned: -@table @samp -@item 0 (EXIT_SUCCESS) -Successful program execution. -@item 1 (EXIT_FAILURE) -The operation failed or the command syntax was not valid. -@end table -@node ntp.keys Files -@subsection ntp.keys Files -@table @samp -@item Pa -the default name of the configuration file - -@end multitable -@node ntp.keys See Also -@subsection ntp.keys See Also -@code{ntp.conf(5)}, -@code{ntpd(1ntpdmdoc)}, -@code{ntpdate(1ntpdatemdoc)}, -@code{ntpdc(1ntpdcmdoc)}, -@code{sntp(1sntpmdoc)} -@node ntp.keys Notes -@subsection ntp.keys Notes -This document corresponds to version @VERSION@ of NTP. -This document was derived from FreeBSD. diff --git a/ntpd/invoke-ntpd.texi b/ntpd/invoke-ntpd.texi index 9c64d17228..aae92c9c4d 100644 --- a/ntpd/invoke-ntpd.texi +++ b/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed December 10, 2012 at 06:39:50 AM by AutoGen 5.16.2 +# It has been AutoGen-ed December 18, 2012 at 03:57:30 AM by AutoGen 5.16.2 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -140,7 +140,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.7p334 +ntpd - NTP daemon program - Ver. 4.2.7p335 USAGE: ntpd [ - [] | --[@{=| @}] ]... \ [ ... ] Flg Arg Option-Name Description @@ -290,7 +290,7 @@ This is almost never a good idea. This is the ``configuration file name'' option. This option takes an argument string. The name and path of the configuration file, -/etc/ntp.conf +@file{/etc/ntp.conf} by default. @node ntpd driftfile @subsection driftfile option (-f) @@ -299,12 +299,12 @@ by default. This is the ``frequency drift file name'' option. This option takes an argument string. The name and path of the frequency file, -/etc/ntp.drift +@file{/etc/ntp.drift} by default. This is the same operation as the -driftfile driftfile +@code{driftfile} @kbd{driftfile} configuration specification in the -/etc/ntp.conf +@file{/etc/ntp.conf} file. @node ntpd panicgate @subsection panicgate option (-g) @@ -320,16 +320,16 @@ may appear an unlimited number of times. @end itemize Normally, -ntpd +@code{ntpd} exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, -ntpd +@code{ntpd} will exit with a message to the system log. This option can be used with the --q +@code{-q} and --x +@code{-x} options. See the -tinker +@code{tinker} configuration file directive for other options. @node ntpd jaildir @subsection jaildir option (-i) @@ -346,19 +346,17 @@ must be compiled in by defining @code{HAVE_DROPROOT} during the compilation. @end itemize Chroot the server to the directory -jaildir +@kbd{jaildir} . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a --u +@code{-u} option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +@code{--enable-clockctl}) and Linux (configure with +@code{--enable-linuxcaps}). @node ntpd interface @subsection interface option (-I) @cindex ntpd-interface @@ -377,7 +375,7 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -interface command, which is more versatile. +@code{interface} command, which is more versatile. @node ntpd keyfile @subsection keyfile option (-k) @cindex ntpd-keyfile @@ -385,10 +383,10 @@ interface command, which is more versatile. This is the ``path to symmetric keys'' option. This option takes an argument string. Specify the name and path of the symmetric key file. -/etc/ntp.keys +@file{/etc/ntp.keys} is the default. This is the same operation as the -keys keyfile +@code{keys} @kbd{keyfile} configuration file directive. @node ntpd logfile @subsection logfile option (-l) @@ -399,7 +397,7 @@ This option takes an argument string. Specify the name and path of the log file. The default is the system log file. This is the same operation as the -logfile logfile +@code{logfile} @kbd{logfile} configuration file directive. @node ntpd novirtualips @subsection novirtualips option (-L) @@ -408,7 +406,7 @@ configuration file directive. This is the ``do not listen to virtual interfaces'' option. Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please -consider using the configuration file interface command, which +consider using the configuration file @code{interface} command, which is more versatile. @node ntpd modifymmtimer @subsection modifymmtimer option (-M) @@ -432,7 +430,7 @@ avoiding timekeeping glitches associated with changes. This is the ``run at high priority'' option. To the extent permitted by the operating system, run -ntpd +@code{ntpd} at the highest priority. @node ntpd pidfile @subsection pidfile option (-p) @@ -441,10 +439,10 @@ at the highest priority. This is the ``path to the pid file'' option. This option takes an argument string. Specify the name and path of the file used to record -ntpd's +@code{ntpd}'s process ID. This is the same operation as the -pidfile pidfile +@code{pidfile} @kbd{pidfile} configuration file directive. @node ntpd priority @subsection priority option (-P) @@ -453,9 +451,9 @@ configuration file directive. This is the ``process priority'' option. This option takes an argument number. To the extent permitted by the operating system, run -ntpd +@code{ntpd} at the specified -sched_setscheduler(SCHED_FIFO) +@code{sched_setscheduler(SCHED_FIFO)} priority. @node ntpd quit @subsection quit option (-q) @@ -471,15 +469,15 @@ must not appear in combination with any of the following options: saveconfigquit, wait-sync. @end itemize -ntpd +@code{ntpd} will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the -ntpdate +@code{ntpdate} program, which will soon be replaced with a shell script. The --g +@code{-g} and --x +@code{-x} options can be used with this option. Note: The kernel time discipline is disabled with this option. @node ntpd propagationdelay @@ -506,7 +504,7 @@ must not appear in combination with any of the following options: quit, wait-sync. @end itemize -Cause ntpd to parse its startup configuration file and save an +Cause @code{ntpd} to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing. @node ntpd statsdir @@ -517,7 +515,7 @@ This is the ``statistics file location'' option. This option takes an argument string. Specify the directory path for files created by the statistics facility. This is the same operation as the -statsdir statsdir +@code{statsdir} @kbd{statsdir} configuration file directive. @node ntpd trustedkey @subsection trustedkey option (-t) @@ -533,7 +531,7 @@ This option has some usage constraints. It: may appear an unlimited number of times. @end itemize -Add a key number to the trusted key list. +Add the specified key number to the trusted key list. @node ntpd user @subsection user option (-u) @cindex ntpd-user @@ -552,10 +550,8 @@ Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +@code{--enable-clockctl}) and Linux (configure with +@code{--enable-linuxcaps}). @node ntpd updateinterval @subsection updateinterval option (-U) @cindex ntpd-updateinterval @@ -583,13 +579,13 @@ must not appear in combination with any of the following options: nofork, quit, saveconfigquit. @end itemize -If greater than zero, alters ntpd behavior when forking to +If greater than zero, alters @code{ntpd}'s behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, -otherwise it is ETIMEDOUT. -This provides the option for a script starting ntpd to easily +otherwise it is @code{ETIMEDOUT}. +This provides the option for a script starting @code{ntpd} to easily wait for the first set of the clock before proceeding. @node ntpd slew @subsection slew option (-x) @@ -601,12 +597,12 @@ This option sets the threshold to 600 s, which is well within the accuracy windo Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the --g +@code{-g} and --q +@code{-q} options. See the -tinker +@code{tinker} configuration file directive for other options. Note: The kernel time discipline is disabled with this option. @node ntpd usepcc @@ -622,8 +618,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{SYS_WINNT} during the compilation. @end itemize -Attempt to substitute the CPU counter for QueryPerformanceCounter. -The CPU counter and QueryPerformanceCounter are compared, and if +Attempt to substitute the CPU counter for @code{QueryPerformanceCounter}. +The CPU counter and @code{QueryPerformanceCounter} are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call. @node ntpd pccfreq @@ -640,7 +636,7 @@ This option has some usage constraints. It: must be compiled in by defining @code{SYS_WINNT} during the compilation. @end itemize -Force substitution the CPU counter for QueryPerformanceCounter. +Force substitution the CPU counter for @code{QueryPerformanceCounter}. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz). @node ntpd mdns @@ -701,10 +697,10 @@ The operation failed or the command syntax was not valid. @end table @node ntpd Usage @subsection ntpd Usage -.Ss -"How -NTP -Operates" +@node How NTP Operates +@section How NTP Operates + +How NTP Operates The @code{ntpd} utility operates by exchanging messages with @@ -722,12 +718,8 @@ interval of 64s, several minutes can elapse before the clock is set. This initial delay to set the clock can be safely and dramatically reduced using the -.Cm -iburst -keyword with the -.Ic -server -configuration +@code{iburst} keyword with the +@code{server} configuration command, as described in @code{ntp.conf(5)}. @@ -825,23 +817,18 @@ frequency error is so large that the first sample is outside the acceptable range, @code{ntpd} enters the same state as when the -.Pa -ntp.drift +@file{ntp.drift} file is not present. The intent of this behavior is to quickly correct the frequency and restore operation to the normal tracking mode. In the most extreme cases (the host -.Cm -time.ien.it -comes to mind), there may be occasional +time.ien.it comes to mind), there may be occasional step/slew corrections and subsequent frequency corrections. It helps in these cases to use the -.Cm -burst -keyword when +@code{burst} keyword when configuring the server, but ONLY when you have permission to do so from the owner of the target host. @@ -856,23 +843,16 @@ but this was never more than a mediocre hack and is no longer needed. There is a way to start @code{ntpd(8)} that often addresses all of the problems mentioned above. -.Ss -"Starting -NTP -(Best -Current -Practice)" +@node Starting NTP (Best Current Practice) +@section Starting NTP (Best Current Practice) + +Starting NTP (Best Current Practice) First, use the -.Cm -iburst -option on your -.Cm -server -entries. +@code{iburst} option on your +@code{server} entries. If you can also keep a good -.Pa -ntp.drift +@file{ntp.drift} file then @code{ntpd(8)} will effectively "warm-start" and your system's clock will @@ -891,9 +871,7 @@ as much time as possible to get the system's clock synchronized and stable. Finally, if you have processes like -.Cm -dovecot -or database servers +@code{dovecot} or database servers that require monotonically-increasing time, run @@ -906,15 +884,15 @@ and after exits successfully it is as safe as it will ever be to start any process that require stable time. -.Ss -"Frequency -Discipline" +@node Frequency Discipline +@section Frequency Discipline + +Frequency Discipline The @code{ntpd} behavior at startup depends on whether the frequency file, usually -.Pa -ntp.drift +@file{ntp.drift}, , exists. This file @@ -941,22 +919,20 @@ frequency is initialized from the file and enters normal mode immediately. After that the current frequency offset is written to the file at hourly intervals. -.Ss -"Operating -Modes" +@node Operating Modes +@section Operating Modes + +Operating Modes The @code{ntpd} utility can operate in any of several modes, including symmetric active/passive, client/server broadcast/multicast and manycast, as described in the -.Qq -Association -Management +"AssociationManagement" page (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}). ) . It normally operates continuously while @@ -1012,12 +988,8 @@ setting the clock for the first time. The procedure for initially setting the clock is the same as in continuous mode; most applications will probably want to specify the -.Cm -iburst -keyword with the -.Ic -server -configuration command. +@code{iburst} keyword with the +@code{server} configuration command. With this keyword a volley of messages are exchanged to groom the data and the clock is set in about 10 s. @@ -1049,10 +1021,10 @@ stopped and run in one-time mode as required. At each startup, the frequency is read from the file and initializes the kernel frequency. -.Ss -"Poll -Interval -Control" +@node Poll Interval Control +@section Poll Interval Control + +Poll Interval Control This version of NTP includes an intricate state machine to reduce the network load while maintaining a quality of synchronization consistent with the observed jitter and wander. @@ -1064,16 +1036,10 @@ the consequences of changing the poll adjustment range from the default minimum of 64 s to the default maximum of 1,024 s. The default minimum can be changed with the -.Ic -tinker -.Cm -minpoll -command to a value not less than 16 s. +@code{tinker} @code{minpoll} command to a value not less than 16 s. This value is used for all configured associations, unless overridden by the -.Cm -minpoll -option on the configuration command. +@code{minpoll} option on the configuration command. Note that most device drivers will not operate properly if the poll interval is less than 64 s and that the broadcast server and manycast client associations will @@ -1095,18 +1061,17 @@ At a minimum of 1,024 s, for example, the capture range is only 31 PPM. If the intrinsic error is greater than this, the drift file -.Pa -ntp.drift +@file{ntp.drift} will have to be specially tailored to reduce the residual error below this limit. Once this is done, the drift file is automatically updated once per hour and is available to initialize the frequency on subsequent daemon restarts. -.Ss -"The -huff-n'-puff -Filter" +@node The huff-n'-puff Filter +@section The huff-n'-puff Filter + +The huff-n'-puff Filter In scenarios where a considerable amount of data are to be downloaded or uploaded over telephone modems, timekeeping quality can be seriously degraded. @@ -1135,12 +1100,8 @@ and positive (puff) correction, which depends on the sign of the offset. The filter is activated by the -.Ic -tinker -command and -.Cm -huffpuff -keyword, as described in +@code{tinker} command and +@code{huffpuff} keyword, as described in @code{ntp.conf(5)}. @node ntpd Files @subsection ntpd Files @@ -1167,8 +1128,7 @@ at http://www.ntp.org/ . A snapshot of this documentation is available in HTML format in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}. . .Rs .%A diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man index a65282c15c..714d800109 100644 --- a/ntpd/ntp.conf.5man +++ b/ntpd/ntp.conf.5man @@ -1,8 +1,8 @@ -.TH ntp.conf 5man "10 Dec 2012" "4.2.7p334" "File Formats" +.TH ntp.conf 5man "17 Dec 2012" "4.2.7p335" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:34 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:40 AM by AutoGen 5.16.2 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .\" diff --git a/ntpd/ntp.conf.5mdoc b/ntpd/ntp.conf.5mdoc index b1bdc39d07..9b3c2bcb5a 100644 --- a/ntpd/ntp.conf.5mdoc +++ b/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTP_CONF 5mdoc File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:53 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:32 AM by AutoGen 5.16.2 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntp.conf.html b/ntpd/ntp.conf.html index 97266f3b73..e3b234f439 100644 --- a/ntpd/ntp.conf.html +++ b/ntpd/ntp.conf.html @@ -33,7 +33,7 @@ Up: (dir)

This document describes the configuration file for the NTP Project's ntpd program. -

This document applies to version 4.2.7p334 of ntp.conf. +

This document applies to version 4.2.7p335 of ntp.conf.

Short Contents

@@ -43,13 +43,14 @@ Up: (dir)

- +Previous: Top, +Up: Top
diff --git a/ntpd/ntp.conf.man.in b/ntpd/ntp.conf.man.in index 8e234ff48a..4f0a641c04 100644 --- a/ntpd/ntp.conf.man.in +++ b/ntpd/ntp.conf.man.in @@ -1,8 +1,8 @@ -.TH ntp.conf 5 "10 Dec 2012" "4.2.7p334" "File Formats" +.TH ntp.conf 5 "17 Dec 2012" "4.2.7p335" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:34 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:40 AM by AutoGen 5.16.2 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .\" diff --git a/ntpd/ntp.conf.mdoc.in b/ntpd/ntp.conf.mdoc.in index 7fd448f908..80bd198ed0 100644 --- a/ntpd/ntp.conf.mdoc.in +++ b/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTP_CONF 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:53 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:32 AM by AutoGen 5.16.2 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpd/ntp.keys.5man b/ntpd/ntp.keys.5man index 70f5b9cbc7..bda0511be4 100644 --- a/ntpd/ntp.keys.5man +++ b/ntpd/ntp.keys.5man @@ -1,8 +1,8 @@ -.TH ntp.keys 5man "10 Dec 2012" "4.2.7p334" "File Formats" +.TH ntp.keys 5man "17 Dec 2012" "4.2.7p335" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:38 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:44 AM by AutoGen 5.16.2 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .\" diff --git a/ntpd/ntp.keys.5mdoc b/ntpd/ntp.keys.5mdoc index 2be3bbc3df..06de12c29c 100644 --- a/ntpd/ntp.keys.5mdoc +++ b/ntpd/ntp.keys.5mdoc @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTP_KEYS 5mdoc File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:54 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:34 AM by AutoGen 5.16.2 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/ntpd/ntp.keys.html b/ntpd/ntp.keys.html index ecc6907395..0bd6e91e41 100644 --- a/ntpd/ntp.keys.html +++ b/ntpd/ntp.keys.html @@ -33,7 +33,7 @@ Up: (dir)

This document describes the symmetric key file for the NTP Project's ntpd program. -

This document applies to version 4.2.7p334 of ntp.keys. +

This document applies to version 4.2.7p335 of ntp.keys.

