1290001Sglebius@node ntp.keys Notes 2290001Sglebius@section Notes about ntp.keys 3290001Sglebius@pindex ntp.keys 4290001Sglebius@cindex NTP symmetric key file format 5290001Sglebius@ignore 6290001Sglebius# 7290001Sglebius# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) 8290001Sglebius# 9310419Sdelphij# It has been AutoGen-ed November 21, 2016 at 08:01:58 AM by AutoGen 5.18.5 10290001Sglebius# From the definitions ntp.keys.def 11290001Sglebius# and the template file agtexi-file.tpl 12290001Sglebius@end ignore 13290001Sglebius 14290001Sglebius 15290001Sglebius 16290001SglebiusThis document describes the format of an NTP symmetric key file. 17290001SglebiusFor a description of the use of this type of file, see the 18290001Sglebius"Authentication Support" 19290001Sglebiussection of the 20290001Sglebius@code{ntp.conf(5)} 21290001Sglebiuspage. 22290001Sglebius 23290001Sglebius@code{ntpd(8)} 24290001Sglebiusreads its keys from a file specified using the 25290001Sglebius@code{-k} 26290001Sglebiuscommand line option or the 27290001Sglebius@code{keys} 28290001Sglebiusstatement in the configuration file. 29290001SglebiusWhile key number 0 is fixed by the NTP standard 30290001Sglebius(as 56 zero bits) 31290001Sglebiusand may not be changed, 32290001Sglebiusone or more keys numbered between 1 and 65534 33290001Sglebiusmay be arbitrarily set in the keys file. 34290001Sglebius 35290001SglebiusThe key file uses the same comment conventions 36290001Sglebiusas the configuration file. 37290001SglebiusKey entries use a fixed format of the form 38290001Sglebius 39290001Sglebius@example 40294905Sdelphij@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} 41290001Sglebius@end example 42290001Sglebius 43290001Sglebiuswhere 44290001Sglebius@kbd{keyno} 45290001Sglebiusis a positive integer (between 1 and 65534), 46290001Sglebius@kbd{type} 47290001Sglebiusis the message digest algorithm, 48290001Sglebiusand 49290001Sglebius@kbd{key} 50294905Sdelphijis the key itself, and 51294905Sdelphij@kbd{opt_IP_list} 52294905Sdelphijis an optional comma-separated list of IPs 53294905Sdelphijthat are allowed to serve time. 54294905SdelphijIf 55294905Sdelphij@kbd{opt_IP_list} 56294905Sdelphijis empty, 57294905Sdelphijany properly-authenticated server message will be 58294905Sdelphijaccepted. 59290001Sglebius 60290001SglebiusThe 61290001Sglebius@kbd{key} 62290001Sglebiusmay be given in a format 63290001Sglebiuscontrolled by the 64290001Sglebius@kbd{type} 65290001Sglebiusfield. 66290001SglebiusThe 67290001Sglebius@kbd{type} 68290001Sglebius@code{MD5} 69290001Sglebiusis always supported. 70290001SglebiusIf 71290001Sglebius@code{ntpd} 72290001Sglebiuswas built with the OpenSSL library 73290001Sglebiusthen any digest library supported by that library may be specified. 74290001SglebiusHowever, if compliance with FIPS 140-2 is required the 75290001Sglebius@kbd{type} 76290001Sglebiusmust be either 77290001Sglebius@code{SHA} 78290001Sglebiusor 79290001Sglebius@code{SHA1}. 80290001Sglebius 81290001SglebiusWhat follows are some key types, and corresponding formats: 82290001Sglebius 83290001Sglebius@table @asis 84290001Sglebius@item @code{MD5} 85290001SglebiusThe key is 1 to 16 printable characters terminated by 86290001Sglebiusan EOL, 87290001Sglebiuswhitespace, 88290001Sglebiusor 89290001Sglebiusa 90290001Sglebius@code{#} 91290001Sglebius(which is the "start of comment" character). 92290001Sglebius 93290001Sglebius@item @code{SHA} 94290001Sglebius@item @code{SHA1} 95290001Sglebius@item @code{RMD160} 96290001SglebiusThe key is a hex-encoded ASCII string of 40 characters, 97290001Sglebiuswhich is truncated as necessary. 98290001Sglebius@end table 99290001Sglebius 100290001SglebiusNote that the keys used by the 101290001Sglebius@code{ntpq(8)} 102290001Sglebiusand 103290001Sglebius@code{ntpdc(8)} 104290001Sglebiusprograms are checked against passwords 105290001Sglebiusrequested by the programs and entered by hand, 106290001Sglebiusso it is generally appropriate to specify these keys in ASCII format. 107290001Sglebius 108290001SglebiusThis section was generated by @strong{AutoGen}, 109290001Sglebiususing the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program. 110290001SglebiusThis software is released under the NTP license, <http://ntp.org/license>. 111290001Sglebius 112290001Sglebius@menu 113290001Sglebius* ntp.keys Files:: Files 114290001Sglebius* ntp.keys See Also:: See Also 115290001Sglebius* ntp.keys Notes:: Notes 116290001Sglebius@end menu 117290001Sglebius 118290001Sglebius@node ntp.keys Files 119290001Sglebius@subsection ntp.keys Files 120290001Sglebius@table @asis 121290001Sglebius@item @file{/etc/ntp.keys} 122290001Sglebiusthe default name of the configuration file 123290001Sglebius@end table 124290001Sglebius@node ntp.keys See Also 125290001Sglebius@subsection ntp.keys See Also 126290001Sglebius@code{ntp.conf(5)}, 127290001Sglebius@code{ntpd(1ntpdmdoc)}, 128290001Sglebius@code{ntpdate(1ntpdatemdoc)}, 129290001Sglebius@code{ntpdc(1ntpdcmdoc)}, 130290001Sglebius@code{sntp(1sntpmdoc)} 131290001Sglebius@node ntp.keys Notes 132290001Sglebius@subsection ntp.keys Notes 133290001SglebiusThis document was derived from FreeBSD. 134