Deleted Added
sdiff udiff text old ( 280849 ) new ( 294554 )
full compact
ntp.keys.def (280849) ntp.keys.def (294554)
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name = "ntp.keys";
12file-path = "/etc/ntp.keys";
13prog-title = "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17 _END_EXPLAIN;
18
19doc-section = {
20 ds-type = 'DESCRIPTION';
21 ds-format = 'mdoc';
22 ds-text = <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6#include version.def
7
8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name
9// to be ntp.keys - the latter is also how autogen produces the output
10// file name.
11prog-name = "ntp.keys";
12file-path = "/etc/ntp.keys";
13prog-title = "NTP symmetric key file format";
14
15/* explain: Additional information whenever the usage routine is invoked */
16explain = <<- _END_EXPLAIN
17 _END_EXPLAIN;
18
19doc-section = {
20 ds-type = 'DESCRIPTION';
21 ds-format = 'mdoc';
22 ds-text = <<- _END_PROG_MDOC_DESCRIP
23This document describes the format of an NTP symmetric key file.
24For a description of the use of this type of file, see the
25.Qq Authentication Support
26section of the
27.Xr ntp.conf 5
28page.
29.Pp
30.Xr ntpd 8
31reads its keys from a file specified using the
32.Fl k
33command line option or the
34.Ic keys
35statement in the configuration file.
36While key number 0 is fixed by the NTP standard
37(as 56 zero bits)
38and may not be changed,
39one or more keys numbered between 1 and 65534
40may be arbitrarily set in the keys file.
41.Pp
42The key file uses the same comment conventions
43as the configuration file.
44Key entries use a fixed format of the form
45.Pp
46.D1 Ar keyno type key
46.D1 Ar keyno type key opt_IP_list
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
47.Pp
48where
49.Ar keyno
50is a positive integer (between 1 and 65534),
51.Ar type
52is the message digest algorithm,
53and
54.Ar key
55is the key itself.
55is the key itself, and
56.Ar opt_IP_list
57is an optional comma-separated list of IPs
58that are allowed to serve time.
59If
60.Ar opt_IP_list
61is empty,
62any properly-authenticated server message will be
63accepted.
56.Pp
57The
58.Ar key
59may be given in a format
60controlled by the
61.Ar type
62field.
63The
64.Ar type
65.Li MD5
66is always supported.
67If
68.Li ntpd
69was built with the OpenSSL library
70then any digest library supported by that library may be specified.
71However, if compliance with FIPS 140-2 is required the
72.Ar type
73must be either
74.Li SHA
75or
76.Li SHA1 .
77.Pp
78What follows are some key types, and corresponding formats:
79.Pp
80.Bl -tag -width RMD160 -compact
81.It Li MD5
82The key is 1 to 16 printable characters terminated by
83an EOL,
84whitespace,
85or
86a
87.Li #
88(which is the "start of comment" character).
89.Pp
90.It Li SHA
91.It Li SHA1
92.It Li RMD160
93The key is a hex-encoded ASCII string of 40 characters,
94which is truncated as necessary.
95.El
96.Pp
97Note that the keys used by the
98.Xr ntpq 8
99and
100.Xr ntpdc 8
101programs are checked against passwords
102requested by the programs and entered by hand,
103so it is generally appropriate to specify these keys in ASCII format.
104 _END_PROG_MDOC_DESCRIP;
105};
106
107doc-section = {
108 ds-type = 'FILES';
109 ds-format = 'mdoc';
110 ds-text = <<- _END_MDOC_FILES
111.Bl -tag -width /etc/ntp.keys -compact
112.It Pa /etc/ntp.keys
113the default name of the configuration file
114.El
115 _END_MDOC_FILES;
116};
117
118doc-section = {
119 ds-type = 'SEE ALSO';
120 ds-format = 'mdoc';
121 ds-text = <<- _END_MDOC_SEE_ALSO
122.Xr ntp.conf 5 ,
123.Xr ntpd 1ntpdmdoc ,
124.Xr ntpdate 1ntpdatemdoc ,
125.Xr ntpdc 1ntpdcmdoc ,
126.Xr sntp 1sntpmdoc
127 _END_MDOC_SEE_ALSO;
128};
129
130/*
131doc-section = {
132 ds-type = 'BUGS';
133 ds-format = 'mdoc';
134 ds-text = <<- _END_MDOC_BUGS
135.Xr ntpd 8
136has gotten rather fat.