Short Contents

@@ -43,13 +43,14 @@ Up: (dir)

- +Previous: Top, +Up: Top
diff --git a/ntpd/ntp.keys.man.in b/ntpd/ntp.keys.man.in index 9765d857fb..39e2b51b00 100644 --- a/ntpd/ntp.keys.man.in +++ b/ntpd/ntp.keys.man.in @@ -1,8 +1,8 @@ -.TH ntp.keys 5 "10 Dec 2012" "4.2.7p334" "File Formats" +.TH ntp.keys 5 "17 Dec 2012" "4.2.7p335" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:38 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:44 AM by AutoGen 5.16.2 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .\" diff --git a/ntpd/ntp.keys.mdoc.in b/ntpd/ntp.keys.mdoc.in index d250345215..c9ba0af7db 100644 --- a/ntpd/ntp.keys.mdoc.in +++ b/ntpd/ntp.keys.mdoc.in @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTP_KEYS 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:54 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:34 AM by AutoGen 5.16.2 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/ntpd/ntpd-opts.c b/ntpd/ntpd-opts.c index 3b44a1ed07..80be8b0432 100644 --- a/ntpd/ntpd-opts.c +++ b/ntpd/ntpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.c) * - * It has been AutoGen-ed December 10, 2012 at 06:37:06 AM by AutoGen 5.16.2 + * It has been AutoGen-ed December 17, 2012 at 11:36:48 AM by AutoGen 5.16.2 * From the definitions ntpd-opts.def * and the template file options * @@ -78,7 +78,7 @@ extern FILE * option_usage_fp; * ntpd option static const strings */ static char const ntpd_opt_strs[2987] = -/* 0 */ "ntpd 4.2.7p334\n" +/* 0 */ "ntpd 4.2.7p335\n" "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -204,12 +204,12 @@ static char const ntpd_opt_strs[2987] = /* 2753 */ "Output version information and exit\0" /* 2789 */ "version\0" /* 2797 */ "NTPD\0" -/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p334\n" +/* 2802 */ "ntpd - NTP daemon program - Ver. 4.2.7p335\n" "USAGE: %s [ - [] | --[{=| }] ]... \\\n" "\t\t[ ... ]\n\0" /* 2935 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 2969 */ "\n\n\0" -/* 2972 */ "ntpd 4.2.7p334"; +/* 2972 */ "ntpd 4.2.7p335"; /* * ipv4 option description with diff --git a/ntpd/ntpd-opts.h b/ntpd/ntpd-opts.h index 8f412b2efe..11a7926acf 100644 --- a/ntpd/ntpd-opts.h +++ b/ntpd/ntpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.h) * - * It has been AutoGen-ed December 10, 2012 at 06:37:05 AM by AutoGen 5.16.2 + * It has been AutoGen-ed December 17, 2012 at 11:36:47 AM by AutoGen 5.16.2 * From the definitions ntpd-opts.def * and the template file options * @@ -104,8 +104,8 @@ typedef enum { } teOptIndex; #define OPTION_CT 37 -#define NTPD_VERSION "4.2.7p334" -#define NTPD_FULL_VERSION "ntpd 4.2.7p334" +#define NTPD_VERSION "4.2.7p335" +#define NTPD_FULL_VERSION "ntpd 4.2.7p335" /* * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpd/ntpd.1ntpdman b/ntpd/ntpd.1ntpdman index 37e2702823..5463a81644 100644 --- a/ntpd/ntpd.1ntpdman +++ b/ntpd/ntpd.1ntpdman @@ -1,8 +1,8 @@ -.TH ntpd 1ntpdman "10 Dec 2012" "4.2.7p334" "User Commands" +.TH ntpd 1ntpdman "17 Dec 2012" "4.2.7p335" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:41 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:47 AM by AutoGen 5.16.2 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .\" @@ -58,7 +58,7 @@ Allow us to sync to broadcast servers. configuration file name. .sp The name and path of the configuration file, -/etc/ntp.conf +\fI/etc/ntp.conf\fP by default. .TP .BR \-d ", " -\-debug\-level @@ -76,12 +76,12 @@ This option takes an integer number as its argument. frequency drift file name. .sp The name and path of the frequency file, -/etc/ntp.drift +\fI/etc/ntp.drift\fP by default. This is the same operation as the -driftfile driftfile +\fBdriftfile\fP \fIdriftfile\fP configuration specification in the -/etc/ntp.conf +\fI/etc/ntp.conf\fP file. .TP .BR \-g ", " -\-panicgate @@ -89,35 +89,33 @@ Allow the first adjustment to be Big. This option may appear an unlimited number of times. .sp Normally, -ntpd +\fBntpd\fP exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, -ntpd +\fBntpd\fP will exit with a message to the system log. This option can be used with the --q +\fB-q\fP and --x +\fB-x\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. .TP .BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP Jail directory. .sp Chroot the server to the directory -jaildir +\fIjaildir\fP . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a --u +\fB-u\fP option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +\fB--enable-clockctl\fP) and Linux (configure with +\fB--enable-linuxcaps\fP). .TP .BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP Listen on an interface name or address. @@ -127,16 +125,16 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -interface command, which is more versatile. +\fBinterface\fP command, which is more versatile. .TP .BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP path to symmetric keys. .sp Specify the name and path of the symmetric key file. -/etc/ntp.keys +\fI/etc/ntp.keys\fP is the default. This is the same operation as the -keys keyfile +\fBkeys\fP \fIkeyfile\fP configuration file directive. .TP .BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP @@ -145,7 +143,7 @@ path to the log file. Specify the name and path of the log file. The default is the system log file. This is the same operation as the -logfile logfile +\fBlogfile\fP \fIlogfile\fP configuration file directive. .TP .BR \-L ", " -\-novirtualips @@ -153,7 +151,7 @@ Do not listen to virtual interfaces. .sp Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please -consider using the configuration file interface command, which +consider using the configuration file \fBinterface\fP command, which is more versatile. .TP .BR \-M ", " -\-modifymmtimer @@ -173,17 +171,17 @@ wait-sync. Run at high priority. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the highest priority. .TP .BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP path to the PID file. .sp Specify the name and path of the file used to record -ntpd's +\fBntpd\fP's process ID. This is the same operation as the -pidfile pidfile +\fBpidfile\fP \fIpidfile\fP configuration file directive. .TP .BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP @@ -191,9 +189,9 @@ Process priority. This option takes an integer number as its argument. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the specified -sched_setscheduler(SCHED_FIFO) +\fBsched_setscheduler(SCHED_FIFO)\fP priority. .TP .BR \-q ", " -\-quit @@ -201,15 +199,15 @@ Set the time and quit. This option must not appear in combination with any of the following options: saveconfigquit, wait-sync. .sp -ntpd +\fBntpd\fP will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the -ntpdate +\fBntpdate\fP program, which will soon be replaced with a shell script. The --g +\fB-g\fP and --x +\fB-x\fP options can be used with this option. Note: The kernel time discipline is disabled with this option. .TP @@ -223,7 +221,7 @@ Save parsed configuration and quit. This option must not appear in combination with any of the following options: quit, wait-sync. .sp -Cause ntpd to parse its startup configuration file and save an +Cause \fBntpd\fP to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing. .TP @@ -232,14 +230,14 @@ Statistics file location. .sp Specify the directory path for files created by the statistics facility. This is the same operation as the -statsdir statsdir +\fBstatsdir\fP \fIstatsdir\fP configuration file directive. .TP .BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP Trusted key number. This option may appear an unlimited number of times. .sp -Add a key number to the trusted key list. +Add the specified key number to the trusted key list. .TP .BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP Run as userid (or userid:groupid). @@ -248,10 +246,8 @@ Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +\fB--enable-clockctl\fP) and Linux (configure with +\fB--enable-linuxcaps\fP). .TP .BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP interval in seconds between scans for new or dropped interfaces. @@ -278,13 +274,13 @@ This option must not appear in combination with any of the following options: nofork, quit, saveconfigquit. This option takes an integer number as its argument. .sp -If greater than zero, alters ntpd behavior when forking to +If greater than zero, alters \fBntpd\fP's behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, -otherwise it is ETIMEDOUT. -This provides the option for a script starting ntpd to easily +otherwise it is \fBETIMEDOUT\fP. +This provides the option for a script starting \fBntpd\fP to easily wait for the first set of the clock before proceeding. .TP .BR \-x ", " -\-slew @@ -295,27 +291,27 @@ This option sets the threshold to 600 s, which is well within the accuracy windo Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the --g +\fB-g\fP and --q +\fB-q\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. Note: The kernel time discipline is disabled with this option. .TP .BR \-\-usepcc Use CPU cycle counter (Windows only). .sp -Attempt to substitute the CPU counter for QueryPerformanceCounter. -The CPU counter and QueryPerformanceCounter are compared, and if +Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call. .TP .BR \-\-pccfreq "=\fIstring\fP" Force CPU cycle counter use (Windows only). .sp -Force substitution the CPU counter for QueryPerformanceCounter. +Force substitution the CPU counter for \fBQueryPerformanceCounter\fP. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz). .TP diff --git a/ntpd/ntpd.1ntpdmdoc b/ntpd/ntpd.1ntpdmdoc index 931c38eb6a..137fb45505 100644 --- a/ntpd/ntpd.1ntpdmdoc +++ b/ntpd/ntpd.1ntpdmdoc @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTPD 1ntpdmdoc User Commands .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:56 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:36 AM by AutoGen 5.16.2 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -58,7 +58,7 @@ Allow us to sync to broadcast servers. configuration file name. .sp The name and path of the configuration file, -/etc/ntp.conf +\fI/etc/ntp.conf\fP by default. .It \-d ", " -\-debug\-level Increase debug verbosity level. @@ -75,46 +75,44 @@ This option takes an integer number as its argument. frequency drift file name. .sp The name and path of the frequency file, -/etc/ntp.drift +\fI/etc/ntp.drift\fP by default. This is the same operation as the -driftfile driftfile +\fBdriftfile\fP \fIdriftfile\fP configuration specification in the -/etc/ntp.conf +\fI/etc/ntp.conf\fP file. .It \-g ", " -\-panicgate Allow the first adjustment to be Big. This option may appear an unlimited number of times. .sp Normally, -ntpd +\fBntpd\fP exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, -ntpd +\fBntpd\fP will exit with a message to the system log. This option can be used with the --q +\fB\-q\fP and --x +\fB\-x\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. .It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP Jail directory. .sp Chroot the server to the directory -jaildir +\fIjaildir\fP . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a --u +\fB\-u\fP option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --\-enable\-clockctl -) and Linux (configure with --\-enable\-linuxcaps -). +\fB\-\-enable\-clockctl\fP) and Linux (configure with +\fB\-\-enable\-linuxcaps\fP). .It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP Listen on an interface name or address. This option may appear an unlimited number of times. @@ -123,15 +121,15 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -interface command, which is more versatile. +\fBinterface\fP command, which is more versatile. .It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP path to symmetric keys. .sp Specify the name and path of the symmetric key file. -/etc/ntp.keys +\fI/etc/ntp.keys\fP is the default. This is the same operation as the -keys keyfile +\fBkeys\fP \fIkeyfile\fP configuration file directive. .It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP path to the log file. @@ -139,14 +137,14 @@ path to the log file. Specify the name and path of the log file. The default is the system log file. This is the same operation as the -logfile logfile +\fBlogfile\fP \fIlogfile\fP configuration file directive. .It \-L ", " -\-novirtualips Do not listen to virtual interfaces. .sp Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please -consider using the configuration file interface command, which +consider using the configuration file \fBinterface\fP command, which is more versatile. .It \-M ", " -\-modifymmtimer Modify Multimedia Timer (Windows only). @@ -164,40 +162,40 @@ wait-sync. Run at high priority. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the highest priority. .It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP path to the PID file. .sp Specify the name and path of the file used to record -ntpd's +\fBntpd\fP's process ID. This is the same operation as the -pidfile pidfile +\fBpidfile\fP \fIpidfile\fP configuration file directive. .It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP Process priority. This option takes an integer number as its argument. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the specified -sched_setscheduler(SCHED_FIFO) +\fBsched_setscheduler(SCHED_FIFO)\fP priority. .It \-q ", " -\-quit Set the time and quit. This option must not appear in combination with any of the following options: saveconfigquit, wait-sync. .sp -ntpd +\fBntpd\fP will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the -ntpdate +\fBntpdate\fP program, which will soon be replaced with a shell script. The --g +\fB\-g\fP and --x +\fB\-x\fP options can be used with this option. Note: The kernel time discipline is disabled with this option. .It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP @@ -209,7 +207,7 @@ Save parsed configuration and quit. This option must not appear in combination with any of the following options: quit, wait-sync. .sp -Cause ntpd to parse its startup configuration file and save an +Cause \fBntpd\fP to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing. .It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP @@ -217,13 +215,13 @@ Statistics file location. .sp Specify the directory path for files created by the statistics facility. This is the same operation as the -statsdir statsdir +\fBstatsdir\fP \fIstatsdir\fP configuration file directive. .It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP Trusted key number. This option may appear an unlimited number of times. .sp -Add a key number to the trusted key list. +Add the specified key number to the trusted key list. .It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP Run as userid (or userid:groupid). .sp @@ -231,10 +229,8 @@ Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --\-enable\-clockctl -) and Linux (configure with --\-enable\-linuxcaps -). +\fB\-\-enable\-clockctl\fP) and Linux (configure with +\fB\-\-enable\-linuxcaps\fP). .It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP interval in seconds between scans for new or dropped interfaces. This option takes an integer number as its argument. @@ -259,13 +255,13 @@ This option must not appear in combination with any of the following options: nofork, quit, saveconfigquit. This option takes an integer number as its argument. .sp -If greater than zero, alters ntpd behavior when forking to +If greater than zero, alters \fBntpd\fP's behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, -otherwise it is ETIMEDOUT. -This provides the option for a script starting ntpd to easily +otherwise it is \fBETIMEDOUT\fP. +This provides the option for a script starting \fBntpd\fP to easily wait for the first set of the clock before proceeding. .It \-x ", " -\-slew Slew up to 600 seconds. @@ -275,25 +271,25 @@ This option sets the threshold to 600 s, which is well within the accuracy windo Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the --g +\fB\-g\fP and --q +\fB\-q\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. Note: The kernel time discipline is disabled with this option. .It \-\-usepcc Use CPU cycle counter (Windows only). .sp -Attempt to substitute the CPU counter for QueryPerformanceCounter. -The CPU counter and QueryPerformanceCounter are compared, and if +Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call. .It \-\-pccfreq "=\fIstring\fP" Force CPU cycle counter use (Windows only). .sp -Force substitution the CPU counter for QueryPerformanceCounter. +Force substitution the CPU counter for \fBQueryPerformanceCounter\fP. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz). .It \-m ", " -\-mdns diff --git a/ntpd/ntpd.html b/ntpd/ntpd.html index 3b1e4683c6..bf47d58b4b 100644 --- a/ntpd/ntpd.html +++ b/ntpd/ntpd.html @@ -3,7 +3,7 @@ ntpd: Network Time Protocol (NTP) Daemon User's Manual - + @@ -14,20 +14,18 @@ pre.smallformat { font-family:inherit; font-size:smaller } pre.smallexample { font-size:smaller } pre.smalllisp { font-size:smaller } - span.sc { font-variant:small-caps } - span.roman { font-family:serif; font-weight:normal; } - span.sansserif { font-family:sans-serif; font-weight:normal; } + span.sc { font-variant:small-caps } + span.roman { font-family: serif; font-weight: normal; } -->

ntpd: Network Time Protocol (NTP) Daemon User's Manual

-

-Next: , +Next: , Previous: (dir), Up: (dir) - +

ntpd: Network Time Protocol (NTP) Daemon User Manual

@@ -50,10 +48,9 @@ cryptography.
-

- - + +
@@ -81,10 +78,9 @@ If nothing is heard after a few minutes' time, the daemon times out and exits without setting the clock.
-

- - + +

Invoking ntpd

@@ -164,7 +160,7 @@ using the agtexi-cmd template and the option descriptions for the < This software is released under the NTP license, <http://ntp.org/license>.
    -
  • ntpd usage: ntpd help/usage (--help) +
  • ntpd usage: ntpd help/usage (--help)
  • ntpd ipv4: ipv4 option (-4)
  • ntpd ipv6: ipv6 option (-6)
  • ntpd authreq: authreq option (-a) @@ -203,24 +199,23 @@ This software is released under the NTP license, <http://ntp.org/license>.
-

-Next: , +Next: , Up: ntpd Invocation - +
-

ntpd help/usage (--help)

+

ntpd help/usage (--help)

This is the automatically generated usage text for ntpd.

The text printed is the same whether selected with the help option -(--help) or the more-help option (--more-help). more-help will print +(--help) or the more-help option (--more-help). more-help will print the usage text by passing it through a pager program. more-help is disabled on platforms without a working fork(2) function. The PAGER environment variable is -used to select the program, defaulting to more. Both will exit +used to select the program, defaulting to more. Both will exit with a status code of 0. 

ntpd - NTP daemon program - Ver. 4.2.7p334
@@ -299,12 +294,11 @@ The following option preset mechanisms are supported:
 please send bug reports to:  http://bugs.ntp.org, bugs@ntp.org
-

-Next: , +Next: , Previous: ntpd usage, Up: ntpd Invocation - +

ipv4 option (-4)

@@ -321,12 +315,11 @@ ipv6.

Force DNS resolution of following host names on the command line to the IPv4 namespace.

-

-Next: , +Next: , Previous: ntpd ipv4, Up: ntpd Invocation - +

ipv6 option (-6)

@@ -343,12 +336,11 @@ ipv4.

Force DNS resolution of following host names on the command line to the IPv6 namespace.

-

-Next: , +Next: , Previous: ntpd ipv6, Up: ntpd Invocation - +

authreq option (-a)

@@ -366,12 +358,11 @@ authnoreq. multicast client and symmetric passive associations. This is the default.
-

-Next: , +Next: , Previous: ntpd authreq, Up: ntpd Invocation - +

authnoreq option (-A)

@@ -389,12 +380,11 @@ authreq. multicast client and symmetric passive associations. This is almost never a good idea.
-

-Next: , +Next: , Previous: ntpd authnoreq, Up: ntpd Invocation - +

configfile option (-c)

@@ -406,12 +396,11 @@ The name and path of the configuration file, /etc/ntp.conf by default.
-

-Next: , +Next: , Previous: ntpd configfile, Up: ntpd Invocation - +

driftfile option (-f)

@@ -428,12 +417,11 @@ configuration specification in the /etc/ntp.conf file.
-

-Next: , +Next: , Previous: ntpd driftfile, Up: ntpd Invocation - +

panicgate option (-g)

@@ -459,12 +447,11 @@ See the tinker configuration file directive for other options.
-

-Next: , +Next: , Previous: ntpd panicgate, Up: ntpd Invocation - +

jaildir option (-i)

@@ -493,19 +480,18 @@ This option is supported under NetBSD (configure with –enable-linuxcaps ).
-

-Next: , +Next: , Previous: ntpd jaildir, Up: ntpd Invocation - +

interface option (-I)

This is the “listen on an interface name or address” option. -This option takes an argument string iface. +This option takes an argument string iface.

This option has some usage constraints. It:

    @@ -518,12 +504,11 @@ also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.
    -

    -Next: , +Next: , Previous: ntpd interface, Up: ntpd Invocation - +

    keyfile option (-k)

    @@ -538,12 +523,11 @@ This is the same operation as the keys keyfile configuration file directive.
    -

    -Next: , +Next: , Previous: ntpd keyfile, Up: ntpd Invocation - +

    logfile option (-l)

    @@ -557,12 +541,11 @@ This is the same operation as the logfile logfile configuration file directive.
    -

    -Next: , +Next: , Previous: ntpd logfile, Up: ntpd Invocation - +

    novirtualips option (-L)

    @@ -574,12 +557,11 @@ names containing a colon. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.
    -

    -Next: , +Next: , Previous: ntpd novirtualips, Up: ntpd Invocation - +

    modifymmtimer option (-M)

    @@ -596,12 +578,11 @@ This is the “modify multimedia timer (windows only)” option. ensures the resolution does not change while ntpd is running, avoiding timekeeping glitches associated with changes.
    -

    -Next: , +Next: , Previous: ntpd modifymmtimer, Up: ntpd Invocation - +

    nice option (-N)

    @@ -612,12 +593,11 @@ To the extent permitted by the operating system, run ntpd at the highest priority.
    -

    -Next: , +Next: , Previous: ntpd nice, Up: ntpd Invocation - +

    pidfile option (-p)

    @@ -632,12 +612,11 @@ This is the same operation as the pidfile pidfile configuration file directive.
    -

    -Next: , +Next: , Previous: ntpd pidfile, Up: ntpd Invocation - +

    priority option (-P)

    @@ -651,12 +630,11 @@ at the specified sched_setscheduler(SCHED_FIFO) priority.
    -

    -Next: , +Next: , Previous: ntpd priority, Up: ntpd Invocation - +

    quit option (-q)

    @@ -682,12 +660,11 @@ and options can be used with this option. Note: The kernel time discipline is disabled with this option.
    -

    -Next: , +Next: , Previous: ntpd quit, Up: ntpd Invocation - +

    propagationdelay option (-r)

    @@ -697,12 +674,11 @@ This is the “broadcast/propagation delay” option. This option takes an argument string. Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
    -

    -Next: , +Next: , Previous: ntpd propagationdelay, Up: ntpd Invocation - +

    saveconfigquit option

    @@ -722,12 +698,11 @@ quit, wait-sync. equivalent to the given filename and exit. This option was designed for automated testing.
    -

    -Next: , +Next: , Previous: ntpd saveconfigquit, Up: ntpd Invocation - +

    statsdir option (-s)

    @@ -740,19 +715,18 @@ This is the same operation as the statsdir statsdir configuration file directive.
    -

    -Next: , +Next: , Previous: ntpd statsdir, Up: ntpd Invocation - +

    trustedkey option (-t)

    This is the “trusted key number” option. -This option takes an argument string tkey. +This option takes an argument string tkey.

