ntp.conf.5 (330106) | ntp.conf.5 (338530) |
---|---|
1.Dd February 27 2018 | 1.Dd August 14 2018 |
2.Dt NTP_CONF 5 File Formats 3.Os 4.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) 5.\" | 2.Dt NTP_CONF 5 File Formats 3.Os 4.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) 5.\" |
6.\" $FreeBSD: stable/11/usr.sbin/ntp/doc/ntp.conf.5 330106 2018-02-28 09:01:03Z delphij $ | 6.\" $FreeBSD: stable/11/usr.sbin/ntp/doc/ntp.conf.5 338530 2018-09-08 04:09:30Z delphij $ |
7.\" | 7.\" |
8.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5 | 8.\" It has been AutoGen-ed August 14, 2018 at 08:29:15 AM by AutoGen 5.18.5 |
9.\" From the definitions ntp.conf.def 10.\" and the template file agmdoc-cmd.tpl 11.Sh NAME 12.Nm ntp.conf 13.Nd Network Time Protocol (NTP) daemon configuration file format 14.Sh SYNOPSIS 15.Nm 16.Op Fl \-option\-name --- 305 unchanged lines hidden (view full) --- 322.Xr ntpd 8 323is started with the 324.Fl q 325option. 326.It Cm key Ar key 327All packets sent to and received from the server or peer are to 328include authentication fields encrypted using the specified 329.Ar key | 9.\" From the definitions ntp.conf.def 10.\" and the template file agmdoc-cmd.tpl 11.Sh NAME 12.Nm ntp.conf 13.Nd Network Time Protocol (NTP) daemon configuration file format 14.Sh SYNOPSIS 15.Nm 16.Op Fl \-option\-name --- 305 unchanged lines hidden (view full) --- 322.Xr ntpd 8 323is started with the 324.Fl q 325option. 326.It Cm key Ar key 327All packets sent to and received from the server or peer are to 328include authentication fields encrypted using the specified 329.Ar key |
330identifier with values from 1 to 65534, inclusive. | 330identifier with values from 1 to 65535, inclusive. |
331The 332default is to include no encryption field. 333.It Cm minpoll Ar minpoll 334.It Cm maxpoll Ar maxpoll 335These options specify the minimum and maximum poll intervals 336for NTP messages, as a power of 2 in seconds 337The maximum poll 338interval defaults to 10 (1,024 s), but can be increased by the --- 241 unchanged lines hidden (view full) --- 580The security model and protocol schemes for 581both symmetric key and public key 582cryptography are summarized below; 583further details are in the briefings, papers 584and reports at the NTP project page linked from 585.Li http://www.ntp.org/ . 586.Ss Symmetric\-Key Cryptography 587The original RFC\-1305 specification allows any one of possibly | 331The 332default is to include no encryption field. 333.It Cm minpoll Ar minpoll 334.It Cm maxpoll Ar maxpoll 335These options specify the minimum and maximum poll intervals 336for NTP messages, as a power of 2 in seconds 337The maximum poll 338interval defaults to 10 (1,024 s), but can be increased by the --- 241 unchanged lines hidden (view full) --- 580The security model and protocol schemes for 581both symmetric key and public key 582cryptography are summarized below; 583further details are in the briefings, papers 584and reports at the NTP project page linked from 585.Li http://www.ntp.org/ . 586.Ss Symmetric\-Key Cryptography 587The original RFC\-1305 specification allows any one of possibly |
58865,534 keys, each distinguished by a 32\-bit key identifier, to | 58865,535 keys, each distinguished by a 32\-bit key identifier, to |
