1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name = "ntp.keys";
12file-path = "/etc/ntp.keys";
13prog-title = "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17 _END_EXPLAIN;
18
19doc-section = {
20 ds-type = 'DESCRIPTION';
21 ds-format = 'mdoc';
22 ds-text = <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
46.D1 Ar keyno type key opt_IP_list
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
55is the key itself, and
56.Ar opt_IP_list
57is an optional comma-separated list of IPs
58that are allowed to serve time.
59If
60.Ar opt_IP_list
61is empty,
62any properly-authenticated server message will be
63accepted.
64.Pp
65The
66.Ar key
67may be given in a format
68controlled by the
69.Ar type
70field.
71The
72.Ar type
73.Li MD5
74is always supported.
75If
76.Li ntpd
77was built with the OpenSSL library
78then any digest library supported by that library may be specified.
79However, if compliance with FIPS 140-2 is required the
80.Ar type
81must be either
82.Li SHA
83or
84.Li SHA1 .
85.Pp
86What follows are some key types, and corresponding formats:
87.Pp
88.Bl -tag -width RMD160 -compact
89.It Li MD5
90The key is 1 to 16 printable characters terminated by
91an EOL,
92whitespace,
93or
94a
95.Li #
96(which is the "start of comment" character).
97.Pp
98.It Li SHA
99.It Li SHA1
100.It Li RMD160
101The key is a hex-encoded ASCII string of 40 characters,
102which is truncated as necessary.
103.El
104.Pp
105Note that the keys used by the
106.Xr ntpq 8
107and
108.Xr ntpdc 8
109programs are checked against passwords
110requested by the programs and entered by hand,
111so it is generally appropriate to specify these keys in ASCII format.
112 _END_PROG_MDOC_DESCRIP;
113};
114
115doc-section = {
116 ds-type = 'FILES';
117 ds-format = 'mdoc';
118 ds-text = <<- _END_MDOC_FILES
119.Bl -tag -width /etc/ntp.keys -compact
120.It Pa /etc/ntp.keys
121the default name of the configuration file
122.El
123 _END_MDOC_FILES;
124};
125
126doc-section = {
127 ds-type = 'SEE ALSO';
128 ds-format = 'mdoc';
129 ds-text = <<- _END_MDOC_SEE_ALSO
130.Xr ntp.conf 5 ,
131.Xr ntpd 1ntpdmdoc ,
132.Xr ntpdate 1ntpdatemdoc ,
133.Xr ntpdc 1ntpdcmdoc ,
134.Xr sntp 1sntpmdoc
135 _END_MDOC_SEE_ALSO;
136};
137
138/*
139doc-section = {
140 ds-type = 'BUGS';
141 ds-format = 'mdoc';
142 ds-text = <<- _END_MDOC_BUGS
143.Xr ntpd 8
144has gotten rather fat.
145While not huge, it has gotten larger than might
146be desirable for an elevated-priority daemon running on a workstation,
147particularly since many of the fancy features which consume the space
148were designed more with a busy primary server, rather than a high
149stratum workstation, in mind.
150 _END_MDOC_BUGS;
151};
152*/
153
154doc-section = {
155 ds-type = 'NOTES';
156 ds-format = 'mdoc';
157 ds-text = <<- _END_MDOC_NOTES
158This document was derived from FreeBSD.
159 _END_MDOC_NOTES;
160};
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name = "ntp.keys";
12file-path = "/etc/ntp.keys";
13prog-title = "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17 _END_EXPLAIN;
18
19doc-section = {
20 ds-type = 'DESCRIPTION';
21 ds-format = 'mdoc';
22 ds-text = <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
46.D1 Ar keyno type key opt_IP_list
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
55is the key itself, and
56.Ar opt_IP_list
57is an optional comma-separated list of IPs
58that are allowed to serve time.
59If
60.Ar opt_IP_list
61is empty,
62any properly-authenticated server message will be
63accepted.
64.Pp
65The
66.Ar key
67may be given in a format
68controlled by the
69.Ar type
70field.
71The
72.Ar type
73.Li MD5
74is always supported.
75If
76.Li ntpd
77was built with the OpenSSL library
78then any digest library supported by that library may be specified.
79However, if compliance with FIPS 140-2 is required the
80.Ar type
81must be either
82.Li SHA
83or
84.Li SHA1 .
85.Pp
86What follows are some key types, and corresponding formats:
87.Pp
88.Bl -tag -width RMD160 -compact
89.It Li MD5
90The key is 1 to 16 printable characters terminated by
91an EOL,
92whitespace,
93or
94a
95.Li #
96(which is the "start of comment" character).
97.Pp
98.It Li SHA
99.It Li SHA1
100.It Li RMD160
101The key is a hex-encoded ASCII string of 40 characters,
102which is truncated as necessary.
103.El
104.Pp
105Note that the keys used by the
106.Xr ntpq 8
107and
108.Xr ntpdc 8
109programs are checked against passwords
110requested by the programs and entered by hand,
111so it is generally appropriate to specify these keys in ASCII format.
112 _END_PROG_MDOC_DESCRIP;
113};
114
115doc-section = {
116 ds-type = 'FILES';
117 ds-format = 'mdoc';
118 ds-text = <<- _END_MDOC_FILES
119.Bl -tag -width /etc/ntp.keys -compact
120.It Pa /etc/ntp.keys
121the default name of the configuration file
122.El
123 _END_MDOC_FILES;
124};
125
126doc-section = {
127 ds-type = 'SEE ALSO';
128 ds-format = 'mdoc';
129 ds-text = <<- _END_MDOC_SEE_ALSO
130.Xr ntp.conf 5 ,
131.Xr ntpd 1ntpdmdoc ,
132.Xr ntpdate 1ntpdatemdoc ,
133.Xr ntpdc 1ntpdcmdoc ,
134.Xr sntp 1sntpmdoc
135 _END_MDOC_SEE_ALSO;
136};
137
138/*
139doc-section = {
140 ds-type = 'BUGS';
141 ds-format = 'mdoc';
142 ds-text = <<- _END_MDOC_BUGS
143.Xr ntpd 8
144has gotten rather fat.
145While not huge, it has gotten larger than might
146be desirable for an elevated-priority daemon running on a workstation,
147particularly since many of the fancy features which consume the space
148were designed more with a busy primary server, rather than a high
149stratum workstation, in mind.
150 _END_MDOC_BUGS;
151};
152*/
153
154doc-section = {
155 ds-type = 'NOTES';
156 ds-format = 'mdoc';
157 ds-text = <<- _END_MDOC_NOTES
158This document was derived from FreeBSD.
159 _END_MDOC_NOTES;
160};