    This option has some usage constraints. It:

      @@ -761,12 +735,11 @@ This option takes an argument string tkey

      Add a key number to the trusted key list.

      -

      -Next: , +Next: , Previous: ntpd trustedkey, Up: ntpd Invocation - +

      user option (-u)

      @@ -789,12 +762,11 @@ This option is supported under NetBSD (configure with –enable-linuxcaps ).
      -

      -Next: , +Next: , Previous: ntpd user, Up: ntpd Invocation - +

      updateinterval option (-U)

      @@ -807,13 +779,11 @@ For systems with routing socket support the scans will be performed shortly afte has been detected by the system. Use 0 to disable scanning. 60 seconds is the minimum time between scans.
      - -

      -Next: , +Next: , Previous: ntpd updateinterval, Up: ntpd Invocation - +

      wait-sync option (-w)

      @@ -838,12 +808,11 @@ otherwise it is ETIMEDOUT. This provides the option for a script starting ntpd to easily wait for the first set of the clock before proceeding.
      -

      -Next: , +Next: , Previous: ntpd wait-sync, Up: ntpd Invocation - +

      slew option (-x)

      @@ -864,12 +833,11 @@ tinker configuration file directive for other options. Note: The kernel time discipline is disabled with this option.
      -

      -Next: , +Next: , Previous: ntpd slew, Up: ntpd Invocation - +

      usepcc option

      @@ -887,12 +855,11 @@ The CPU counter and QueryPerformanceCounter are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call.
      -

      -Next: , +Next: , Previous: ntpd usepcc, Up: ntpd Invocation - +

      pccfreq option

      @@ -910,12 +877,11 @@ This option takes an argument string. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz).
      -

      -Next: , +Next: , Previous: ntpd pccfreq, Up: ntpd Invocation - +

      mdns option (-m)

      @@ -932,12 +898,11 @@ This is the “register with mdns as a ntp server” option. the server to be discovered via mDNS client lookup.
      -

      -Next: , +Next: , Previous: ntpd mdns, Up: ntpd Invocation - +

      presetting/configuring ntpd

      @@ -959,34 +924,32 @@ detail to provide. The default is to print just the version. The licensing inf first letter of the argument is examined:
      -
      version
      Only print the version. This is the default. -
      copyright
      Name the copyright usage licensing terms. -
      verbose
      Print the full copyright usage licensing terms. +
      version
      Only print the version. This is the default. +
      copyright
      Name the copyright usage licensing terms. +
      verbose
      Print the full copyright usage licensing terms.
      -

      -Next: , +Next: , Previous: ntpd config, Up: ntpd Invocation - +

      ntpd exit status

      One of the following exit values will be returned:

      -
      0 (EXIT_SUCCESS)
      Successful program execution. -
      1 (EXIT_FAILURE)
      The operation failed or the command syntax was not valid. +
      0 (EXIT_SUCCESS)
      Successful program execution. +
      1 (EXIT_FAILURE)
      The operation failed or the command syntax was not valid.
      -

      -Next: , +Next: , Previous: ntpd exit status, Up: ntpd Invocation - +

      ntpd Usage

      @@ -1433,28 +1396,26 @@ huffpuff keyword, as described in ntp.conf(5).
      -

      -Next: , +Next: , Previous: ntpd Usage, Up: ntpd Invocation - +

      ntpd Files

      -
      Pa
      the default name of the configuration file -
      Pa
      the default name of the drift file -
      Pa
      the default name of the key file +
      Pa
      the default name of the configuration file +
      Pa
      the default name of the drift file +
      Pa
      the default name of the key file
      -

      -Next: , +Next: , Previous: ntpd Files, Up: ntpd Invocation - +

      ntpd See Also

      @@ -1610,12 +1571,11 @@ DHCPv6 RFC5908 .Re
      -

      -Next: , +Next: , Previous: ntpd See Also, Up: ntpd Invocation - +

      ntpd Bugs

      @@ -1631,11 +1591,10 @@ the fancy features which consume the space were designed more with a busy primary server, rather than a high stratum workstation in mind.
      -

      -Previous: ntpd Bugs, +Previous: ntpd Bugs, Up: ntpd Invocation - +

      ntpd Notes

      @@ -1644,10 +1603,9 @@ Up: ntpd Invocation Portions of this document came from FreeBSD.
      -

