1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6#include version.def 7 8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name 9// to be ntp.keys - the latter is also how autogen produces the output 10// file name. 11prog-name = "ntp.keys"; 12file-path = "/etc/ntp.keys"; 13prog-title = "NTP symmetric key file format"; 14 15/* explain: Additional information whenever the usage routine is invoked */ 16explain = <<- _END_EXPLAIN 17 _END_EXPLAIN; 18 19doc-section = { 20 ds-type = 'DESCRIPTION'; 21 ds-format = 'mdoc'; 22 ds-text = <<- _END_PROG_MDOC_DESCRIP 23This document describes the format of an NTP symmetric key file. 24For a description of the use of this type of file, see the 25.Qq Authentication Support 26section of the 27.Xr ntp.conf 5 28page. 29.Pp 30.Xr ntpd 8 31reads its keys from a file specified using the 32.Fl k 33command line option or the 34.Ic keys 35statement in the configuration file. 36While key number 0 is fixed by the NTP standard 37(as 56 zero bits) 38and may not be changed, 39one or more keys numbered between 1 and 65534 40may be arbitrarily set in the keys file. 41.Pp 42The key file uses the same comment conventions 43as the configuration file. 44Key entries use a fixed format of the form 45.Pp
| 1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6#include version.def 7 8// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name 9// to be ntp.keys - the latter is also how autogen produces the output 10// file name. 11prog-name = "ntp.keys"; 12file-path = "/etc/ntp.keys"; 13prog-title = "NTP symmetric key file format"; 14 15/* explain: Additional information whenever the usage routine is invoked */ 16explain = <<- _END_EXPLAIN 17 _END_EXPLAIN; 18 19doc-section = { 20 ds-type = 'DESCRIPTION'; 21 ds-format = 'mdoc'; 22 ds-text = <<- _END_PROG_MDOC_DESCRIP 23This document describes the format of an NTP symmetric key file. 24For a description of the use of this type of file, see the 25.Qq Authentication Support 26section of the 27.Xr ntp.conf 5 28page. 29.Pp 30.Xr ntpd 8 31reads its keys from a file specified using the 32.Fl k 33command line option or the 34.Ic keys 35statement in the configuration file. 36While key number 0 is fixed by the NTP standard 37(as 56 zero bits) 38and may not be changed, 39one or more keys numbered between 1 and 65534 40may be arbitrarily set in the keys file. 41.Pp 42The key file uses the same comment conventions 43as the configuration file. 44Key entries use a fixed format of the form 45.Pp
|
47.Pp 48where 49.Ar keyno 50is a positive integer (between 1 and 65534), 51.Ar type 52is the message digest algorithm, 53and 54.Ar key
| 47.Pp 48where 49.Ar keyno 50is a positive integer (between 1 and 65534), 51.Ar type 52is the message digest algorithm, 53and 54.Ar key
|
56.Pp 57The 58.Ar key 59may be given in a format 60controlled by the 61.Ar type 62field. 63The 64.Ar type 65.Li MD5 66is always supported. 67If 68.Li ntpd 69was built with the OpenSSL library 70then any digest library supported by that library may be specified. 71However, if compliance with FIPS 140-2 is required the 72.Ar type 73must be either 74.Li SHA 75or 76.Li SHA1 . 77.Pp 78What follows are some key types, and corresponding formats: 79.Pp 80.Bl -tag -width RMD160 -compact 81.It Li MD5 82The key is 1 to 16 printable characters terminated by 83an EOL, 84whitespace, 85or 86a 87.Li # 88(which is the "start of comment" character). 89.Pp 90.It Li SHA 91.It Li SHA1 92.It Li RMD160 93The key is a hex-encoded ASCII string of 40 characters, 94which is truncated as necessary. 