1.Dd January 20 2016 |
2.Dt NTP_CONF 5 File Formats 3.Os 4.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) 5.\" |
6.\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5 |
7.\" From the definitions ntp.conf.def 8.\" and the template file agmdoc-cmd.tpl 9.Sh NAME 10.Nm ntp.conf 11.Nd Network Time Protocol (NTP) daemon configuration file format 12.Sh SYNOPSIS 13.Nm 14.Op Fl \-option\-name --- 2373 unchanged lines hidden (view full) --- 2388otherwise, should be avoided. 2389.It Ic dscp Ar value 2390This option specifies the Differentiated Services Control Point (DSCP) value, 2391a 6\-bit code. The default value is 46, signifying Expedited Forwarding. 2392.It Xo Ic enable 2393.Oo 2394.Cm auth | Cm bclient | 2395.Cm calibrate | Cm kernel | |
2396.Cm mode7 | Cm monitor | 2397.Cm ntp | Cm stats | 2398.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early |
2399.Oc 2400.Xc 2401.It Xo Ic disable 2402.Oo 2403.Cm auth | Cm bclient | 2404.Cm calibrate | Cm kernel | |
2405.Cm mode7 | Cm monitor | 2406.Cm ntp | Cm stats | 2407.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early |
2408.Oc 2409.Xc 2410Provides a way to enable or disable various server options. 2411Flags not mentioned are unaffected. 2412Note that all of these flags 2413can be controlled remotely using the 2414.Xr ntpdc @NTPDC_MS@ 2415utility program. --- 57 unchanged lines hidden (view full) --- 2473.Ic enable . 2474.It Cm stats 2475Enables the statistics facility. 2476See the 2477.Sx Monitoring Options 2478section for further information. 2479The default for this flag is 2480.Ic disable . |
2481.It Cm unpeer_crypto_early 2482By default, if 2483.Xr ntpd @NTPD_MS@ 2484receives an autokey packet that fails TEST9, 2485a crypto failure, 2486the association is immediately cleared. 2487This is almost certainly a feature, 2488but if, in spite of the current recommendation of not using autokey, 2489you are 2490.B still 2491using autokey 2492.B and 2493you are seeing this sort of DoS attack 2494disabling this flag will delay 2495tearing down the association until the reachability counter 2496becomes zero. 2497You can check your 2498.Cm peerstats 2499file for evidence of any of these attacks. 2500The 2501default for this flag is 2502.Ic enable . 2503.It Cm unpeer_crypto_nak_early 2504By default, if 2505.Xr ntpd @NTPD_MS@ 2506receives a crypto\-NAK packet that 2507passes the duplicate packet and origin timestamp checks 2508the association is immediately cleared. 2509While this is generally a feature 2510as it allows for quick recovery if a server key has changed, 2511a properly forged and appropriately delivered crypto\-NAK packet 2512can be used in a DoS attack. 2513If you have active noticable problems with this type of DoS attack 2514then you should consider 2515disabling this option. 2516You can check your 2517.Cm peerstats 2518file for evidence of any of these attacks. 2519The 2520default for this flag is 2521.Ic enable . 2522.It Cm unpeer_digest_early 2523By default, if 2524.Xr ntpd @NTPD_MS@ 2525receives what should be an authenticated packet 2526that passes other packet sanity checks but 2527contains an invalid digest 2528the association is immediately cleared. 2529While this is generally a feature 2530as it allows for quick recovery, 2531if this type of packet is carefully forged and sent 2532during an appropriate window it can be used for a DoS attack. 2533If you have active noticable problems with this type of DoS attack 2534then you should consider 2535disabling this option. 2536You can check your 2537.Cm peerstats 2538file for evidence of any of these attacks. 2539The 2540default for this flag is 2541.Ic enable . |
2542.El 2543.It Ic includefile Ar includefile 2544This command allows additional configuration commands 2545to be included from a separate file. 2546Include files may 2547be nested to a depth of five; upon reaching the end of any 2548include file, command processing resumes in the previous 2549configuration file. --- 342 unchanged lines hidden (view full) --- 2892.Rs 2893.%A David L. Mills 2894.%T Network Time Protocol (Version 4) 2895.%O RFC5905 2896.Re 2897.Sh "AUTHORS" 2898The University of Delaware and Network Time Foundation 2899.Sh "COPYRIGHT" |
2900Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved. |
2901This program is released under the terms of the NTP license, <http://ntp.org/license>. 2902.Sh BUGS 2903The syntax checking is not picky; some combinations of 2904ridiculous and even hilarious options and modes may not be 2905detected. 2906.Pp 2907The 2908.Pa ntpkey_ Ns Ar host 2909files are really digital 2910certificates. 2911These should be obtained via secure directory 2912services when they become universally available. 2913.Pp 2914Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org 2915.Sh NOTES 2916This document was derived from FreeBSD. 2917.Pp 2918This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP 2919option definitions. |