      - - + +
      diff --git a/ntpd/ntpd.man.in b/ntpd/ntpd.man.in index 9da0678714..9fc01aec93 100644 --- a/ntpd/ntpd.man.in +++ b/ntpd/ntpd.man.in @@ -1,8 +1,8 @@ -.TH ntpd @NTPD_MS@ "10 Dec 2012" "4.2.7p334" "User Commands" +.TH ntpd @NTPD_MS@ "17 Dec 2012" "4.2.7p335" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:41 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 17, 2012 at 11:37:47 AM by AutoGen 5.16.2 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .\" @@ -58,7 +58,7 @@ Allow us to sync to broadcast servers. configuration file name. .sp The name and path of the configuration file, -/etc/ntp.conf +\fI/etc/ntp.conf\fP by default. .TP .BR \-d ", " -\-debug\-level @@ -76,12 +76,12 @@ This option takes an integer number as its argument. frequency drift file name. .sp The name and path of the frequency file, -/etc/ntp.drift +\fI/etc/ntp.drift\fP by default. This is the same operation as the -driftfile driftfile +\fBdriftfile\fP \fIdriftfile\fP configuration specification in the -/etc/ntp.conf +\fI/etc/ntp.conf\fP file. .TP .BR \-g ", " -\-panicgate @@ -89,35 +89,33 @@ Allow the first adjustment to be Big. This option may appear an unlimited number of times. .sp Normally, -ntpd +\fBntpd\fP exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, -ntpd +\fBntpd\fP will exit with a message to the system log. This option can be used with the --q +\fB-q\fP and --x +\fB-x\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. .TP .BR \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP Jail directory. .sp Chroot the server to the directory -jaildir +\fIjaildir\fP . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a --u +\fB-u\fP option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +\fB--enable-clockctl\fP) and Linux (configure with +\fB--enable-linuxcaps\fP). .TP .BR \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP Listen on an interface name or address. @@ -127,16 +125,16 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -interface command, which is more versatile. +\fBinterface\fP command, which is more versatile. .TP .BR \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP path to symmetric keys. .sp Specify the name and path of the symmetric key file. -/etc/ntp.keys +\fI/etc/ntp.keys\fP is the default. This is the same operation as the -keys keyfile +\fBkeys\fP \fIkeyfile\fP configuration file directive. .TP .BR \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP @@ -145,7 +143,7 @@ path to the log file. Specify the name and path of the log file. The default is the system log file. This is the same operation as the -logfile logfile +\fBlogfile\fP \fIlogfile\fP configuration file directive. .TP .BR \-L ", " -\-novirtualips @@ -153,7 +151,7 @@ Do not listen to virtual interfaces. .sp Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please -consider using the configuration file interface command, which +consider using the configuration file \fBinterface\fP command, which is more versatile. .TP .BR \-M ", " -\-modifymmtimer @@ -173,17 +171,17 @@ wait-sync. Run at high priority. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the highest priority. .TP .BR \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP path to the PID file. .sp Specify the name and path of the file used to record -ntpd's +\fBntpd\fP's process ID. This is the same operation as the -pidfile pidfile +\fBpidfile\fP \fIpidfile\fP configuration file directive. .TP .BR \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP @@ -191,9 +189,9 @@ Process priority. This option takes an integer number as its argument. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the specified -sched_setscheduler(SCHED_FIFO) +\fBsched_setscheduler(SCHED_FIFO)\fP priority. .TP .BR \-q ", " -\-quit @@ -201,15 +199,15 @@ Set the time and quit. This option must not appear in combination with any of the following options: saveconfigquit, wait-sync. .sp -ntpd +\fBntpd\fP will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the -ntpdate +\fBntpdate\fP program, which will soon be replaced with a shell script. The --g +\fB-g\fP and --x +\fB-x\fP options can be used with this option. Note: The kernel time discipline is disabled with this option. .TP @@ -223,7 +221,7 @@ Save parsed configuration and quit. This option must not appear in combination with any of the following options: quit, wait-sync. .sp -Cause ntpd to parse its startup configuration file and save an +Cause \fBntpd\fP to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing. .TP @@ -232,14 +230,14 @@ Statistics file location. .sp Specify the directory path for files created by the statistics facility. This is the same operation as the -statsdir statsdir +\fBstatsdir\fP \fIstatsdir\fP configuration file directive. .TP .BR \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP Trusted key number. This option may appear an unlimited number of times. .sp -Add a key number to the trusted key list. +Add the specified key number to the trusted key list. .TP .BR \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP Run as userid (or userid:groupid). @@ -248,10 +246,8 @@ Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with ---enable-clockctl -) and Linux (configure with ---enable-linuxcaps -). +\fB--enable-clockctl\fP) and Linux (configure with +\fB--enable-linuxcaps\fP). .TP .BR \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP interval in seconds between scans for new or dropped interfaces. @@ -278,13 +274,13 @@ This option must not appear in combination with any of the following options: nofork, quit, saveconfigquit. This option takes an integer number as its argument. .sp -If greater than zero, alters ntpd behavior when forking to +If greater than zero, alters \fBntpd\fP's behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, -otherwise it is ETIMEDOUT. -This provides the option for a script starting ntpd to easily +otherwise it is \fBETIMEDOUT\fP. +This provides the option for a script starting \fBntpd\fP to easily wait for the first set of the clock before proceeding. .TP .BR \-x ", " -\-slew @@ -295,27 +291,27 @@ This option sets the threshold to 600 s, which is well within the accuracy windo Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the --g +\fB-g\fP and --q +\fB-q\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. Note: The kernel time discipline is disabled with this option. .TP .BR \-\-usepcc Use CPU cycle counter (Windows only). .sp -Attempt to substitute the CPU counter for QueryPerformanceCounter. -The CPU counter and QueryPerformanceCounter are compared, and if +Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call. .TP .BR \-\-pccfreq "=\fIstring\fP" Force CPU cycle counter use (Windows only). .sp -Force substitution the CPU counter for QueryPerformanceCounter. +Force substitution the CPU counter for \fBQueryPerformanceCounter\fP. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz). .TP diff --git a/ntpd/ntpd.mdoc.in b/ntpd/ntpd.mdoc.in index 909d6c200a..fd2428d7c7 100644 --- a/ntpd/ntpd.mdoc.in +++ b/ntpd/ntpd.mdoc.in @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTPD @NTPD_MS@ User Commands .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:39:56 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:36 AM by AutoGen 5.16.2 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -58,7 +58,7 @@ Allow us to sync to broadcast servers. configuration file name. .sp The name and path of the configuration file, -/etc/ntp.conf +\fI/etc/ntp.conf\fP by default. .It \-d ", " -\-debug\-level Increase debug verbosity level. @@ -75,46 +75,44 @@ This option takes an integer number as its argument. frequency drift file name. .sp The name and path of the frequency file, -/etc/ntp.drift +\fI/etc/ntp.drift\fP by default. This is the same operation as the -driftfile driftfile +\fBdriftfile\fP \fIdriftfile\fP configuration specification in the -/etc/ntp.conf +\fI/etc/ntp.conf\fP file. .It \-g ", " -\-panicgate Allow the first adjustment to be Big. This option may appear an unlimited number of times. .sp Normally, -ntpd +\fBntpd\fP exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, -ntpd +\fBntpd\fP will exit with a message to the system log. This option can be used with the --q +\fB\-q\fP and --x +\fB\-x\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. .It \-i " \fIstring\fP, " \-\-jaildir "=" \fIstring\fP Jail directory. .sp Chroot the server to the directory -jaildir +\fIjaildir\fP . This option also implies that the server attempts to drop root privileges at startup. You may need to also specify a --u +\fB\-u\fP option. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --\-enable\-clockctl -) and Linux (configure with --\-enable\-linuxcaps -). +\fB\-\-enable\-clockctl\fP) and Linux (configure with +\fB\-\-enable\-linuxcaps\fP). .It \-I " \fIiface\fP, " \-\-interface "=" \fIiface\fP Listen on an interface name or address. This option may appear an unlimited number of times. @@ -123,15 +121,15 @@ Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file -interface command, which is more versatile. +\fBinterface\fP command, which is more versatile. .It \-k " \fIstring\fP, " \-\-keyfile "=" \fIstring\fP path to symmetric keys. .sp Specify the name and path of the symmetric key file. -/etc/ntp.keys +\fI/etc/ntp.keys\fP is the default. This is the same operation as the -keys keyfile +\fBkeys\fP \fIkeyfile\fP configuration file directive. .It \-l " \fIstring\fP, " \-\-logfile "=" \fIstring\fP path to the log file. @@ -139,14 +137,14 @@ path to the log file. Specify the name and path of the log file. The default is the system log file. This is the same operation as the -logfile logfile +\fBlogfile\fP \fIlogfile\fP configuration file directive. .It \-L ", " -\-novirtualips Do not listen to virtual interfaces. .sp Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please -consider using the configuration file interface command, which +consider using the configuration file \fBinterface\fP command, which is more versatile. .It \-M ", " -\-modifymmtimer Modify Multimedia Timer (Windows only). @@ -164,40 +162,40 @@ wait-sync. Run at high priority. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the highest priority. .It \-p " \fIstring\fP, " \-\-pidfile "=" \fIstring\fP path to the PID file. .sp Specify the name and path of the file used to record -ntpd's +\fBntpd\fP's process ID. This is the same operation as the -pidfile pidfile +\fBpidfile\fP \fIpidfile\fP configuration file directive. .It \-P " \fInumber\fP, " \-\-priority "=" \fInumber\fP Process priority. This option takes an integer number as its argument. .sp To the extent permitted by the operating system, run -ntpd +\fBntpd\fP at the specified -sched_setscheduler(SCHED_FIFO) +\fBsched_setscheduler(SCHED_FIFO)\fP priority. .It \-q ", " -\-quit Set the time and quit. This option must not appear in combination with any of the following options: saveconfigquit, wait-sync. .sp -ntpd +\fBntpd\fP will not daemonize and will exit after the clock is first synchronized. This behavior mimics that of the -ntpdate +\fBntpdate\fP program, which will soon be replaced with a shell script. The --g +\fB\-g\fP and --x +\fB\-x\fP options can be used with this option. Note: The kernel time discipline is disabled with this option. .It \-r " \fIstring\fP, " \-\-propagationdelay "=" \fIstring\fP @@ -209,7 +207,7 @@ Save parsed configuration and quit. This option must not appear in combination with any of the following options: quit, wait-sync. .sp -Cause ntpd to parse its startup configuration file and save an +Cause \fBntpd\fP to parse its startup configuration file and save an equivalent to the given filename and exit. This option was designed for automated testing. .It \-s " \fIstring\fP, " \-\-statsdir "=" \fIstring\fP @@ -217,13 +215,13 @@ Statistics file location. .sp Specify the directory path for files created by the statistics facility. This is the same operation as the -statsdir statsdir +\fBstatsdir\fP \fIstatsdir\fP configuration file directive. .It \-t " \fItkey\fP, " \-\-trustedkey "=" \fItkey\fP Trusted key number. This option may appear an unlimited number of times. .sp -Add a key number to the trusted key list. +Add the specified key number to the trusted key list. .It \-u " \fIstring\fP, " \-\-user "=" \fIstring\fP Run as userid (or userid:groupid). .sp @@ -231,10 +229,8 @@ Specify a user, and optionally a group, to switch to. This option is only available if the OS supports adjusting the clock without full root privileges. This option is supported under NetBSD (configure with --\-enable\-clockctl -) and Linux (configure with --\-enable\-linuxcaps -). +\fB\-\-enable\-clockctl\fP) and Linux (configure with +\fB\-\-enable\-linuxcaps\fP). .It \-U " \fInumber\fP, " \-\-updateinterval "=" \fInumber\fP interval in seconds between scans for new or dropped interfaces. This option takes an integer number as its argument. @@ -259,13 +255,13 @@ This option must not appear in combination with any of the following options: nofork, quit, saveconfigquit. This option takes an integer number as its argument. .sp -If greater than zero, alters ntpd behavior when forking to +If greater than zero, alters \fBntpd\fP's behavior when forking to daemonize. Instead of exiting with status 0 immediately after the fork, the parent waits up to the specified number of seconds for the child to first synchronize the clock. The exit status is zero (success) if the clock was synchronized, -otherwise it is ETIMEDOUT. -This provides the option for a script starting ntpd to easily +otherwise it is \fBETIMEDOUT\fP. +This provides the option for a script starting \fBntpd\fP to easily wait for the first set of the clock before proceeding. .It \-x ", " -\-slew Slew up to 600 seconds. @@ -275,25 +271,25 @@ This option sets the threshold to 600 s, which is well within the accuracy windo Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the --g +\fB\-g\fP and --q +\fB\-q\fP options. See the -tinker +\fBtinker\fP configuration file directive for other options. Note: The kernel time discipline is disabled with this option. .It \-\-usepcc Use CPU cycle counter (Windows only). .sp -Attempt to substitute the CPU counter for QueryPerformanceCounter. -The CPU counter and QueryPerformanceCounter are compared, and if +Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if they have the same frequency, the CPU counter (RDTSC on x86) is used directly, saving the overhead of a system call. .It \-\-pccfreq "=\fIstring\fP" Force CPU cycle counter use (Windows only). .sp -Force substitution the CPU counter for QueryPerformanceCounter. +Force substitution the CPU counter for \fBQueryPerformanceCounter\fP. The CPU counter (RDTSC on x86) is used unconditionally with the given frequency (in Hz). .It \-m ", " -\-mdns diff --git a/ntpdc/invoke-ntpdc.texi b/ntpdc/invoke-ntpdc.texi index 86eca7d697..b61260aa3e 100644 --- a/ntpdc/invoke-ntpdc.texi +++ b/ntpdc/invoke-ntpdc.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi) # -# It has been AutoGen-ed December 10, 2012 at 06:40:27 AM by AutoGen 5.16.2 +# It has been AutoGen-ed December 18, 2012 at 03:57:58 AM by AutoGen 5.16.2 # From the definitions ntpdc-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -69,7 +69,7 @@ with a status code of 0. @exampleindent 0 @example -ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334 +ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335 USAGE: ntpdc [ - [] | --[@{=| @}] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution @@ -401,9 +401,10 @@ Otherwise, will attempt to read interactive format commands from the standard input. -.Ss -"Interactive -Commands" +@node Interactive Commands +@section Interactive Commands + +Interactive Commands Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to @@ -411,9 +412,7 @@ uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a -.Ql -\&> -, +@quoteleft{}\&>,@quoteright{} followed by a file name, to the command line. A number of interactive format commands are executed entirely @@ -427,16 +426,12 @@ following. @item Ic @item Ic A -.Sq -Ic -\&? +@quoteleft{}Ic\&?@quoteright{} will print a list of all the command keywords known to this incarnation of @code{ntpdc}. A -.Sq -Ic -\&? +@quoteleft{}Ic\&?@quoteright{} followed by a command keyword will print function and usage information about the command. This command is probably a better @@ -459,20 +454,13 @@ Hostname may be either a host name or a numeric address. @item Ic If -.Cm -yes -is specified, host names are printed in +@code{yes} is specified, host names are printed in information displays. If -.Cm -no -is specified, numeric +@code{no} is specified, numeric addresses are printed instead. The default is -.Cm -yes -, -unless +@code{yes}, unless modified using the command line @code{-n} switch. @item Ic @@ -501,10 +489,10 @@ retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set. @end multitable -.Ss -"Control -Message -Commands" +@node Control Message Commands +@section Control Message Commands + +Control Message Commands Query commands result in NTP mode 7 packets containing requests for information being sent to the server. These are read-only commands @@ -532,27 +520,20 @@ offset and dispersion of the peer, all in seconds. The character in the left margin indicates the mode this peer entry is operating in. A -.Ql -\&+ +@quoteleft{}\&+@quoteright{} denotes symmetric active, a -.Ql -\&- +@quoteleft{}\&-@quoteright{} indicates symmetric passive, a -.Ql -\&= +@quoteleft{}\&=@quoteright{} means the remote server is being polled in client mode, a -.Ql -\&^ +@quoteleft{}\&^@quoteright{} indicates that the server is broadcasting to this address, a -.Ql -\&~ +@quoteleft{}\&~@quoteright{} denotes that the remote peer is sending broadcasts and a -.Ql -\&~ +@quoteleft{}\&~@quoteright{} denotes that the remote peer is sending broadcasts and a -.Ql -\&* +@quoteleft{}\&*@quoteright{} marks the peer the server is currently synchronizing to. @@ -566,34 +547,25 @@ REFCLK "parameter" . On -.Ic -hostnames -.Cm -no -only IP-addresses +@code{hostnames} @code{no} only IP-addresses will be displayed. @item Ic A slightly different peer summary list. Identical to the output of the -.Ic -peers -command, except for the character in the +@code{peers} command, except for the character in the leftmost column. Characters only appear beside peers which were included in the final stage of the clock selection algorithm. A -.Ql -\&. +@quoteleft{}\&.@quoteright{} indicates that this peer was cast off in the falseticker detection, while a -.Ql -\&+ +@quoteleft{}\&+@quoteright{} indicates that the peer made it through. A -.Ql -\&* +@quoteleft{}\&*@quoteright{} denotes the peer the server is currently synchronizing with. @item Ic @@ -619,39 +591,28 @@ The loop filter is the part of NTP which deals with adjusting the local system clock. The -.Sq -offset +@quoteleft{}offset@quoteright{} is the last offset given to the loop filter by the packet processing code. The -.Sq -frequency +@quoteleft{}frequency@quoteright{} is the frequency error of the local clock in parts-per-million (ppm). The -.Sq -time_const +@quoteleft{}time_const@quoteright{} controls the stiffness of the phase-lock loop and thus the speed at which it can adapt to oscillator drift. The -.Sq -watchdog -timer +@quoteleft{}watchdogtimer@quoteright{} value is the number of seconds which have elapsed since the last sample offset was given to the loop filter. The -.Cm -oneline -and -.Cm -multiline -options specify the format in which this +@code{oneline} and +@code{multiline} options specify the format in which this information is to be printed, with -.Cm -multiline -as the +@code{multiline} as the default. @item Ic Print a variety of system state variables, i.e., state related @@ -660,64 +621,34 @@ All except the last four lines are described in the NTP Version 3 specification, RFC-1305. The -.Sq -system -flags +@quoteleft{}systemflags@quoteright{} show various system flags, some of which can be set and cleared by the -.Ic -enable -and -.Ic -disable -configuration commands, respectively. +@code{enable} and +@code{disable} configuration commands, respectively. These are the -.Cm -auth -, -.Cm -bclient -, -.Cm -monitor -, -.Cm -pll -, -.Cm -pps -and -.Cm -stats -flags. +@code{auth}, @code{bclient}, @code{monitor}, @code{pll}, @code{pps} and +@code{stats} flags. See the @code{ntpd(8)} documentation for the meaning of these flags. There are two additional flags which are read only, the -.Cm -kernel_pll -and -.Cm -kernel_pps -. -These flags indicate +@code{kernel_pll} and +@code{kernel_pps}. These flags indicate the synchronization status when the precision time kernel modifications are in use. The -.Sq -kernel_pll +@quoteleft{}kernel_pll@quoteright{} indicates that the local clock is being disciplined by the kernel, while the -.Sq -kernel_pps +@quoteleft{}kernel_pps@quoteright{} indicates the kernel discipline is provided by the PPS signal. The -.Sq -stability +@quoteleft{}stability@quoteright{} is the residual frequency error remaining after the system frequency correction is applied and is intended for maintenance and debugging. @@ -733,22 +664,16 @@ may be incorrect. The -.Sq -broadcastdelay +@quoteleft{}broadcastdelay@quoteright{} shows the default broadcast delay, as set by the -.Ic -broadcastdelay -configuration command. +@code{broadcastdelay} configuration command. The -.Sq -authdelay +@quoteleft{}authdelay@quoteright{} shows the default authentication delay, as set by the -.Ic -authdelay -configuration command. +@code{authdelay} configuration command. @item Ic Print statistics counters maintained in the protocol module. @@ -778,10 +703,10 @@ information is provided only by some clock drivers and is mostly undecodable without a copy of the driver source in hand. @end multitable -.Ss -"Runtime -Configuration -Requests" +@node Runtime Configuration Requests +@section Runtime Configuration Requests + +Runtime Configuration Requests All requests which cause state changes in the server are authenticated by the server using a configured NTP key (the facility can also be disabled by the server by not configuring a @@ -790,12 +715,8 @@ The key number and the corresponding key must also be made known to @code{ntpdc}. This can be done using the -.Ic -keyid -and -.Ic -passwd -commands, the latter of which will prompt at the terminal for a +@code{keyid} and +@code{passwd} commands, the latter of which will prompt at the terminal for a password to use as the encryption key. You will also be prompted automatically for both the key number and password the first time a @@ -832,16 +753,9 @@ adequate level of security. The following commands all make authenticated requests. @table @samp @item Xo -.Op -Ar -keyid -.Op -Ar -version -.Op -Cm -prefer -.Xc +[@kbd{keyid} ] +[@kbd{version} ] +[@code{prefer} ] Add a configured peer association at the given address and operating in symmetric active mode. Note that an existing @@ -849,58 +763,36 @@ association with the same peer may be deleted when this command is executed, or may simply be converted to conform to the new configuration, as appropriate. If the optional -.Ar -keyid -is a +@kbd{keyid} is a nonzero integer, all outgoing packets to the remote server will have an authentication field attached encrypted with this key. If the value is 0 (or not given) no authentication will be done. The -.Ar -version -can be 1, 2 or 3 and defaults to 3. +@kbd{version} can be 1, 2 or 3 and defaults to 3. The -.Cm -prefer -keyword indicates a preferred peer (and thus will +@code{prefer} keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal. @item Xo -.Op -Ar -keyid -.Op -Ar -version -.Op -Cm -prefer -.Xc +[@kbd{keyid} ] +[@kbd{version} ] +[@code{prefer} ] Identical to the addpeer command, except that the operating mode is client. @item Xo -.Op -Ar -keyid -.Op -Ar -version -.Op -Cm -prefer -.Xc +[@kbd{keyid} ] +[@kbd{version} ] +[@code{prefer} ] Identical to the addpeer command, except that the operating mode is broadcast. In this case a valid key identifier and key are required. The -.Ar -peer_address -parameter can be the broadcast +@kbd{peer_address} parameter can be the broadcast address of the local network or a multicast group address assigned to NTP. If a multicast address, a multicast-capable kernel is @@ -914,83 +806,22 @@ When appropriate, however, the association may persist in an unconfigured mode if the remote peer is willing to continue on in this fashion. @item Xo -.Op -Cm -time1 -.Op -Cm -time2 -.Op -Ar -stratum -.Op -Ar -refid -.Xc +[@code{time1} ] +[@code{time2} ] +[@kbd{stratum} ] +[@kbd{refid} ] This command provides a way to set certain data for a reference clock. See the source listing for further information. @item Xo .Oo -.Cm -auth -| -Cm -bclient -| -.Cm -calibrate -| -Cm -kernel -| -.Cm -monitor -| -Cm -ntp -| -.Cm -pps -| -Cm -stats -.Oc -.Xc +@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc @item Xo .Oo -.Cm -auth -| -Cm -bclient -| -.Cm -calibrate -| -Cm -kernel -| -.Cm -monitor -| -Cm -ntp -| -.Cm -pps -| -Cm -stats -.Oc -.Xc +@code{auth} | @code{Cm} @code{bclient} | @code{calibrate} | @code{Cm} @code{kernel} | @code{monitor} | @code{Cm} @code{ntp} | @code{pps} | @code{Cm} @code{stats} .Oc These commands operate in the same way as the -.Ic -enable -and -.Ic -disable -configuration file commands of +@code{enable} and +@code{disable} configuration file commands of @code{ntpd(8)}. @table @samp @item Cm @@ -1024,25 +855,17 @@ The default for this flag is enable. Enables the pulse-per-second (PPS) signal when frequency and time is disciplined by the precision time kernel modifications. See the -.Qq -A -Kernel -Model -for -Precision -Timekeeping +"AKernelModelforPrecisionTimekeeping" (available as part of the HTML documentation provided in -.Pa -/usr/share/doc/ntp +@file{/usr/share/doc/ntp}) ) page for further information. The default for this flag is disable. @item Cm Enables the statistics facility. See the -.Sx -Monitoring +@ref{Monitoring}Monitoring Options section of @code{ntp.conf(5)} @@ -1058,17 +881,8 @@ Ar address Ar mask -.Ar -flag -Oo -Ar -... -Oc -.Xc -This command operates in the same way as the -.Ic -restrict -configuration file commands of +@kbd{flag} @kbd{Oo} @kbd{Ar}... @kbd{Oc} This command operates in the same way as the +@code{restrict} configuration file commands of @code{ntpd(8)}. .It Xo @@ -1078,14 +892,7 @@ Ar address Ar mask -.Ar -flag -Oo -Ar -... -Oc -.Xc -Unrestrict the matching entry from the restrict list. +@kbd{flag} @kbd{Oo} @kbd{Ar}... @kbd{Oc} Unrestrict the matching entry from the restrict list. .It Xo Ic @@ -1094,10 +901,7 @@ Ar address Ar mask -.Op -Cm -ntpport -.Xc +[@code{ntpport} ] Delete the matching entry from the restrict list. .It Ic @@ -1129,12 +933,8 @@ Ar ... Oc These commands operate in the same way as the -.Ic -trustedkey -and -.Ic -untrustedkey -configuration file +@code{trustedkey} and +@code{untrustedkey} configuration file commands of @code{ntpd(8)}. .It @@ -1155,13 +955,8 @@ Ic addtrap Ar address -.Op -Ar -port -.Op -Ar -interface -.Xc +[@kbd{port} ] +[@kbd{interface} ] Set a trap for asynchronous messages. See the source listing for further information. @@ -1171,13 +966,8 @@ Ic clrtrap Ar address -.Op -Ar -port -.Op -Ar -interface -.Xc +[@kbd{port} ] +[@kbd{interface} ] Clear a trap for asynchronous messages. See the source listing for further information. diff --git a/ntpdc/ntpdc-opts.c b/ntpdc/ntpdc-opts.c index 12058acc33..ad6969431b 100644 --- a/ntpdc/ntpdc-opts.c +++ b/ntpdc/ntpdc-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.c) * - * It has been AutoGen-ed December 10, 2012 at 06:40:11 AM by AutoGen 5.16.2 + * It has been AutoGen-ed December 18, 2012 at 03:57:48 AM by AutoGen 5.16.2 * From the definitions ntpdc-opts.def * and the template file options * @@ -72,7 +72,7 @@ extern FILE * option_usage_fp; * ntpdc option static const strings */ static char const ntpdc_opt_strs[1862] = -/* 0 */ "ntpdc 4.2.7p334\n" +/* 0 */ "ntpdc 4.2.7p335\n" "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" @@ -130,14 +130,14 @@ static char const ntpdc_opt_strs[1862] = /* 1640 */ "no-load-opts\0" /* 1653 */ "no\0" /* 1656 */ "NTPDC\0" -/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334\n" +/* 1662 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335\n" "USAGE: %s [ - [] | --[{=| }] ]... [ host ...]\n\0" /* 1794 */ "$HOME\0" /* 1800 */ ".\0" /* 1802 */ ".ntprc\0" /* 1809 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1843 */ "\n\n\0" -/* 1846 */ "ntpdc 4.2.7p334"; +/* 1846 */ "ntpdc 4.2.7p335"; /* * ipv4 option description with diff --git a/ntpdc/ntpdc-opts.h b/ntpdc/ntpdc-opts.h index 00fd485719..fd463e0053 100644 --- a/ntpdc/ntpdc-opts.h +++ b/ntpdc/ntpdc-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.h) * - * It has been AutoGen-ed December 10, 2012 at 06:40:11 AM by AutoGen 5.16.2 + * It has been AutoGen-ed December 18, 2012 at 03:57:48 AM by AutoGen 5.16.2 * From the definitions ntpdc-opts.def * and the template file options * @@ -82,8 +82,8 @@ typedef enum { } teOptIndex; #define OPTION_CT 15 -#define NTPDC_VERSION "4.2.7p334" -#define NTPDC_FULL_VERSION "ntpdc 4.2.7p334" +#define NTPDC_VERSION "4.2.7p335" +#define NTPDC_FULL_VERSION "ntpdc 4.2.7p335" /* * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpdc/ntpdc.1ntpdcman b/ntpdc/ntpdc.1ntpdcman index 0dc61fdb3a..e5f888e907 100644 --- a/ntpdc/ntpdc.1ntpdcman +++ b/ntpdc/ntpdc.1ntpdcman @@ -1,8 +1,8 @@ -.TH ntpdc 1ntpdcman "10 Dec 2012" "4.2.7p334" "User Commands" +.TH ntpdc 1ntpdcman "18 Dec 2012" "4.2.7p335" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.man) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:40:23 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:57:54 AM by AutoGen 5.16.2 .\" From the definitions ntpdc-opts.def .\" and the template file agman-cmd.tpl .\" diff --git a/ntpdc/ntpdc.1ntpdcmdoc b/ntpdc/ntpdc.1ntpdcmdoc index 3bedf9bcac..61818e9b08 100644 --- a/ntpdc/ntpdc.1ntpdcmdoc +++ b/ntpdc/ntpdc.1ntpdcmdoc @@ -1,9 +1,9 @@ -.Dd December 10 2012 +.Dd December 18 2012 .Dt NTPDC 1ntpdcmdoc User Commands .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" -.\" It has been AutoGen-ed December 10, 2012 at 06:40:29 AM by AutoGen 5.16.2 +.\" It has been AutoGen-ed December 18, 2012 at 03:58:00 AM by AutoGen 5.16.2 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/ntpdc/ntpdc.html b/ntpdc/ntpdc.html index 2f0a27aec2..323910aba3 100644 --- a/ntpdc/ntpdc.html +++ b/ntpdc/ntpdc.html @@ -36,18 +36,11 @@ display the time offset of the system clock relative to the server clock. Run as root, it can correct the system clock to this offset as well. It can be run as an interactive command or from a cron job. -

      This document applies to version 4.2.7p334 of ntpdc. +

      This document applies to version 4.2.7p335 of ntpdc.

      The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 IETF specification. -

      -

      Short Contents

      - -
      -
      • ntpdc Description: Description
      • ntpdc Invocation: Invoking ntpdc @@ -145,7 +138,7 @@ the usage text by passing it through a pager program. used to select the program, defaulting to more. Both will exit with a status code of 0. -
        ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p334
+
        ntpdc - vendor-specific NTPD control program - Ver. 4.2.7p335
 USAGE:  ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
@@ -519,9 +512,15 @@ Otherwise,
 will
 attempt to read interactive format commands from the standard
 input. 
-.Ss
-"Interactive
-Commands"
+
        
+
        
+
+
        
+
        
+
+
        Interactive Commands
        
+
+
        Interactive Commands
 Interactive format commands consist of a keyword followed by zero
 to four arguments. 
 Only enough characters of the full keyword to
@@ -529,9 +528,7 @@ uniquely identify the command need be typed.
 The output of a
 command is normally sent to the standard output, but optionally the
 output of individual commands may be sent to a file by appending a
-.Ql
-\&>
-,
+\&>,
 followed by a file name, to the command line.
 
   
        A number of interactive format commands are executed entirely
@@ -543,16 +540,12 @@ These are described
 following.
      
        
 
        Ic
        Ic
        A
-.Sq
-Ic
-\&? 
+Ic\&? 
 will print a list of all the command
 keywords known to this incarnation of
 ntpdc. 
 A
-.Sq
-Ic
-\&? 
+Ic\&? 
 followed by a command keyword will print function and usage
 information about the command. 
 This command is probably a better
@@ -572,20 +565,13 @@ so this command may be obsolete.
 Hostname may
 be either a host name or a numeric address. 
 
        Ic
        If
-.Cm
-yes
-is specified, host names are printed in
+yes is specified, host names are printed in
 information displays. 
 If
-.Cm
-no
-is specified, numeric
+no is specified, numeric
 addresses are printed instead. 
 The default is
-.Cm
-yes
-,
-unless
+yes, unless
 modified using the command line
 -n switch. 
 
        Ic
        This command allows the specification of a key number to be
@@ -609,10 +595,15 @@ Note that since
 retries each query once after a timeout, the total waiting time for
 a timeout will be twice the timeout value set.
 
-     
        .Ss
-"Control
-Message
-Commands"
+
        
+
        
+
+
        
+
        
+
+
        Control Message Commands
        
+
+     
        Control Message Commands
 Query commands result in NTP mode 7 packets containing requests for
 information being sent to the server. 
 These are read-only commands
@@ -638,710 +629,20 @@ offset and dispersion of the peer, all in seconds.
           
