ntp.conf - Configuration file for the NTP Daemon.
Please see following description for synopsis
ntp.conf(5) File Formats ntp.conf(5)
NAME
ntp.conf - Configuration file for the NTP Daemon.
DESCRIPTION
The ntp.conf file contains the directives used by the ntpd to configure
itself.
Configuration Commands
server address [options ...]
peer address [options ...]
broadcast address [options ...]
manycastclient address [options ...]
pool address [options ...]
unpeer [address | associd ]
These commands specify the time server name or address to be used
and the mode in which to operate. The address can be either a DNS
name or a IPv4 or IPv6 address in standard notation. In general,
multiple commands of each type can be used for different server and
peer addresses or multicast groups.
server For type s and r addresses (only), this command mobilizes a
persistent client mode association with the specified remote
server or local reference clock. If the preempt flag is
specified, a preemptible client mode association is mobi-
lized instead.
peer For type s addresses (only), this command mobilizes a per-
sistent symmetric-active mode association with the specified
remote peer.
broadcast
For type b and m ddresses (only), this command mobilizes a
persistent broadcast or multicast server mode association.
Note that type b messages go only to the interface speci-
fied, but type m messages go to all interfaces.
manycastclient
For type m addresses (only), this command mobilizes a many-
cast client mode association for the multicast group address
specified. In this mode the address must match the address
specified on the manycastserver command of one or more des-
ignated manycast servers.
pool For type s messages (only) this command mobilizes a client
mode association for servers implementing the pool automatic
server discovery scheme described on the Association Manage-
ment page at file:///usr/share/doc/ntp/assoc.html. The
address is a DNS name in the form area.pool.ntp.org, where
area is a qualifier designating the server geographic area
such as us or europe.
unpeer This command removes a previously configured association. An
address or association ID can be used to identify the asso-
ciation. Either an IP address or DNS name can be used. This
command is most useful when supplied via ntpq runtime con-
figuration commands :config and config-from-file.
Command Options
Each of the above configuration commands takes zero or more options
from the list below:
autokey
Send and receive packets authenticated by the autokey scheme
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. This option is valid only
with server and peer commands and type s addresses. It is incompat-
ible with the key option.
burst
When the server is reachable, send a burst of six packets instead
of the usual one. The packet spacing is normally 2 s; however, the
spacing between the first and second packets can be changed with
the fBcalldelay command to allow additional time for a modem or
ISDN call to complete. This option is valid only with only the
server command and type s addressesa. It is a recommended option
when the maxpoll option is greater than 10 (1024 s).
iburst
When the server is unreachable, send a burst of eight packets
instead of the usual one. The packet spacing is normally 2 s; how-
ever, the spacing between the first and second packets can be
changed with the calldelay command to allow additional time for a
modem or ISDN call to complete. This option is valid only with the
server command and type s addresses. It is a recommended option
with this command.
ident group
Specify the group name for the association.
key key
Send and receive packets authenticated by the symmetric key scheme
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. This option is valid only
with server and peer commands and type s addresses. The key speci-
fies the key identifier with values from 1 to 65535, inclusive.
This option is incompatible with the autokey option.
minpoll minpoll
maxpoll maxpoll
These options specify the minimum and maximum poll intervals for
NTP messages, in seconds as a power of two. The maximum poll inter-
val defaults to 10 (1024 s), but can be increased by the maxpoll
option to an upper limit of 17 (36 h). The minimum poll interval
defaults to 6 (64 s), but can be decreased by the minpoll option to
a lower limit of 4 (16 s). These option are valid only with the
server and peer commands and type s addresses.
mode option
Pass the option to a reference clock driver, where option is an
integer in the range from 0 to 255, inclusive. This option is valid
only with the server command and type r addresses.
noselect
Marks the server or peer to be ignored by the selection algorithm
but visible to the monitoring program. This option is ignored with
the broadcast command.
preempt
Specifies the association as preemptible rather than the default
persistent. This option is ignored with the broadcast command and
is most useful with the manycastclient and pool commands.