589authenticate an association. 590The servers and clients involved must 591agree on the key and key identifier to 592authenticate NTP packets. 593Keys and 594related information are specified in a key 595file, usually called 596.Pa ntp.keys , --- 277 unchanged lines hidden (view full) --- 874Specifies the key identifier to use with the 875.Xr ntpq 8 876utility, which uses the standard 877protocol defined in RFC\-1305. 878The 879.Ar key 880argument is 881the key identifier for a trusted key, where the value can be in the | 589authenticate an association. 590The servers and clients involved must 591agree on the key and key identifier to 592authenticate NTP packets. 593Keys and 594related information are specified in a key 595file, usually called 596.Pa ntp.keys , --- 277 unchanged lines hidden (view full) --- 874Specifies the key identifier to use with the 875.Xr ntpq 8 876utility, which uses the standard 877protocol defined in RFC\-1305. 878The 879.Ar key 880argument is 881the key identifier for a trusted key, where the value can be in the |
882range 1 to 65,534, inclusive. | 882range 1 to 65,535, inclusive. |
883.It Xo Ic crypto 884.Op Cm cert Ar file 885.Op Cm leap Ar file 886.Op Cm randfile Ar file 887.Op Cm host Ar file 888.Op Cm sign Ar file 889.Op Cm gq Ar file 890.Op Cm gqpar Ar file --- 87 unchanged lines hidden (view full) --- 978.Xr ntpdc 8 979utility program, which uses a 980proprietary protocol specific to this implementation of 981.Xr ntpd 8 . 982The 983.Ar key 984argument is a key identifier 985for the trusted key, where the value can be in the range 1 to | 883.It Xo Ic crypto 884.Op Cm cert Ar file 885.Op Cm leap Ar file 886.Op Cm randfile Ar file 887.Op Cm host Ar file 888.Op Cm sign Ar file 889.Op Cm gq Ar file 890.Op Cm gqpar Ar file --- 87 unchanged lines hidden (view full) --- 978.Xr ntpdc 8 979utility program, which uses a 980proprietary protocol specific to this implementation of 981.Xr ntpd 8 . 982The 983.Ar key 984argument is a key identifier 985for the trusted key, where the value can be in the range 1 to |
98665,534, inclusive. | 98665,535, inclusive. |
987.It Ic revoke Ar logsec 988Specifies the interval between re\-randomization of certain 989cryptographic values used by the Autokey scheme, as a power of 2 in 990seconds. 991These values need to be updated frequently in order to 992deflect brute\-force attacks on the algorithms of the scheme; 993however, updating some values is a relatively expensive operation. 994The default interval is 16 (65,536 s or about 18 hours). --- 10 unchanged lines hidden (view full) --- 1005programs. 1006The authentication procedures require that both the local 1007and remote servers share the same key and key identifier for this 1008purpose, although different keys can be used with different 1009servers. 1010The 1011.Ar key 1012arguments are 32\-bit unsigned | 987.It Ic revoke Ar logsec 988Specifies the interval between re\-randomization of certain 989cryptographic values used by the Autokey scheme, as a power of 2 in 990seconds. 991These values need to be updated frequently in order to 992deflect brute\-force attacks on the algorithms of the scheme; 993however, updating some values is a relatively expensive operation. 994The default interval is 16 (65,536 s or about 18 hours). --- 10 unchanged lines hidden (view full) --- 1005programs. 1006The authentication procedures require that both the local 1007and remote servers share the same key and key identifier for this 1008purpose, although different keys can be used with different 1009servers. 1010The 1011.Ar key 1012arguments are 32\-bit unsigned |
1013integers with values from 1 to 65,534. | 1013integers with values from 1 to 65,535. |
1014.El 1015.Ss Error Codes 1016The following error codes are reported via the NTP control 1017and monitoring protocol trap mechanism. 1018.Bl -tag -width indent 1019.It 101 1020.Pq bad field format or length 1021The packet has invalid version, length or format. --- 2258 unchanged lines hidden --- | 1014.El 1015.Ss Error Codes 1016The following error codes are reported via the NTP control 1017and monitoring protocol trap mechanism. 1018.Bl -tag -width indent 1019.It 101 1020.Pq bad field format or length 1021The packet has invalid version, length or format. --- 2258 unchanged lines hidden --- |