        The character in the left margin indicates the mode this peer
 entry is operating in. 
 A
-.Ql
 \&+
 denotes symmetric active, a
-.Ql
 \&-
 indicates symmetric passive, a
-.Ql
 \&=
 means the
 remote server is being polled in client mode, a
-.Ql
 \&^
 indicates that the server is broadcasting to this address, a
-.Ql
 \&~
 denotes that the remote peer is sending broadcasts and a
-.Ql
 \&~
 denotes that the remote peer is sending broadcasts and a
-.Ql
 \&*
 marks the peer the server is currently synchronizing
 to.
 
-          
        The contents of the host field may be one of four forms. 
-It may
-be a host name, an IP address, a reference clock implementation
-name with its parameter or
-.Fn
-REFCLK
-"implementation_number"
-"parameter"
-. 
-On
-.Ic
-hostnames
-.Cm
-no
-only IP-addresses
-will be displayed. 
-
        Ic
        A slightly different peer summary list. 
-Identical to the output
-of the
-.Ic
-peers
-command, except for the character in the
-leftmost column. 
-Characters only appear beside peers which were
-included in the final stage of the clock selection algorithm. 
-A
-.Ql
-\&. 
-indicates that this peer was cast off in the falseticker
-detection, while a
-.Ql
-\&+
-indicates that the peer made it
-through. 
-A
-.Ql
-\&*
-denotes the peer the server is currently
-synchronizing with. 
-
        Ic
        Shows a detailed display of the current peer variables for one
-or more peers. 
-Most of these values are described in the NTP
-Version 2 specification. 
-
        Ic
        Show per-peer statistic counters associated with the specified
-peer(s). 
-
        Ic
        Obtain and print information concerning a peer clock. 
-The
-values obtained provide information on the setting of fudge factors
-and other clock performance information. 
-
        Ic
        Obtain and print kernel phase-lock loop operating parameters. 
-This information is available only if the kernel has been specially
-modified for a precision timekeeping function. 
-
        Ic
        Print the values of selected loop filter variables. 
-The loop
-filter is the part of NTP which deals with adjusting the local
-system clock. 
-The
-.Sq
-offset
-is the last offset given to the
-loop filter by the packet processing code. 
-The
-.Sq
-frequency
-is the frequency error of the local clock in parts-per-million
-(ppm). 
-The
-.Sq
-time_const
-controls the stiffness of the
-phase-lock loop and thus the speed at which it can adapt to
-oscillator drift. 
-The
-.Sq
-watchdog
-timer
-value is the number
-of seconds which have elapsed since the last sample offset was
-given to the loop filter. 
-The
-.Cm
-oneline
-and
-.Cm
-multiline
-options specify the format in which this
-information is to be printed, with
-.Cm
-multiline
-as the
-default. 
-
        Ic
        Print a variety of system state variables, i.e., state related
-to the local server. 
-All except the last four lines are described
-in the NTP Version 3 specification, RFC-1305.
-
-          
        The
-.Sq
-system
-flags
-show various system flags, some of
-which can be set and cleared by the
-.Ic
-enable
-and
-.Ic
-disable
-configuration commands, respectively. 
-These are
-the
-.Cm
-auth
-,
-.Cm
-bclient
-,
-.Cm
-monitor
-,
-.Cm
-pll
-,
-.Cm
-pps
-and
-.Cm
-stats
-flags. 
-See the
-ntpd(8)
-documentation for the meaning of these flags. 
-There
-are two additional flags which are read only, the
-.Cm
-kernel_pll
-and
-.Cm
-kernel_pps
-. 
-These flags indicate
-the synchronization status when the precision time kernel
-modifications are in use. 
-The
-.Sq
-kernel_pll
-indicates that
-the local clock is being disciplined by the kernel, while the
-.Sq
-kernel_pps
-indicates the kernel discipline is provided by the PPS
-signal.
-
-          
        The
-.Sq
-stability
-is the residual frequency error remaining
-after the system frequency correction is applied and is intended for
-maintenance and debugging. 
-In most architectures, this value will
-initially decrease from as high as 500 ppm to a nominal value in
-the range .01 to 0.1 ppm. 
-If it remains high for some time after
-starting the daemon, something may be wrong with the local clock,
-or the value of the kernel variable
-.Va
-kern.clockrate.tick
-may be
-incorrect.
-
-          
        The
-.Sq
-broadcastdelay
-shows the default broadcast delay,
-as set by the
-.Ic
-broadcastdelay
-configuration command.
-
-          
        The
-.Sq
-authdelay
-shows the default authentication delay,
-as set by the
-.Ic
-authdelay
-configuration command. 
-
        Ic
        Print statistics counters maintained in the protocol
-module. 
-
        Ic
        Print statistics counters related to memory allocation
-code. 
-
        Ic
        Print statistics counters maintained in the input-output
-module. 
-
        Ic
        Print statistics counters maintained in the timer/event queue
-support code. 
-
        Ic
        Obtain and print the server's restriction list. 
-This list is
-(usually) printed in sorted order and may help to understand how
-the restrictions are applied. 
-
        Ic
        Obtain and print traffic counts collected and maintained by the
-monitor facility. 
-The version number should not normally need to be
-specified. 
-
        Ic
        Obtain debugging information for a reference clock driver. 
-This
-information is provided only by some clock drivers and is mostly
-undecodable without a copy of the driver source in hand.
-
-          
        .Ss
-"Runtime
-Configuration
-Requests"
-All requests which cause state changes in the server are
-authenticated by the server using a configured NTP key (the
-facility can also be disabled by the server by not configuring a
-key). 
-The key number and the corresponding key must also be made
-known to
-ntpdc. 
-This can be done using the
-.Ic
-keyid
-and
-.Ic
-passwd
-commands, the latter of which will prompt at the terminal for a
-password to use as the encryption key. 
-You will also be prompted
-automatically for both the key number and password the first time a
-command which would result in an authenticated request to the
-server is given. 
-Authentication not only provides verification that
-the requester has permission to make such changes, but also gives
-an extra degree of protection again transmission errors.
-
-          
        Authenticated requests always include a timestamp in the packet
-data, which is included in the computation of the authentication
-code. 
-This timestamp is compared by the server to its receive time
-stamp. 
-If they differ by more than a small amount the request is
-rejected. 
-This is done for two reasons. 
-First, it makes simple
-replay attacks on the server, by someone who might be able to
-overhear traffic on your LAN, much more difficult. 
-Second, it makes
-it more difficult to request configuration changes to your server
-from topologically remote hosts. 
-While the reconfiguration facility
-will work well with a server on the local host, and may work
-adequately between time-synchronized hosts on the same LAN, it will
-work very poorly for more distant hosts. 
-As such, if reasonable
-passwords are chosen, care is taken in the distribution and
-protection of keys and appropriate source address restrictions are
-applied, the run time reconfiguration facility should provide an
-adequate level of security.
-
-          
        The following commands all make authenticated requests.
-               
        
-
        Xo
        .Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Add a configured peer association at the given address and
-operating in symmetric active mode. 
-Note that an existing
-association with the same peer may be deleted when this command is
-executed, or may simply be converted to conform to the new
-configuration, as appropriate. 
-If the optional
-.Ar
-keyid
-is a
-nonzero integer, all outgoing packets to the remote server will
-have an authentication field attached encrypted with this key. 
-If
-the value is 0 (or not given) no authentication will be done. 
-The
-.Ar
-version
-can be 1, 2 or 3 and defaults to 3. 
-The
-.Cm
-prefer
-keyword indicates a preferred peer (and thus will
-be used primarily for clock synchronisation if possible). 
-The
-preferred peer also determines the validity of the PPS signal - if
-the preferred peer is suitable for synchronisation so is the PPS
-signal. 
-
        Xo
        .Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is client. 
-
        Xo
        .Op
-Ar
-keyid
-.Op
-Ar
-version
-.Op
-Cm
-prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is broadcast. 
-In this case a valid key identifier and key are
-required. 
-The
-.Ar
-peer_address
-parameter can be the broadcast
-address of the local network or a multicast group address assigned
-to NTP. 
-If a multicast address, a multicast-capable kernel is
-required. 
-
        Ic
        This command causes the configured bit to be removed from the
-specified peer(s). 
-In many cases this will cause the peer
-association to be deleted. 
-When appropriate, however, the
-association may persist in an unconfigured mode if the remote peer
-is willing to continue on in this fashion. 
-
        Xo
        .Op
-Cm
-time1
-.Op
-Cm
-time2
-.Op
-Ar
-stratum
-.Op
-Ar
-refid
-.Xc
-This command provides a way to set certain data for a reference
-clock. 
-See the source listing for further information. 
-
        Xo
        .Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
-
        Xo
        .Oo
-.Cm
-auth
-|
-Cm
-bclient
-|
-.Cm
-calibrate
-|
-Cm
-kernel
-|
-.Cm
-monitor
-|
-Cm
-ntp
-|
-.Cm
-pps
-|
-Cm
-stats
-.Oc
-.Xc
-These commands operate in the same way as the
-.Ic
-enable
-and
-.Ic
-disable
-configuration file commands of
-ntpd(8).
-                    
        
-
        Cm
        Enables the server to synchronize with unconfigured peers only
-if the peer has been correctly authenticated using either public key
-or private key cryptography. 
-The default for this flag is enable. 
-
        Cm
        Enables the server to listen for a message from a broadcast or
-multicast server, as in the multicastclient command with
-default address. 
-The default for this flag is disable. 
-
        Cm
        Enables the calibrate feature for reference clocks. 
-The default for this flag is disable. 
-
        Cm
        Enables the kernel time discipline, if available. 
-The default for this flag is enable if support is available, otherwise disable. 
-
        Cm
        Enables the monitoring facility. 
-See the
-ntpdc(8). 
-program and the monlist command or further information. 
-The default for this flag is enable. 
-
        Cm
        Enables time and frequency discipline. 
-In effect, this switch opens and closes the feedback loop,
-which is useful for testing. 
-The default for this flag is enable. 
-
        Cm
        Enables the pulse-per-second (PPS) signal when frequency
-and time is disciplined by the precision time kernel modifications. 
-See the
-.Qq
-A
-Kernel
-Model
-for
-Precision
-Timekeeping
-(available as part of the HTML documentation
-provided in
-.Pa
-/usr/share/doc/ntp
-)
-page for further information. 
-The default for this flag is disable. 
-
        Cm
        Enables the statistics facility. 
-See the
-.Sx
-Monitoring
-Options
-section of
-ntp.conf(5)
-for further information. 
-The default for this flag is disable.
-
-                    
        .It
-Xo
-Ic
-restrict
-Ar
-address
-Ar
-mask
-.Ar
-flag
-Oo
-Ar
-... 
-Oc
-.Xc
-This command operates in the same way as the
-.Ic
-restrict
-configuration file commands of
-ntpd(8). 
-.It
-Xo
-Ic
-unrestrict
-Ar
-address
-Ar
-mask
-.Ar
-flag
-Oo
-Ar
-... 
-Oc
-.Xc
-Unrestrict the matching entry from the restrict list. 
-.It
-Xo
-Ic
-delrestrict
-Ar
-address
-Ar
-mask
-.Op
-Cm
-ntpport
-.Xc
-Delete the matching entry from the restrict list. 
-.It
-Ic
-readkeys
-Causes the current set of authentication keys to be purged and
-a new set to be obtained by rereading the keys file (which must
-have been specified in the
-ntpd(8)
-configuration file). 
-This
-allows encryption keys to be changed without restarting the
-server. 
-.It
-Ic
-trustedkey
-Ar
-keyid
-Oo
-Ar
-... 
-Oc
-.It
-Ic
-untrustedkey
-Ar
-keyid
-Oo
-Ar
-... 
-Oc
-These commands operate in the same way as the
-.Ic
-trustedkey
-and
-.Ic
-untrustedkey
-configuration file
-commands of
-ntpd(8). 
-.It
-Ic
-authinfo
-Returns information concerning the authentication module,
-including known keys and counts of encryptions and decryptions
-which have been done. 
-.It
-Ic
-traps
-Display the traps set in the server. 
-See the source listing for
-further information. 
-.It
-Xo
-Ic
-addtrap
-Ar
-address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
-Set a trap for asynchronous messages. 
-See the source listing
-for further information. 
-.It
-Xo
-Ic
-clrtrap
-Ar
-address
-.Op
-Ar
-port
-.Op
-Ar
-interface
-.Xc
-Clear a trap for asynchronous messages. 
-See the source listing
-for further information. 
-.It
-Ic
-reset
-Clear the statistics counters in various modules of the server. 
-See the source listing for further information.
-
-
        
-
        
-Next: ,
-Previous: ntpdc Usage,
-Up: ntpdc Invocation
-
        
-
        
-
-
        ntpdc See Also
        
-
-                    
        ntp.conf(5),
-ntpd(8)
-.Rs
-.%A
-David
-L. 
-Mills
-.%T
-Network
-Time
-Protocol
-(Version
-3)
-.%O
-RFC1305
-.Re
-
        
-
        
-Next: ,
-Previous: ntpdc See Also,
-Up: ntpdc Invocation
-
        
-
        
-
-
        ntpdc Authors
        
-
-                    
        The formatting directives in this document came from FreeBSD. 
-
        
-
        
-Previous: ntpdc Authors,
-Up: ntpdc Invocation
-
        
-
        
-
-
        ntpdc Bugs
        
-
-                    
        The
-ntpdc
-utility is a crude hack. 
-Much of the information it shows is
-deadly boring and could only be loved by its implementer. 
-The
-program was designed so that new (and temporary) features were easy
-to hack in, at great expense to the program's ease of use. 
-Despite
-this, the program is occasionally useful.
-
-                      
        Please report bugs to http://bugs.ntp.org .
-
-
        
-
        
-
-
        
-
        
-
-                    
-
        Usage
        
-
-                    
        The simplest use of this program is as an unprivileged command to
-check the current time, offset, and error in the local clock. 
-For example:
-
-                    
                                ntpdc ntpserver.somewhere
-                   
        
-                      
        With suitable privilege, it can be run as a command or in a
-cron job to reset the local clock from a reliable server, like
-the ntpdate and rdate commands. 
-For example:
-
-                    
                                ntpdc -a ntpserver.somewhere
-                   
        
-                      
-
diff --git a/ntpdc/ntpdc.man.in b/ntpdc/ntpdc.man.in
index decb683e03..9911f4eb4f 100644
--- a/ntpdc/ntpdc.man.in
+++ b/ntpdc/ntpdc.man.in
@@ -1,8 +1,8 @@
-.TH ntpdc @NTPDC_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpdc @NTPDC_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:40:23 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:57:54 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/ntpdc/ntpdc.mdoc.in b/ntpdc/ntpdc.mdoc.in
index ad6e49a05d..938589c405 100644
--- a/ntpdc/ntpdc.mdoc.in
+++ b/ntpdc/ntpdc.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTPDC @NTPDC_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:40:29 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:00 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpdc-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpq/invoke-ntpq.texi b/ntpq/invoke-ntpq.texi
index 6ef49a9fcb..f64484a8cf 100644
--- a/ntpq/invoke-ntpq.texi
+++ b/ntpq/invoke-ntpq.texi
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpq.texi)
 # 
-# It has been AutoGen-ed  December 10, 2012 at 06:40:58 AM by AutoGen 5.16.2
+# It has been AutoGen-ed  December 18, 2012 at 03:58:14 AM by AutoGen 5.16.2
 # From the definitions    ntpq-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -74,9 +74,10 @@ Otherwise,
 @code{ntpq}
 will attempt to read
 interactive format commands from the standard input.
-.Ss
-"Internal
-Commands"
+@node Internal Commands
+@section Internal Commands
+
+Internal Commands
 Interactive format commands consist of a keyword followed by zero
 to four arguments.
 Only enough characters of the full keyword to
@@ -93,14 +94,12 @@ These are described following.
 @item Ic
 @item Ic
 A
-.Ql
-\&?
+@quoteleft{}\&?@quoteright{}
 by itself will print a list of all the command
 keywords known to this incarnation of
 @code{ntpq}.
 A
-.Ql
-\&?
+@quoteleft{}\&?@quoteright{}
 followed by a command keyword will print function and usage
 information about the command.
 This command is probably a better
@@ -109,46 +108,30 @@ source of information about
 than this manual
 page.
 @item Ic
-.Ic
-...
-.Xc
-@item Ic
+... @item Ic
 @item Ic
 The data carried by NTP mode 6 messages consists of a list of
 items of the form
-.Ql
-variable_name=value
-,
+@quoteleft{}variable_name=value,@quoteright{}
 where the
-.Ql
-=value
+@quoteleft{}=value@quoteright{}
 is ignored, and can be omitted,
 in requests to the server to read variables.
 The
 @code{ntpq}
 utility maintains an internal list in which data to be included in control
 messages can be assembled, and sent using the
-.Ic
-readlist
-and
-.Ic
-writelist
-commands described below.
+@code{readlist} and
+@code{writelist} commands described below.
 The
-.Ic
-addvars
-command allows variables and their optional values to be added to
+@code{addvars} command allows variables and their optional values to be added to
 the list.
 If more than one variable is to be added, the list should
 be comma-separated and not contain white space.
 The
-.Ic
-rmvars
-command can be used to remove individual variables from the list,
+@code{rmvars} command can be used to remove individual variables from the list,
 while the
-.Ic
-clearlist
-command removes all variables from the
+@code{clearlist} command removes all variables from the
 list.
 @item Ic
 Normally
@@ -156,9 +139,7 @@ Normally
 does not authenticate requests unless
 they are write requests.
 The command
-.Ql
-authenticate
-yes
+@quoteleft{}authenticateyes@quoteright{}
 causes
 @code{ntpq}
 to send authentication with all requests it
@@ -166,12 +147,9 @@ makes.
 Authenticated requests causes some servers to handle
 requests slightly differently, and can occasionally melt the CPU in
 fuzzballs if you turn authentication on before doing a
-.Ic
-peer
-display.
+@code{peer} display.
 The command
-.Ql
-authenticate
+@quoteleft{}authenticate@quoteright{}
 causes
 @code{ntpq}
 to display whether or not
@@ -187,23 +165,10 @@ Variables which
 @code{ntpq}
 thinks should have a decodable value but didn't are
 marked with a trailing
-.Ql
-\&?
-.
+@quoteleft{}\&?.@quoteright{}
 @item Xo
-.Ic
-debug
-.Oo
-.Cm
-more
-|
-.Cm
-less
-|
-.Cm
-off
-.Oc
-.Xc
+@code{debug} .Oo
+@code{more} | @code{less} | @code{off} .Oc
 With no argument, displays the current debug level.
 Otherwise, the debug level is changed to the indicated level.
 @item Ic
@@ -217,25 +182,16 @@ server does not now require timestamps in authenticated requests,
 so this command may be obsolete.
 @item Ic
 Set the host to which future queries will be sent.
-.Ar
-hostname
-may be either a host name or a numeric address.
+@kbd{hostname} may be either a host name or a numeric address.
 @item Ic
 If
-.Cm
-yes
-is specified, host names are printed in
+@code{yes} is specified, host names are printed in
 information displays.
 If
-.Cm
-no
-is specified, numeric
+@code{no} is specified, numeric
 addresses are printed instead.
 The default is
-.Cm
-yes
-,
-unless
+@code{yes}, unless
 modified using the command line
 @code{-n} switch.
 @item Ic
@@ -245,19 +201,7 @@ This must correspond
 to a key number the server has been configured to use for this
 purpose.
 @item Ic
-.Cm
-1
-|
-.Cm
-2
-|
-.Cm
-3
-|
-.Cm
-4
-.Oc
-.Xc
+@code{1} | @code{2} | @code{3} | @code{4} .Oc
 Sets the NTP version number which
 @code{ntpq}
 claims in
@@ -328,7 +272,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpq - standard NTP query program - Ver. 4.2.7p334
+ntpq - standard NTP query program - Ver. 4.2.7p335
 USAGE:  ntpq [ - [] | --[@{=| @}] ]... [ host ...]
   Flg Arg Option-Name    Description
    -4 no  ipv4           Force IPv4 DNS name resolution
diff --git a/ntpq/ntpq-opts.c b/ntpq/ntpq-opts.c
index 9a91ee4012..af64d364df 100644
--- a/ntpq/ntpq-opts.c
+++ b/ntpq/ntpq-opts.c
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.c)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:40:32 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:03 AM by AutoGen 5.16.2
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
@@ -72,7 +72,7 @@ extern FILE * option_usage_fp;
  *  ntpq option static const strings
  */
 static char const ntpq_opt_strs[1833] =
-/*     0 */ "ntpq 4.2.7p334\n"
+/*     0 */ "ntpq 4.2.7p335\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -128,13 +128,13 @@ static char const ntpq_opt_strs[1833] =
 /*  1627 */ "no-load-opts\0"
 /*  1640 */ "no\0"
 /*  1643 */ "NTPQ\0"
-/*  1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p334\n"
+/*  1648 */ "ntpq - standard NTP query program - Ver. 4.2.7p335\n"
             "USAGE:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
 /*  1769 */ "$HOME\0"
 /*  1775 */ ".\0"
 /*  1777 */ ".ntprc\0"
 /*  1784 */ "http://bugs.ntp.org, bugs@ntp.org\0"
-/*  1818 */ "ntpq 4.2.7p334";
+/*  1818 */ "ntpq 4.2.7p335";
 