95.El 96.Pp 97Note that the keys used by the 98.Xr ntpq 8 99and 100.Xr ntpdc 8 101programs are checked against passwords 102requested by the programs and entered by hand, 103so it is generally appropriate to specify these keys in ASCII format. 104 _END_PROG_MDOC_DESCRIP; 105}; 106 107doc-section = { 108 ds-type = 'FILES'; 109 ds-format = 'mdoc'; 110 ds-text = <<- _END_MDOC_FILES 111.Bl -tag -width /etc/ntp.keys -compact 112.It Pa /etc/ntp.keys 113the default name of the configuration file 114.El 115 _END_MDOC_FILES; 116}; 117 118doc-section = { 119 ds-type = 'SEE ALSO'; 120 ds-format = 'mdoc'; 121 ds-text = <<- _END_MDOC_SEE_ALSO 122.Xr ntp.conf 5 , 123.Xr ntpd 1ntpdmdoc , 124.Xr ntpdate 1ntpdatemdoc , 125.Xr ntpdc 1ntpdcmdoc , 126.Xr sntp 1sntpmdoc 127 _END_MDOC_SEE_ALSO; 128}; 129 130/* 131doc-section = { 132 ds-type = 'BUGS'; 133 ds-format = 'mdoc'; 134 ds-text = <<- _END_MDOC_BUGS 135.Xr ntpd 8 136has gotten rather fat. 137While not huge, it has gotten larger than might 138be desirable for an elevated-priority daemon running on a workstation, 139particularly since many of the fancy features which consume the space 140were designed more with a busy primary server, rather than a high 141stratum workstation, in mind. 142 _END_MDOC_BUGS; 143}; 144*/ 145 146doc-section = { 147 ds-type = 'NOTES'; 148 ds-format = 'mdoc'; 149 ds-text = <<- _END_MDOC_NOTES 150This document was derived from FreeBSD. 151 _END_MDOC_NOTES; 152};
| 64.Pp 65The 66.Ar key 67may be given in a format 68controlled by the 69.Ar type 70field. 71The 72.Ar type 73.Li MD5 74is always supported. 75If 76.Li ntpd 77was built with the OpenSSL library 78then any digest library supported by that library may be specified. 79However, if compliance with FIPS 140-2 is required the 80.Ar type 81must be either 82.Li SHA 83or 84.Li SHA1 . 85.Pp 86What follows are some key types, and corresponding formats: 87.Pp 88.Bl -tag -width RMD160 -compact 89.It Li MD5 90The key is 1 to 16 printable characters terminated by 91an EOL, 92whitespace, 93or 94a 95.Li # 96(which is the "start of comment" character). 97.Pp 98.It Li SHA 99.It Li SHA1 100.It Li RMD160 101The key is a hex-encoded ASCII string of 40 characters, 102which is truncated as necessary. 103.El 104.Pp 105Note that the keys used by the 106.Xr ntpq 8 107and 108.Xr ntpdc 8 109programs are checked against passwords 110requested by the programs and entered by hand, 111so it is generally appropriate to specify these keys in ASCII format. 112 _END_PROG_MDOC_DESCRIP; 113}; 114 115doc-section = { 116 ds-type = 'FILES'; 117 ds-format = 'mdoc'; 118 ds-text = <<- _END_MDOC_FILES 119.Bl -tag -width /etc/ntp.keys -compact 120.It Pa /etc/ntp.keys 121the default name of the configuration file 122.El 123 _END_MDOC_FILES; 124}; 125 126doc-section = { 127 ds-type = 'SEE ALSO'; 128 ds-format = 'mdoc'; 129 ds-text = <<- _END_MDOC_SEE_ALSO 130.Xr ntp.conf 5 , 131.Xr ntpd 1ntpdmdoc , 132.Xr ntpdate 1ntpdatemdoc , 133.Xr ntpdc 1ntpdcmdoc , 134.Xr sntp 1sntpmdoc 135 _END_MDOC_SEE_ALSO; 136}; 137 138/* 139doc-section = { 140 ds-type = 'BUGS'; 141 ds-format = 'mdoc'; 142 ds-text = <<- _END_MDOC_BUGS 143.Xr ntpd 8 144has gotten rather fat. 145While not huge, it has gotten larger than might 146be desirable for an elevated-priority daemon running on a workstation, 147particularly since many of the fancy features which consume the space 148were designed more with a busy primary server, rather than a high 149stratum workstation, in mind. 150 _END_MDOC_BUGS; 151}; 152*/ 153 154doc-section = { 155 ds-type = 'NOTES'; 156 ds-format = 'mdoc'; 157 ds-text = <<- _END_MDOC_NOTES 158This document was derived from FreeBSD. 159 _END_MDOC_NOTES; 160};
|