137While not huge, it has gotten larger than might
138be desirable for an elevated-priority daemon running on a workstation,
139particularly since many of the fancy features which consume the space
140were designed more with a busy primary server, rather than a high
141stratum workstation, in mind.
142 _END_MDOC_BUGS;
143};
144*/
145
146doc-section = {
147 ds-type = 'NOTES';
148 ds-format = 'mdoc';
149 ds-text = <<- _END_MDOC_NOTES
150This document was derived from FreeBSD.
151 _END_MDOC_NOTES;
152};
64.Pp
65The
66.Ar key
67may be given in a format
68controlled by the
69.Ar type
70field.
71The
72.Ar type
73.Li MD5
74is always supported.
75If
76.Li ntpd
77was built with the OpenSSL library
78then any digest library supported by that library may be specified.
79However, if compliance with FIPS 140-2 is required the
80.Ar type
81must be either
82.Li SHA
83or
84.Li SHA1 .
85.Pp
86What follows are some key types, and corresponding formats:
87.Pp
88.Bl -tag -width RMD160 -compact
89.It Li MD5
90The key is 1 to 16 printable characters terminated by
91an EOL,
92whitespace,
93or
94a
95.Li #
96(which is the "start of comment" character).
97.Pp
98.It Li SHA
99.It Li SHA1
100.It Li RMD160
101The key is a hex-encoded ASCII string of 40 characters,
102which is truncated as necessary.
103.El
104.Pp
105Note that the keys used by the
106.Xr ntpq 8
107and
108.Xr ntpdc 8
109programs are checked against passwords
110requested by the programs and entered by hand,
111so it is generally appropriate to specify these keys in ASCII format.
112 _END_PROG_MDOC_DESCRIP;
113};
114
115doc-section = {
116 ds-type = 'FILES';
117 ds-format = 'mdoc';
118 ds-text = <<- _END_MDOC_FILES
119.Bl -tag -width /etc/ntp.keys -compact
120.It Pa /etc/ntp.keys
121the default name of the configuration file
122.El
123 _END_MDOC_FILES;
124};
125
126doc-section = {
127 ds-type = 'SEE ALSO';
128 ds-format = 'mdoc';
129 ds-text = <<- _END_MDOC_SEE_ALSO
130.Xr ntp.conf 5 ,
131.Xr ntpd 1ntpdmdoc ,
132.Xr ntpdate 1ntpdatemdoc ,
133.Xr ntpdc 1ntpdcmdoc ,
134.Xr sntp 1sntpmdoc
135 _END_MDOC_SEE_ALSO;
136};
137
138/*
139doc-section = {
140 ds-type = 'BUGS';
141 ds-format = 'mdoc';
142 ds-text = <<- _END_MDOC_BUGS
143.Xr ntpd 8
144has gotten rather fat.
145While not huge, it has gotten larger than might
146be desirable for an elevated-priority daemon running on a workstation,
147particularly since many of the fancy features which consume the space
148were designed more with a busy primary server, rather than a high
149stratum workstation, in mind.
150 _END_MDOC_BUGS;
151};
152*/
153
154doc-section = {
155 ds-type = 'NOTES';
156 ds-format = 'mdoc';
157 ds-text = <<- _END_MDOC_NOTES
158This document was derived from FreeBSD.
159 _END_MDOC_NOTES;
160};