 /*
  *  ipv4 option description with
diff --git a/ntpq/ntpq-opts.h b/ntpq/ntpq-opts.h
index b018a53e3e..fca5b1763b 100644
--- a/ntpq/ntpq-opts.h
+++ b/ntpq/ntpq-opts.h
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.h)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:40:31 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:02 AM by AutoGen 5.16.2
  *  From the definitions    ntpq-opts.def
  *  and the template file   options
  *
@@ -81,8 +81,8 @@ typedef enum {
 } teOptIndex;
 
 #define OPTION_CT    14
-#define NTPQ_VERSION       "4.2.7p334"
-#define NTPQ_FULL_VERSION  "ntpq 4.2.7p334"
+#define NTPQ_VERSION       "4.2.7p335"
+#define NTPQ_FULL_VERSION  "ntpq 4.2.7p335"
 
 /*
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/ntpq/ntpq.1ntpqman b/ntpq/ntpq.1ntpqman
index 6f0f3f365d..158f6c0047 100644
--- a/ntpq/ntpq.1ntpqman
+++ b/ntpq/ntpq.1ntpqman
@@ -1,8 +1,8 @@
-.TH ntpq 1ntpqman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpq 1ntpqman "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:40:54 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:10 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/ntpq/ntpq.1ntpqmdoc b/ntpq/ntpq.1ntpqmdoc
index 6b9ad7bccb..0099c5778d 100644
--- a/ntpq/ntpq.1ntpqmdoc
+++ b/ntpq/ntpq.1ntpqmdoc
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTPQ 1ntpqmdoc User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:00 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:16 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpq/ntpq.man.in b/ntpq/ntpq.man.in
index f992bbb402..553823a936 100644
--- a/ntpq/ntpq.man.in
+++ b/ntpq/ntpq.man.in
@@ -1,8 +1,8 @@
-.TH ntpq @NTPQ_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpq @NTPQ_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:40:54 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:10 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/ntpq/ntpq.mdoc.in b/ntpq/ntpq.mdoc.in
index d53274c7d5..062e96a5d9 100644
--- a/ntpq/ntpq.mdoc.in
+++ b/ntpq/ntpq.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTPQ @NTPQ_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:00 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:16 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpq-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpsnmpd/invoke-ntpsnmpd.texi b/ntpsnmpd/invoke-ntpsnmpd.texi
index dd8615f77e..7e5f8deb3d 100644
--- a/ntpsnmpd/invoke-ntpsnmpd.texi
+++ b/ntpsnmpd/invoke-ntpsnmpd.texi
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntpsnmpd.texi)
 # 
-# It has been AutoGen-ed  December 10, 2012 at 06:41:16 AM by AutoGen 5.16.2
+# It has been AutoGen-ed  December 18, 2012 at 03:58:29 AM by AutoGen 5.16.2
 # From the definitions    ntpsnmpd-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -43,7 +43,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p334
+ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p335
 USAGE:  ntpsnmpd [ - [] | --[@{=| @}] ]...
   Flg Arg Option-Name    Description
    -n no  nofork         Do not fork
@@ -181,6 +181,3 @@ it to autogen-users@@lists.sourceforge.net.  Thank you.
 This document corresponds to version @VERSION@ of NTP.
 @node ntpsnmpd Authors
 @subsection ntpsnmpd Authors
-.An
-"Heiko
-Gerstung"
diff --git a/ntpsnmpd/ntpsnmpd-opts.c b/ntpsnmpd/ntpsnmpd-opts.c
index cb8ef89e13..6b0fff0c0a 100644
--- a/ntpsnmpd/ntpsnmpd-opts.c
+++ b/ntpsnmpd/ntpsnmpd-opts.c
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.c)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:41:03 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:19 AM by AutoGen 5.16.2
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
@@ -64,7 +64,7 @@ extern FILE * option_usage_fp;
  *  ntpsnmpd option static const strings
  */
 static char const ntpsnmpd_opt_strs[1561] =
-/*     0 */ "ntpsnmpd 4.2.7p334\n"
+/*     0 */ "ntpsnmpd 4.2.7p335\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -103,14 +103,14 @@ static char const ntpsnmpd_opt_strs[1561] =
 /*  1360 */ "no-load-opts\0"
 /*  1373 */ "no\0"
 /*  1376 */ "NTPSNMPD\0"
-/*  1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p334\n"
+/*  1385 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.7p335\n"
             "USAGE:  %s [ - [] | --[{=| }] ]...\n\0"
 /*  1490 */ "$HOME\0"
 /*  1496 */ ".\0"
 /*  1498 */ ".ntprc\0"
 /*  1505 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  1539 */ "\n\n\0"
-/*  1542 */ "ntpsnmpd 4.2.7p334";
+/*  1542 */ "ntpsnmpd 4.2.7p335";
 
 /*
  *  nofork option description:
diff --git a/ntpsnmpd/ntpsnmpd-opts.h b/ntpsnmpd/ntpsnmpd-opts.h
index d778ba23a7..1cd3927cbf 100644
--- a/ntpsnmpd/ntpsnmpd-opts.h
+++ b/ntpsnmpd/ntpsnmpd-opts.h
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.h)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:41:02 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:18 AM by AutoGen 5.16.2
  *  From the definitions    ntpsnmpd-opts.def
  *  and the template file   options
  *
@@ -75,8 +75,8 @@ typedef enum {
 } teOptIndex;
 
 #define OPTION_CT    8
-#define NTPSNMPD_VERSION       "4.2.7p334"
-#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.7p334"
+#define NTPSNMPD_VERSION       "4.2.7p335"
+#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.7p335"
 
 /*
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
index 5cc95cde1d..a5b879ab6b 100644
--- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
+++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
@@ -1,8 +1,8 @@
-.TH ntpsnmpd 1ntpsnmpdman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpsnmpd 1ntpsnmpdman "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:12 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:25 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
index 212c24d56c..10155db599 100644
--- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
+++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:18 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:31 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/ntpsnmpd/ntpsnmpd.man.in b/ntpsnmpd/ntpsnmpd.man.in
index 575dbdd862..7df737f839 100644
--- a/ntpsnmpd/ntpsnmpd.man.in
+++ b/ntpsnmpd/ntpsnmpd.man.in
@@ -1,8 +1,8 @@
-.TH ntpsnmpd @NTPSNMPD_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH ntpsnmpd @NTPSNMPD_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:12 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:25 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/ntpsnmpd/ntpsnmpd.mdoc.in b/ntpsnmpd/ntpsnmpd.mdoc.in
index 4b5754b80d..a358fa0e05 100644
--- a/ntpsnmpd/ntpsnmpd.mdoc.in
+++ b/ntpsnmpd/ntpsnmpd.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:18 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:31 AM by AutoGen 5.16.2
 .\"  From the definitions    ntpsnmpd-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/packageinfo.sh b/packageinfo.sh
index bcedb3facb..3ddd5427f6 100644
--- a/packageinfo.sh
+++ b/packageinfo.sh
@@ -70,7 +70,7 @@ CLTAG=NTP_4_2_0
 # - Numeric values increment
 # - empty 'increments' to 1
 # - NEW 'increments' to empty
-point=334
+point=335
 
 ### betapoint is normally modified by script.
 # ntp-stable Beta number (betapoint)
diff --git a/scripts/invoke-ntp-wait.texi b/scripts/invoke-ntp-wait.texi
index 236a861d49..0c9c9acea2 100644
--- a/scripts/invoke-ntp-wait.texi
+++ b/scripts/invoke-ntp-wait.texi
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntp-wait.texi)
 # 
-# It has been AutoGen-ed  December 10, 2012 at 11:05:29 AM by AutoGen 5.16.2
+# It has been AutoGen-ed  December 17, 2012 at 11:36:20 AM by AutoGen 5.16.2
 # From the definitions    ntp-wait-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -15,14 +15,10 @@
 
 @code{ntp-wait}
 will send at most
-.Ar
-num-tries
-queries to
+@kbd{num-tries} queries to
 @code{ntpd(8)},
 sleeping for
-.Ar
-secs-between-tries
-after each status return that says
+@kbd{secs-between-tries} after each status return that says
 @code{ntpd(8)}
 has not yet produced a synchronized and stable system clock.
 
@@ -143,9 +139,6 @@ The operation failed or the command syntax was not valid.
 @end table
 @node ntp-wait Authors
 @subsection ntp-wait Authors
-.An
-"Harlan
-Stenn"
 @node ntp-wait Notes
 @subsection ntp-wait Notes
 This document corresponds to version @VERSION@ of NTP.
diff --git a/scripts/ntp-wait.1ntp-waitman b/scripts/ntp-wait.1ntp-waitman
index 2a5b25195d..8ca36a609f 100644
--- a/scripts/ntp-wait.1ntp-waitman
+++ b/scripts/ntp-wait.1ntp-waitman
@@ -1,8 +1,8 @@
-.TH ntp-wait 1ntp-waitman "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-wait 1ntp-waitman "17 Dec 2012" "ntp (4.2.7p335)" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 11:05:23 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 17, 2012 at 11:36:16 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/scripts/ntp-wait.1ntp-waitmdoc b/scripts/ntp-wait.1ntp-waitmdoc
index 336b49b345..15b7087f6d 100644
--- a/scripts/ntp-wait.1ntp-waitmdoc
+++ b/scripts/ntp-wait.1ntp-waitmdoc
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 17 2012
 .Dt NTP_WAIT 1ntp-waitmdoc User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 11:05:34 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 17, 2012 at 11:36:22 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/scripts/ntp-wait.html b/scripts/ntp-wait.html
index 4c57865a9a..dd143f9f1f 100644
--- a/scripts/ntp-wait.html
+++ b/scripts/ntp-wait.html
@@ -30,16 +30,18 @@ Up: (dir)
 
 
        Simple Network Time Protocol User Manual
        
 
-
        This document describes the use of the NTP Project's ntp-wait program,
-that can be used to query a Network Time Protocol (NTP) server and
-display the time offset of the system clock relative to the server
-clock.  Run as root, it can correct the system clock to this offset as
-well.  It can be run as an interactive command or from a cron job.
+
        This document describes the use of the NTP Project's ntp-wait program.
 
-  
        This document applies to version 4.2.7p334 of ntp-wait.
+  
        If there are time-sensitive applications,
+the proper sequence of events is to
+run ntpd -g as early as possible,
+then invoke all of the non-time-sensitive process,
+run ntp-wait to block
+until the system's time has stabilized and synchronized,
+and only then start any applicaitons (like database servers) that require
+accurate and stable time.
 
-  
        The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
-IETF specification.
+  
        This document applies to version 4.2.7p335 of ntp-wait.
 
   
        
 
        Short Contents
        
@@ -51,7 +53,6 @@ IETF specification.
 
 
 
        
@@ -63,17 +64,9 @@ IETF specification.
 
 
        Description
        
 
-
        By default, ntp-wait writes the local data and time (i.e., not UTC) to the
-standard output in the format:
-
-
             1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 secs
-
        
-  
        where
-YYYY-MM-DD HH:MM:SS.SUBSEC is the local date and time,
-(+0800) is the local timezone adjustment (so we would add 8 hours and 0 minutes to convert the reported local time to UTC),
-and
-the +4.567 +/- 0.089 secs indicates the time offset and
-error bound of the system clock relative to the server clock.
+
        The ntp-wait program blocks until ntpd is in synchronized state. 
+This can be useful at boot time, to delay the boot sequence until after
+ntpd -g has set the time.
 
 
        
 
        
@@ -87,14 +80,10 @@ error bound of the system clock relative to the server clock.
 
   
        ntp-wait
 will send at most
-.Ar
-num-tries
-queries to
+num-tries queries to
 ntpd(8),
 sleeping for
-.Ar
-secs-between-tries
-after each status return that says
+secs-between-tries after each status return that says
 ntpd(8)
 has not yet produced a synchronized and stable system clock.
 
@@ -253,9 +242,6 @@ Up: ntp-wait Invo
 
 
        ntp-wait Authors
        
 
-
        .An
-"Harlan
-Stenn"
 
        
 
        
         Previous: ntp-wait Authors,
@@ -267,27 +253,5 @@ Up: ntp-wait Invo
 
 
        This document corresponds to version  of NTP.
 
-
        
-
        
-        
-
        
-
        
-
-
-
        Usage
        
-
-
        The simplest use of this program is as an unprivileged command to
-check the current time, offset, and error in the local clock. 
-For example:
-
-
            ntp-wait ntpserver.somewhere
-
        
-  
        With suitable privilege, it can be run as a command or in a
-crom job to reset the local clock from a reliable server, like
-the ntpdate and rdate commands. 
-For example:
-
-
            ntp-wait -a ntpserver.somewhere
-
        
-  
+
 
diff --git a/scripts/ntp-wait.man.in b/scripts/ntp-wait.man.in
index e3b2402f08..b45924a706 100644
--- a/scripts/ntp-wait.man.in
+++ b/scripts/ntp-wait.man.in
@@ -1,8 +1,8 @@
-.TH ntp-wait @NTP_WAIT_MS@ "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-wait @NTP_WAIT_MS@ "17 Dec 2012" "ntp (4.2.7p335)" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 11:05:23 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 17, 2012 at 11:36:16 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/scripts/ntp-wait.mdoc.in b/scripts/ntp-wait.mdoc.in
index 89bf45846f..7262507953 100644
--- a/scripts/ntp-wait.mdoc.in
+++ b/scripts/ntp-wait.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 17 2012
 .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 11:05:34 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 17, 2012 at 11:36:22 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-wait-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/sntp/invoke-sntp.texi b/sntp/invoke-sntp.texi
index 13dd22c97f..0dca33eba7 100644
--- a/sntp/invoke-sntp.texi
+++ b/sntp/invoke-sntp.texi
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-sntp.texi)
 # 
-# It has been AutoGen-ed  December 10, 2012 at 06:42:05 AM by AutoGen 5.16.2
+# It has been AutoGen-ed  December 18, 2012 at 03:59:12 AM by AutoGen 5.16.2
 # From the definitions    sntp-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -17,9 +17,7 @@
 can be used as an SNTP client to query a NTP or SNTP server and either display
 the time or set the local system's time (given suitable privilege).  It can be
 run as an interactive command or from a
-.Ic
-cron
-job.
+@code{cron} job.
 
 NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
 are defined and described by RFC 5905.
@@ -28,58 +26,30 @@ are defined and described by RFC 5905.
 The default is to write the estimated correct local date and time (i.e. not
 UTC) to the standard output in a format like:
 
-.Ic
-"'1996-10-15
-20:17:25.123
-(+0800)
-+4.567
-+/-
-0.089
-[host]
-IP
-sN'"
-
+@code{'1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'} 
 where the
-.Ic
-"'(+0800)'"
-means that to get to UTC from the reported local time one must
+@code{'(+0800)'} means that to get to UTC from the reported local time one must
 add 8 hours and 0 minutes,
 the
-.Ic
-"'+4.567'"
-indicates the local clock is 4.567 seconds behind the correct time
+@code{'+4.567'} indicates the local clock is 4.567 seconds behind the correct time
 (so 4.567 seconds must be added to the local clock to get it to be correct).
 Note that the number of decimals printed for this value will change
 based on the reported precision of the server.
-.Ic
-"'+/-
-0.089'"
-is the reported
-.Em
-synchronization
-distance
+@code{'+/- 0.089'} is the reported
+@emph{synchronizationdistance}
 (in seconds), which represents the maximum error due to all causes.
 If the server does not report valid data needed to calculate the
 synchronization distance, this will be reported as
-.Ic
-"'+/-
-?'"
-.
-If the
-.Em
-host
+@code{'+/- ?'}. If the
+@emph{host}
 is different from the
-.Em
-IP
-,
+@emph{IP,}
 both will be displayed.
 Otherwise, only the 
-.Em
-IP
+@emph{IP}
 is displayed.
 Finally, the
-.Em
-stratum
+@emph{stratum}
 of the host is reported.
 
 This section was generated by @strong{AutoGen},
@@ -125,7 +95,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334
+sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335
 USAGE:  sntp [ - [] | --[@{=| @}] ]... \
                 [ hostname-or-IP ...]
   Flg Arg Option-Name    Description
@@ -460,10 +430,7 @@ run as a command
 or from a
 @code{cron(8)}
 job,
-.Ic
-"sntp
--a"
-will reset the local clock from a synchronized specified server,
+@code{sntp -a} will reset the local clock from a synchronized specified server,
 like the (deprecated)
 @code{ntpdate(1ntpdatemdoc)},
 or
@@ -473,16 +440,6 @@ commands.
 @end multitable
 @node sntp Authors
 @subsection sntp Authors
-.An
-"Johannes
-Maximilian
-Kuehn"
-.An
-"Harlan
-Stenn"
-.An
-"Dave
-Hart"
 @node sntp Notes
 @subsection sntp Notes
 This document corresponds to version @VERSION@ of
diff --git a/sntp/sntp-opts.c b/sntp/sntp-opts.c
index 3a56702b3c..6a3b353de1 100644
--- a/sntp/sntp-opts.c
+++ b/sntp/sntp-opts.c
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.c)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 10:48:54 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 17, 2012 at 11:33:38 AM by AutoGen 5.16.2
  *  From the definitions    sntp-opts.def
  *  and the template file   options
  *
@@ -73,7 +73,7 @@ extern FILE * option_usage_fp;
  *  sntp option static const strings
  */
 static char const sntp_opt_strs[2500] =
-/*     0 */ "sntp 4.2.7p334\n"
+/*     0 */ "sntp 4.2.7p335\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -157,7 +157,7 @@ static char const sntp_opt_strs[2500] =
 /*  2244 */ "LOAD_OPTS\0"
 /*  2254 */ "no-load-opts\0"
 /*  2267 */ "SNTP\0"
-/*  2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334\n"
+/*  2272 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335\n"
             "USAGE:  %s [ - [] | --[{=| }] ]... \\\n"
             "\t\t[ hostname-or-IP ...]\n\0"
 /*  2433 */ "$HOME\0"
@@ -165,7 +165,7 @@ static char const sntp_opt_strs[2500] =
 /*  2441 */ ".ntprc\0"
 /*  2448 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  2482 */ "\n\n\0"
-/*  2485 */ "sntp 4.2.7p334";
+/*  2485 */ "sntp 4.2.7p335";
 
 /*
  *  ipv4 option description with
diff --git a/sntp/sntp-opts.h b/sntp/sntp-opts.h
index 580c4f8715..cef1680e11 100644
--- a/sntp/sntp-opts.h
+++ b/sntp/sntp-opts.h
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.h)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 10:48:53 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 17, 2012 at 11:33:38 AM by AutoGen 5.16.2
  *  From the definitions    sntp-opts.def
  *  and the template file   options
  *
@@ -90,8 +90,8 @@ typedef enum {
 } teOptIndex;
 
 #define OPTION_CT    23
-#define SNTP_VERSION       "4.2.7p334"
-#define SNTP_FULL_VERSION  "sntp 4.2.7p334"
+#define SNTP_VERSION       "4.2.7p335"
+#define SNTP_FULL_VERSION  "sntp 4.2.7p335"
 
 /*
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/sntp/sntp.1sntpman b/sntp/sntp.1sntpman
index a6168f3fd2..3540212ebe 100644
--- a/sntp/sntp.1sntpman
+++ b/sntp/sntp.1sntpman
@@ -1,8 +1,8 @@
-.TH sntp 1sntpman "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH sntp 1sntpman "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:42:00 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:59:07 AM by AutoGen 5.16.2
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/sntp/sntp.1sntpmdoc b/sntp/sntp.1sntpmdoc
index 351b9c8292..e34318cc07 100644
--- a/sntp/sntp.1sntpmdoc
+++ b/sntp/sntp.1sntpmdoc
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt SNTP 1sntpmdoc User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:42:06 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:59:14 AM by AutoGen 5.16.2
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/sntp/sntp.html b/sntp/sntp.html
index 4293dbd2c7..44d71f2232 100644
--- a/sntp/sntp.html
+++ b/sntp/sntp.html
@@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server
 clock.  Run as root, it can correct the system clock to this offset as
 well.  It can be run as an interactive command or from a cron job.
 
-  
        This document applies to version 4.2.7p334 of sntp.
+  
        This document applies to version 4.2.7p335 of sntp.
 
   
        The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
 IETF specification.
@@ -89,9 +89,7 @@ error bound of the system clock relative to the server clock.
 can be used as an SNTP client to query a NTP or SNTP server and either display
 the time or set the local system's time (given suitable privilege).  It can be
 run as an interactive command or from a
-.Ic
-cron
-job.
+cron job.
 
   
        NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol)
 are defined and described by RFC 5905.
@@ -99,58 +97,30 @@ are defined and described by RFC 5905.
   
        The default is to write the estimated correct local date and time (i.e. not
 UTC) to the standard output in a format like:
 
-  
        .Ic
-"'1996-10-15
-20:17:25.123
-(+0800)
-+4.567
-+/-
-0.089
-[host]
-IP
-sN'"
-
-  
        where the
-.Ic
-"'(+0800)'"
-means that to get to UTC from the reported local time one must
+  
        '1996-10-15 20:17:25.123 (+0800) +4.567 +/- 0.089 [host] IP sN'
+where the
+'(+0800)' means that to get to UTC from the reported local time one must
 add 8 hours and 0 minutes,
 the
-.Ic
-"'+4.567'"
-indicates the local clock is 4.567 seconds behind the correct time
+'+4.567' indicates the local clock is 4.567 seconds behind the correct time
 (so 4.567 seconds must be added to the local clock to get it to be correct). 
 Note that the number of decimals printed for this value will change
 based on the reported precision of the server. 
-.Ic
-"'+/-
-0.089'"
-is the reported
-.Em
-synchronization
-distance
+'+/- 0.089' is the reported
+synchronizationdistance
 (in seconds), which represents the maximum error due to all causes. 
 If the server does not report valid data needed to calculate the
 synchronization distance, this will be reported as
-.Ic
-"'+/-
-?'" 
-. 
-If the
-.Em
-host
+'+/- ?'. If the
+host
 is different from the
-.Em
-IP
-,
+IP,
 both will be displayed. 
 Otherwise, only the
-.Em
-IP
+IP
 is displayed. 
 Finally, the
-.Em
-stratum
+stratum
 of the host is reported.
 
   
        This section was generated by AutoGen,
@@ -200,7 +170,7 @@ the usage text by passing it through a pager program.
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p334
+
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.7p335
 USAGE:  sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
                 [ hostname-or-IP ...]
   Flg Arg Option-Name    Description
@@ -621,10 +591,7 @@ run as a command
 or from a
 cron(8)
 job,
-.Ic
-"sntp
--a"
-will reset the local clock from a synchronized specified server,
+sntp -a will reset the local clock from a synchronized specified server,
 like the (deprecated)
 ntpdate(1ntpdatemdoc),
 or
@@ -641,16 +608,6 @@ Up: sntp Invocation
 
 
        sntp Authors
        
 
-     
        .An
-"Johannes
-Maximilian
-Kuehn"
-.An
-"Harlan
-Stenn"
-.An
-"Dave
-Hart"
 
        
 
        
 Previous: sntp Authors,
diff --git a/sntp/sntp.man.in b/sntp/sntp.man.in
index 168b2999ff..8a85ba50bd 100644
--- a/sntp/sntp.man.in
+++ b/sntp/sntp.man.in
@@ -1,8 +1,8 @@
-.TH sntp @SNTP_MS@ "10 Dec 2012" "4.2.7p334" "User Commands"
+.TH sntp @SNTP_MS@ "18 Dec 2012" "4.2.7p335" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:42:00 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:59:07 AM by AutoGen 5.16.2
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/sntp/sntp.mdoc.in b/sntp/sntp.mdoc.in
index 8cd540645d..e288d6eaef 100644
--- a/sntp/sntp.mdoc.in
+++ b/sntp/sntp.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt SNTP @SNTP_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:42:06 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:59:14 AM by AutoGen 5.16.2
 .\"  From the definitions    sntp-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/util/invoke-ntp-keygen.texi b/util/invoke-ntp-keygen.texi
index ac5f0d1dd0..aea7651497 100644
--- a/util/invoke-ntp-keygen.texi
+++ b/util/invoke-ntp-keygen.texi
@@ -6,7 +6,7 @@
 # 
 # EDIT THIS FILE WITH CAUTION  (invoke-ntp-keygen.texi)
 # 
-# It has been AutoGen-ed  December 10, 2012 at 06:41:40 AM by AutoGen 5.16.2
+# It has been AutoGen-ed  December 18, 2012 at 03:58:49 AM by AutoGen 5.16.2
 # From the definitions    ntp-keygen-opts.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -57,78 +57,54 @@ gethostname
 function, normally the DNS name of the host is used.
 
 The
-.Ar
-pw
-option of the
-.Ar
-crypto
-configuration command specifies the read
+@kbd{pw} option of the
+@kbd{crypto} configuration command specifies the read
 password for previously encrypted local files.
 This must match the local password used by this program.
 If not specified, the host name is used.
 Thus, if files are generated by this program without password,
 they can be read back by
-.Ar
-ntpd
-without password but only on the same host.
+@kbd{ntpd} without password but only on the same host.
 
 Normally, encrypted files for each host are generated by that host and
 used only by that host, although exceptions exist as noted later on
 this page.
 The symmetric keys file, normally called
-.Ar
-ntp.keys
-,
-is usually installed in
-.Pa
-/etc
+ntp.keys, is usually installed in
+@file{/etc}.
 .
 Other files and links are usually installed in
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
 ,
 which is normally in a shared filesystem in
 NFS-mounted networks and cannot be changed by shared clients.
 The location of the keys directory can be changed by the
-.Ar
-keysdir
-configuration command in such cases.
+@kbd{keysdir} configuration command in such cases.
 Normally, this is in
-.Pa
-/etc
+@file{/etc}.
 .
 
 This program directs commentary and error messages to the standard
 error stream
-.Ar
-stderr
-and remote files to the standard output stream
-.Ar
-stdout
-where they can be piped to other applications or redirected to files.
+@kbd{stderr} and remote files to the standard output stream
+@kbd{stdout} where they can be piped to other applications or redirected to files.
 The names used for generated files and links all begin with the
 string
-.Ar
-ntpkey
-and include the file type, generating host and filestamp,
+@kbd{ntpkey} and include the file type, generating host and filestamp,
 as described in the
-.Dq
-Cryptographic
-Data
-Files
+@quotedblleft{}CryptographicDataFiles@quotedblright{}
 section below.
-.Ss
+@node Running
+@section Running
+
 Running
 the
 Program
 To test and gain experience with Autokey concepts, log in as root and
 change to the keys directory, usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc}
 When run for the first time, or if all files with names beginning with
-.Ar
-ntpkey
-have been removed, use the
+@kbd{ntpkey} have been removed, use the
 @code{ntp-keygen}
 command without arguments to generate a
 default RSA host key and matching RSA-MD5 certificate with expiration
@@ -172,10 +148,7 @@ After that and when the host is synchronized to a proventic source, the
 certificate should be re-generated.
 
 Additional information on trusted groups and identity schemes is on the
-.Dq
-Autokey
-Public-Key
-Authentication
+@quotedblleft{}AutokeyPublic-KeyAuthentication@quotedblright{}
 page.
 
 
@@ -183,12 +156,7 @@ page.
 The
 @code{ntpd(8)}
 configuration command
-.Ic
-crypto
-pw
-Ar
-password
-specifies the read password for previously encrypted files.
+@code{crypto} @code{pw} @code{Ar} @code{password} specifies the read password for previously encrypted files.
 The daemon expires on the spot if the password is missing
 or incorrect.
 For convenience, if a file has been previously encrypted,
@@ -199,40 +167,23 @@ these files can be read by that host with no explicit password.
 
 
 File names begin with the prefix
-.Cm
-ntpkey_
-and end with the postfix
-.Ar
-_hostname.filestamp
-,
-where
-.Ar
-hostname
-is the owner name, usually the string returned
+@code{ntpkey_} and end with the postfix
+_hostname.filestamp, where
+@kbd{hostname} is the owner name, usually the string returned
 by the Unix gethostname() routine, and
-.Ar
-filestamp
-is the NTP seconds when the file was generated, in decimal digits.
+@kbd{filestamp} is the NTP seconds when the file was generated, in decimal digits.
 This both guarantees uniqueness and simplifies maintenance
 procedures, since all files can be quickly removed
 by a
-.Ic
-rm
-ntpkey\&*
-command or all files generated
+@code{rm}ntpkey\&* command or all files generated
 at a specific time can be removed by a
-.Ic
-rm
-.Ar
-\&*filestamp
-command.
+@code{rm} \&*filestamp command.
 To further reduce the risk of misconfiguration,
 the first two lines of a file contain the file name
 and generation date and time as comments.
 
 All files are installed by default in the keys directory
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
 ,
 which is normally in a shared filesystem
 in NFS-mounted networks.
@@ -272,7 +223,9 @@ The
 program uses the same timestamp extension for all files generated
 at one time, so each generation is distinct and can be readily
 recognized in monitoring data.
-.Ss
+@node Running
+@section Running
+
 Running
 the
 program
@@ -281,15 +234,12 @@ The safest way to run the
 program is logged in directly as root.
 The recommended procedure is change to the keys directory,
 usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
 ,
 then run the program.
 When run for the first time,
 or if all
-.Cm
-ntpkey
-files have been removed,
+@code{ntpkey} files have been removed,
 the program generates a RSA host key file and matching RSA-MD5 certificate file,
 which is all that is necessary in many cases.
 The program also generates soft links from the generic names
@@ -319,38 +269,23 @@ However, the identification parameter files, although encoded
 as the other files, are probably not compatible with anything other than Autokey.
 
 Running the program as other than root and using the Unix
-.Ic
-su
-command
+@code{su} command
 to assume root may not work properly, since by default the OpenSSL library
 looks for the random seed file
-.Cm
-.rnd
-in the user home directory.
+.rnd in the user home directory.
 However, there should be only one
-.Cm
-.rnd
-,
-most conveniently
+.rnd, most conveniently
 in the root directory, so it is convenient to define the
-.Cm
-$RANDFILE
-environment variable used by the OpenSSL library as the path to
-.Cm
-/.rnd
-.
-
+$RANDFILE environment variable used by the OpenSSL library as the path to
+/.rnd. 
 Installing the keys as root might not work in NFS-mounted
 shared file systems, as NFS clients may not be able to write
 to the shared keys directory, even as root.
 In this case, NFS clients can specify the files in another
 directory such as
-.Pa
-/etc
+@file{/etc}
 using the
-.Ic
-keysdir
-command.
+@code{keysdir} command.
 There is no need for one client to read the keys and certificates
 of other clients or servers, as these data are obtained automatically
 by the Autokey protocol.
@@ -367,8 +302,7 @@ while the trusted name is used for the identity files.
 
 
 All files are installed by default in the keys directory
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
 ,
 which is normally in a shared filesystem
 in NFS-mounted networks.
@@ -408,7 +342,9 @@ The
 program uses the same timestamp extension for all files generated
 at one time, so each generation is distinct and can be readily
 recognized in monitoring data.
-.Ss
+@node Running
+@section Running
+
 Running
 the
 program
@@ -417,15 +353,12 @@ The safest way to run the
 program is logged in directly as root.
 The recommended procedure is change to the keys directory,
 usually
-.Pa
-/usr/local/etc
+@file{/usr/local/etc},
 ,
 then run the program.
 When run for the first time,
 or if all
-.Cm
-ntpkey
-files have been removed,
+@code{ntpkey} files have been removed,
 the program generates a RSA host key file and matching RSA-MD5 certificate file,
 which is all that is necessary in many cases.
 The program also generates soft links from the generic names
@@ -455,38 +388,23 @@ However, the identification parameter files, although encoded
 as the other files, are probably not compatible with anything other than Autokey.
 
 Running the program as other than root and using the Unix
-.Ic
-su
-command
+@code{su} command
 to assume root may not work properly, since by default the OpenSSL library
 looks for the random seed file
-.Cm
-.rnd
-in the user home directory.
+.rnd in the user home directory.
 However, there should be only one
-.Cm
-.rnd
-,
-most conveniently
+.rnd, most conveniently
 in the root directory, so it is convenient to define the
-.Cm
-$RANDFILE
-environment variable used by the OpenSSL library as the path to
-.Cm
-/.rnd
-.
-
+$RANDFILE environment variable used by the OpenSSL library as the path to
+/.rnd. 
 Installing the keys as root might not work in NFS-mounted
 shared file systems, as NFS clients may not be able to write
 to the shared keys directory, even as root.
 In this case, NFS clients can specify the files in another
 directory such as
-.Pa
-/etc
+@file{/etc}
 using the
-.Ic
-keysdir
-command.
+@code{keysdir} command.
 There is no need for one client to read the keys and certificates
 of other clients or servers, as these data are obtained automatically
 by the Autokey protocol.
@@ -507,8 +425,7 @@ s Trusted Hosts and Groups
 Each cryptographic configuration involves selection of a signature scheme
 and identification scheme, called a cryptotype,
 as explained in the
-.Sx
-Authentication
+@ref{Authentication}Authentication
 Options
 section of
 @code{ntp.conf(5)}.
@@ -525,8 +442,7 @@ A trusted group is the set of all hosts that have, directly or indirectly,
 a certificate trail ending at a trusted host.
 The trail is defined by static configuration file entries
 or dynamic means described on the
-.Sx
-Automatic
+@ref{Automatic}Automatic
 NTP
 Configuration
 Options
@@ -535,9 +451,7 @@ section of
 
 On each trusted host as root, change to the keys directory.
 To insure a fresh fileset, remove all
-.Cm
-ntpkey
-files.
+@code{ntpkey} files.
 Then run
 @code{ntp-keygen}
 @code{-T} to generate keys and a trusted certificate.
@@ -553,24 +467,15 @@ scheme than the default, run
 @code{ntp-keygen}
 with the
 @code{-S} @code{-Ar} @code{-type} option, where
-.Ar
-type
-is either
-.Cm
-RSA
-or
-.Cm
-DSA
-.
-The most often need to do this is when a DSA-signed certificate is used.
+@kbd{type} is either
+@code{RSA} or
+@code{DSA}. The most often need to do this is when a DSA-signed certificate is used.
 If it is necessary to use a different certificate scheme than the default,
 run
 @code{ntp-keygen}
 with the
 @code{-c} @code{-Ar} @code{-scheme} option and selected
-.Ar
-scheme
-as needed.
+@kbd{scheme} as needed.
 f
 @code{ntp-keygen}
 is run again without these options, it generates a new certificate
@@ -590,16 +495,16 @@ When
 is restarted, it loads any new files and restarts the protocol.
 Other dependent hosts will continue as usual until signatures are refreshed,
 at which time the protocol is restarted.
-.Ss
+@node Identity
+@section Identity
+
 Identity
 Schemes
 As mentioned on the Autonomous Authentication page,
 the default TC identity scheme is vulnerable to a middleman attack.
 However, there are more secure identity schemes available,
 including PC, IFF, GQ and MV described on the
-.Qq
-Identification
-Schemes
+"IdentificationSchemes"
 page
 (maybe available at
 .Li
@@ -628,14 +533,12 @@ The PC scheme supports only one trusted host in the group.
 On trusted host alice run
 @code{ntp-keygen}
 @code{-P} @code{-p} @code{-Ar} @code{-password} to generate the host key file
-.Pa
-ntpkey_RSAkey_
+@file{ntpkey_RSAkey_}NsAralice.filestamp
 Ns
 Ar
 alice.filestamp
 and trusted private certificate file
-.Pa
-ntpkey_RSA-MD5_cert_
+@file{ntpkey_RSA-MD5_cert_}NsAralice.filestamp.
 Ns
 Ar
 alice.filestamp
@@ -643,14 +546,12 @@ alice.filestamp
 Copy both files to all group hosts;
 they replace the files which would be generated in other schemes.
 On each host bob install a soft link from the generic name
-.Pa
-ntpkey_host_
+@file{ntpkey_host_}NsArbob
 Ns
 Ar
 bob
 to the host key file and soft link
-.Pa
-ntpkey_cert_
+@file{ntpkey_cert_}NsArbob
 Ns
 Ar
 bob
@@ -667,8 +568,7 @@ generate the IFF parameter file.
 On trusted host alice run
 @code{ntp-keygen}
 @code{-T} @code{-I} @code{-p} @code{-Ar} @code{-password} to produce her parameter file
-.Pa
-ntpkey_IFFpar_
+@file{ntpkey_IFFpar_}NsAralice.filestamp,
 Ns
 Ar
 alice.filestamp
@@ -676,8 +576,7 @@ alice.filestamp
 which includes both server and client keys.
 Copy this file to all group hosts that operate as both servers
 and clients and install a soft link from the generic
-.Pa
-ntpkey_iff_
+@file{ntpkey_iff_}NsAralice
 Ns
 Ar
 alice
@@ -696,8 +595,7 @@ After generating the parameter file, on alice run
 @code{-e} and pipe the output to a file or mail program.
 Copy or mail this file to all restricted clients.
 On these clients install a soft link from the generic
-.Pa
-ntpkey_iff_
+@file{ntpkey_iff_}NsAralice
 Ns
 Ar
 alice
@@ -711,8 +609,7 @@ in the group, generate the IFF parameter file.
 On trusted host alice run
 @code{ntp-keygen}
 @code{-T} @code{-G} @code{-p} @code{-Ar} @code{-password} to produce her parameter file
-.Pa
-ntpkey_GQpar_
+@file{ntpkey_GQpar_}NsAralice.filestamp,
 Ns
 Ar
 alice.filestamp
@@ -720,16 +617,14 @@ alice.filestamp
 which includes both server and client keys.
 Copy this file to all group hosts and install a soft link
 from the generic
-.Pa
-ntpkey_gq_
+@file{ntpkey_gq_}NsAralice
 Ns
 Ar
 alice
 to this file.
 In addition, on each host bob install a soft link
 from generic
-.Pa
-ntpkey_gq_
+@file{ntpkey_gq_}NsArbob
 Ns
 Ar
 bob
@@ -744,36 +639,23 @@ and bob one of her clients.
 On TA trish run
 @code{ntp-keygen}
 @code{-V} @code{-Ar} @code{-n} @code{-p} @code{-Ar} @code{-password}, where
-.Ar
-n
-is the number of revokable keys (typically 5) to produce
+@kbd{n} is the number of revokable keys (typically 5) to produce
 the parameter file
-.Pa
-ntpkeys_MVpar_
+@file{ntpkeys_MVpar_}NsArtrish.filestamp
 Ns
 Ar
 trish.filestamp
 and client key files
-.Pa
-ntpkeys_MVkeyd_
+@file{ntpkeys_MVkeyd_}NsArtrish.filestamp
 Ns
 Ar
 trish.filestamp
 where
-.Ar
-d
-is the key number (0 \&<
-.Ar
-d
-\&<
-.Ar
-n
-)
-.
-Copy the parameter file to alice and install a soft link
+@kbd{d} is the key number (0 \&<
+@kbd{d} \&<
+@kbd{n}). Copy the parameter file to alice and install a soft link
 from the generic
-.Pa
-ntpkey_mv_
+@file{ntpkey_mv_}NsAralice
 Ns
 Ar
 alice
@@ -784,15 +666,16 @@ It doesn't matter which client key file goes to alice,
 since they all work the same way.
 Alice copies the client key file to all of her cliens.
 On client bob install a soft link from generic
-.Pa
-ntpkey_mvkey_
+@file{ntpkey_mvkey_}NsArbob
 Ns
 Ar
 bob
 to the client key file.
 As the MV scheme is independent of keys and certificates,
 these files can be refreshed as needed.
-.Ss
+@node Command
+@section Command
+
 Command
 Line
 Options
@@ -800,9 +683,7 @@ Options
 @item Fl
 Select certificate message digest/signature encryption scheme.
 The
-.Ar
-scheme
-can be one of the following:
+@kbd{scheme} can be one of the following:
 .
 Cm
 RSA-MD2
@@ -820,16 +701,10 @@ RSA-RIPEMD160
 DSA-SHA
 ,
 or
-.Cm
-DSA-SHA1
-.
-Note that RSA schemes must be used with a RSA sign key and DSA
+@code{DSA-SHA1}. Note that RSA schemes must be used with a RSA sign key and DSA
 schemes must be used with a DSA sign key.
 The default without this option is
-.Cm
-RSA-MD5
-.
-@item Fl
+@code{RSA-MD5}. @item Fl
 Enable debugging.
 This option displays the cryptographic data produced in eye-friendly billboards.
 @item Fl
@@ -849,10 +724,7 @@ Generate parameters for the IFF identification scheme,
 obsoleting any that may exist.
 @item Fl
 Set the suject name to
-.Ar
-name
-.
-This is used as the subject field in certificates
+@kbd{name}. This is used as the subject field in certificates
 and in the file name for host and sign keys.
 @item Fl
 Generate MD5 keys, obsoleting any that may exist.
@@ -861,9 +733,7 @@ Generate a private certificate.
 By default, the program generates public certificates.
 @item Fl
 Encrypt generated files containing private data with
-.Ar
-password
-and the DES-CBC algorithm.
+@kbd{password} and the DES-CBC algorithm.
 @item Fl
 Set the password for reading files to password.
 @item Fl
@@ -872,10 +742,7 @@ obsoleting any that may exist.
 By default, the program uses the host key as the sign key.
 @item Fl
 Set the issuer name to
-.Ar
-name
-.
-This is used for the issuer field in certificates
+@kbd{name}. This is used for the issuer field in certificates
 and in the file name for identity files.
 @item Fl
 Generate a trusted certificate.
@@ -884,7 +751,9 @@ By default, the program generates a non-trusted certificate.
 Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
 
 @end multitable
-.Ss
+@node Random
+@section Random
+
 Random
 Seed
 File
@@ -909,21 +778,14 @@ but are outside the scope of this page.
 
 The entropy seed used by the OpenSSL library is contained in a file,
 usually called
-.Cm
-.rnd
-,
-which must be available when starting the NTP daemon
+.rnd, which must be available when starting the NTP daemon
 or the
 @code{ntp-keygen}
 program.
 The NTP daemon will first look for the file
 using the path specified by the
-.Ic
-randfile
-subcommand of the
-.Ic
-crypto
-configuration command.
+@code{randfile} subcommand of the
+@code{crypto} configuration command.
 If not specified in this way, or when starting the
 @code{ntp-keygen}
 program,
@@ -938,13 +800,13 @@ If the
 RANDFILE
 environment variable is not present,
 the library will look for the
-.Cm
-.rnd
-file in the user home directory.
+.rnd file in the user home directory.
 If the file is not available or cannot be written,
 the daemon exits with a message to the system log and the program
 exits with a suitable error message.
-.Ss
+@node Cryptographic
+@section Cryptographic
+
 Cryptographic
 Data
 Files
@@ -973,20 +835,13 @@ keyno
 type
 key
 where
-.Ar
-keyno
-is a positive integer in the range 1-65,535,
-.Ar
-type
-is the string MD5 defining the key format and
-.Ar
-key
-is the key itself,
+@kbd{keyno} is a positive integer in the range 1-65,535,
+@kbd{type} is the string MD5 defining the key format and
+@kbd{key} is the key itself,
 which is a printable ASCII string 16 characters or less in length.
 Each character is chosen from the 93 printable characters
 in the range 0x21 through 0x7f excluding space and the
-.Ql
-#
+@quoteleft{}#@quoteright{}
 character.
 
 Note that the keys used by the
@@ -1001,8 +856,7 @@ in human readable ASCII format.
 The
 @code{ntp-keygen}
 program generates a MD5 symmetric keys file
-.Pa
-ntpkey_MD5key_
+@file{ntpkey_MD5key_}NsArhostname.filestamp.
 Ns
 Ar
 hostname.filestamp
@@ -1011,8 +865,7 @@ Since the file contains private shared keys,
 it should be visible only to root and distributed by secure means
 to other subnet hosts.
 The NTP daemon loads the file
-.Pa
-ntp.keys
+@file{ntp.keys},
 ,
 so
 @code{ntp-keygen}
@@ -1075,7 +928,7 @@ with a status code of 0.
 
 @exampleindent 0
 @example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p335
 USAGE:  ntp-keygen [ - [] | --[@{=| @}] ]...
   Flg Arg Option-Name    Description
    -b Num imbits         identity modulus bits
diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c
index 5204ceaa52..4dfe5beb42 100644
--- a/util/ntp-keygen-opts.c
+++ b/util/ntp-keygen-opts.c
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.c)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:41:23 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:35 AM by AutoGen 5.16.2
  *  From the definitions    ntp-keygen-opts.def
  *  and the template file   options
  *
@@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
  *  ntp-keygen option static const strings
  */
 static char const ntp_keygen_opt_strs[2358] =
-/*     0 */ "ntp-keygen (ntp) 4.2.7p334\n"
+/*     0 */ "ntp-keygen (ntp) 4.2.7p335\n"
             "Copyright (C) 1970-2012 The University of Delaware, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
             "redistribution under the terms of the NTP License, copies of which\n"
@@ -166,14 +166,14 @@ static char const ntp_keygen_opt_strs[2358] =
 /*  2136 */ "no-load-opts\0"
 /*  2149 */ "no\0"
 /*  2152 */ "NTP_KEYGEN\0"
-/*  2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334\n"
+/*  2163 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p335\n"
             "USAGE:  %s [ - [] | --[{=| }] ]...\n\0"
 /*  2279 */ "$HOME\0"
 /*  2285 */ ".\0"
 /*  2287 */ ".ntprc\0"
 /*  2294 */ "http://bugs.ntp.org, bugs@ntp.org\0"
 /*  2328 */ "\n\n\0"
-/*  2331 */ "ntp-keygen (ntp) 4.2.7p334";
+/*  2331 */ "ntp-keygen (ntp) 4.2.7p335";
 
 /*
  *  imbits option description:
diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h
index 869cbe0e8b..a47e246dce 100644
--- a/util/ntp-keygen-opts.h
+++ b/util/ntp-keygen-opts.h
@@ -1,7 +1,7 @@
 /*  
  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.h)
  *  
- *  It has been AutoGen-ed  December 10, 2012 at 06:41:22 AM by AutoGen 5.16.2
+ *  It has been AutoGen-ed  December 18, 2012 at 03:58:35 AM by AutoGen 5.16.2
  *  From the definitions    ntp-keygen-opts.def
  *  and the template file   options
  *
@@ -93,8 +93,8 @@ typedef enum {
 } teOptIndex;
 
 #define OPTION_CT    26
-#define NTP_KEYGEN_VERSION       "4.2.7p334"
-#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.7p334"
+#define NTP_KEYGEN_VERSION       "4.2.7p335"
+#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.7p335"
 
 /*
  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
diff --git a/util/ntp-keygen.1ntp-keygenman b/util/ntp-keygen.1ntp-keygenman
index 8ce9e2298e..88d8aeef99 100644
--- a/util/ntp-keygen.1ntp-keygenman
+++ b/util/ntp-keygen.1ntp-keygenman
@@ -1,8 +1,8 @@
-.TH ntp-keygen 1ntp-keygenman "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-keygen 1ntp-keygenman "18 Dec 2012" "ntp (4.2.7p335)" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:35 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:44 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/util/ntp-keygen.1ntp-keygenmdoc b/util/ntp-keygen.1ntp-keygenmdoc
index 67c7d11cd5..90bea45aa2 100644
--- a/util/ntp-keygen.1ntp-keygenmdoc
+++ b/util/ntp-keygen.1ntp-keygenmdoc
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:42 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:51 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME
diff --git a/util/ntp-keygen.html b/util/ntp-keygen.html
index 48ee5084cb..2c2db781da 100644
--- a/util/ntp-keygen.html
+++ b/util/ntp-keygen.html
@@ -70,7 +70,7 @@ All other files are in PEM-encoded
 printable ASCII format so they can be embedded as MIME attachments in
 mail to other sites.
 
-  
        This document applies to version 4.2.7p334 of ntp-keygen.
+  
        This document applies to version 4.2.7p335 of ntp-keygen.
 
 
        
 
        
@@ -214,6 +214,156 @@ so they can be embedded as MIME attachments in mail to other sites
 and certificate authorities. 
 By default, files are not encrypted.
 
+  
        When used to generate message digest keys, the program produces a file
+containing ten pseudo-random printable ASCII strings suitable for the
+MD5 message digest algorithm included in the distribution. 
+If the OpenSSL library is installed, it produces an additional ten
+hex-encoded random bit strings suitable for the SHA1 and other message
+digest algorithms. 
+The message digest keys file must be distributed and stored
+using secure means beyond the scope of NTP itself. 
+Besides the keys used for ordinary NTP associations, additional keys
+can be defined as passwords for the ntpq and ntpdc utility programs.
+
+  
        The remaining generated files are compatible with other OpenSSL
+applications and other Public Key Infrastructure (PKI) resources. 
+Certificates generated by this program are compatible with extant
+industry practice, although some users might find the interpretation of
+X509v3 extension fields somewhat liberal. 
+However, the identity keys are probably not compatible with anything
+other than Autokey.
+
+  
        Some files used by this program are encrypted using a private password. 
+The
+--p option specifies the password for local encrypted files and the
+--q option the password for encrypted files sent to remote sites. 
+If no password is specified, the host name returned by the Unix
+.Fn
+gethostname
+function, normally the DNS name of the host is used.
+
+  
        The
+.Ar
+pw
+option of the
+.Ar
+crypto
+configuration command specifies the read
+password for previously encrypted local files. 
+This must match the local password used by this program. 
+If not specified, the host name is used. 
+Thus, if files are generated by this program without password,
+they can be read back by
+.Ar
+ntpd
+without password but only on the same host.
+
+  
        Normally, encrypted files for each host are generated by that host and
+used only by that host, although exceptions exist as noted later on
+this page. 
+The symmetric keys file, normally called
+.Ar
+ntp.keys
+,
+is usually installed in
+.Pa
+/etc
+. 
+Other files and links are usually installed in
+.Pa
+/usr/local/etc
+,
+which is normally in a shared filesystem in
+NFS-mounted networks and cannot be changed by shared clients. 
+The location of the keys directory can be changed by the
+.Ar
+keysdir
+configuration command in such cases. 
+Normally, this is in
+.Pa
+/etc
+.
+
+  
        This program directs commentary and error messages to the standard
+error stream
+.Ar
+stderr
+and remote files to the standard output stream
+.Ar
+stdout
+where they can be piped to other applications or redirected to files. 
+The names used for generated files and links all begin with the
+string
+.Ar
+ntpkey
+and include the file type, generating host and filestamp,
+as described in the
+.Dq
+Cryptographic
+Data
+Files
+section below. 
+.Ss
+Running
+the
+Program
+To test and gain experience with Autokey concepts, log in as root and
+change to the keys directory, usually
+.Pa
+/usr/local/etc
+When run for the first time, or if all files with names beginning with
+.Ar
+ntpkey
+have been removed, use the
+ntp-keygen
+command without arguments to generate a
+default RSA host key and matching RSA-MD5 certificate with expiration
+date one year hence. 
+If run again without options, the program uses the
+existing keys and parameters and generates only a new certificate with
+new expiration date one year hence.
+
+  
        Run the command on as many hosts as necessary. 
+Designate one of them as the trusted host (TH) using
+ntp-keygen
+with the
+-T option and configure it to synchronize from reliable Internet servers. 
+Then configure the other hosts to synchronize to the TH directly or
+indirectly. 
+A certificate trail is created when Autokey asks the immediately
+ascendant host towards the TH to sign its certificate, which is then
+provided to the immediately descendant host on request. 
+All group hosts should have acyclic certificate trails ending on the TH.
+
+  
        The host key is used to encrypt the cookie when required and so must be
+RSA type. 
+By default, the host key is also the sign key used to encrypt
+signatures. 
+A different sign key can be assigned using the
+-S option and this can be either RSA or DSA type. 
+By default, the signature
+message digest type is MD5, but any combination of sign key type and
+message digest type supported by the OpenSSL library can be specified
+using the
+-c option. 
+The rules say cryptographic media should be generated with proventic
+filestamps, which means the host should already be synchronized before
+this program is run. 
+This of course creates a chicken-and-egg problem
+when the host is started for the first time. 
+Accordingly, the host time
+should be set by some other means, such as eyeball-and-wristwatch, at
+least so that the certificate lifetime is within the current year. 
+After that and when the host is synchronized to a proventic source, the
+certificate should be re-generated.
+
+  
        Additional information on trusted groups and identity schemes is on the
+.Dq
+Autokey
+Public-Key
+Authentication
+page.
+
   
        The
 ntpd(8)
 configuration command
@@ -1094,7 +1244,7 @@ the usage text by passing it through a pager program.
 used to select the program, defaulting to more.  Both will exit
 with a status code of 0.
 
-     
             ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p333
+     
             ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p334
      USAGE:  ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
        Flg Arg Option-Name    Description
         -b Num imbits         identity modulus bits
diff --git a/util/ntp-keygen.man.in b/util/ntp-keygen.man.in
index aa66e933a1..7aa76ec995 100644
--- a/util/ntp-keygen.man.in
+++ b/util/ntp-keygen.man.in
@@ -1,8 +1,8 @@
-.TH ntp-keygen @NTP_KEYGEN_MS@ "10 Dec 2012" "ntp (4.2.7p334)" "User Commands"
+.TH ntp-keygen @NTP_KEYGEN_MS@ "18 Dec 2012" "ntp (4.2.7p335)" "User Commands"
 .\"
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.man)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:35 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:44 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agman-cmd.tpl
 .\"
diff --git a/util/ntp-keygen.mdoc.in b/util/ntp-keygen.mdoc.in
index b5d477d024..08e8be9c66 100644
--- a/util/ntp-keygen.mdoc.in
+++ b/util/ntp-keygen.mdoc.in
@@ -1,9 +1,9 @@
-.Dd December 10 2012
+.Dd December 18 2012
 .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
 .Os SunOS 5.10
 .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
 .\"  
-.\"  It has been AutoGen-ed  December 10, 2012 at 06:41:42 AM by AutoGen 5.16.2
+.\"  It has been AutoGen-ed  December 18, 2012 at 03:58:51 AM by AutoGen 5.16.2
 .\"  From the definitions    ntp-keygen-opts.def
 .\"  and the template file   agmdoc-cmd.tpl
 .Sh NAME