prefer
Mark the server as preferred. All other things being equal, this
host will be chosen for synchronization among a set of correctly
operating hosts. See the Mitigation Rules page at
file:///usr/share/doc/ntp/prefer.html for further information. This
option is valid only with the server and peer commands.
true
Mark the association to assume truechimer status; that is, always
survive the selection and clustering algorithms. This option can be
used with any association, but is most useful for reference clocks
with large jitter on the serial port and precision pulse-per-second
(PPS) signals. Caution: this option defeats the algorithms designed
to cast out falsetickers and can allow these sources to set the
system clock. This option is valid only with the server and peer
commands.
ttl ttl
This option specifies the time-to-live ttl for the broadcast com-
mand and the maximum ttl for the expanding ring search used by the
manycastclient command. Selection of the proper value, which
defaults to 127, is something of a black art and should be coordi-
nated with the network administrator.
xmtnonce
Allowed in the server and pool modes, this flag causes the client
to put a random number nonce in the transmit timestamp of its out-
going packet. Since the server will reply copying the incoming
transmit timestamp to the outgoing origin timestamp, this flag pro-
vides extra security for the loopback test, at the expense of the
server having no idea what time the client thinks it is.
version version
Specifies the version number to be used for outgoing NTP packets.
Versions 1-4 are the choices, with version 4 the default.
Auxiliary Commands
broadcastclient [novolley]
Enable reception of broadcast server messages to any local inter-
face (type b address). Ordinarily, upon receiving a message for the
first time, the broadcast client measures the nominal server propa-
gation delay using a brief client/server exchange, after which it
continues in listen-only mode. If the novolley keyword is present,
the exchange is not used and the value specified in the broadcast-
delay command is used or, if the broadcastdelay command is not
used, the default 4.0 ms. Note that, in order to avoid accidental
or malicious disruption in this mode, both the server and client
should operate using symmetric key or public key authentication as
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. Note that the novolley key-
word is incompatible with public key authentication.
manycastserver address [...]
Enable reception of manycast client messages (type m)to the multi-
cast group address(es) (type m) specified. At least one address is
required. Note that, in order to avoid accidental or malicious dis-
ruption, both the server and client should operate using symmetric
key or public key authentication as described in the Authentication
Options page at file:///usr/share/doc/ntp/authopt.html.
multicastclient address [...]
Enable reception of multicast server messages to the multicast
group address(es) (type m) specified. Upon receiving a message for
the first time, the multicast client measures the nominal server
propagation delay using a brief client/server exchange with the
server, then enters the broadcast client mode, in which it synchro-
nizes to succeeding multicast messages. Note that, in order to
avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric key or public key
authentication as described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html.
mdnstries number
If we are participating in mDNS, after we have synched for the
first time we attempt to register with the mDNS system. If that
registration attempt fails, we try again at one minute intervals
for up to number times. After all, ntpd may be starting before
mDNS. The default value for mdnstries is 5.
Reference Clock Commands
server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int]
This command can be used to configure reference clocks in special
ways. The options are interpreted as follows:
prefer Marks the reference clock as preferred. All other things
being equal, this host will be chosen for synchronization
among a set of correctly operating hosts. See the Mitigation
Rules page at file:///usr/share/doc/ntp/prefer.html for fur-
ther information.
mode int
Specifies a mode number which is interpreted in a device-
specific fashion. For instance, it selects a dialing proto-
col in the ACTS driver and a device subtype in the parse
drivers.
minpoll int
maxpoll int
These options specify the minimum and maximum polling inter-
val for reference clock messages in seconds, interpreted as
dual logarithms (2 ^ x). For most directly connected refer-
ence clocks, both minpoll and maxpoll default to 6 (2^16 =
64 s). For modem reference clocks, minpoll defaults to 10
(2^10 = 1024 s = 17.1 m) and maxpoll defaults to 14 (2^14 =
16384 s = 4.25 h). The allowable range is 4 (16 s) to 17
(36.4 h) inclusive.
fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string]
[mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1] [minjitter
secs]
This command can be used to configure reference clocks in special
ways. It must immediately follow the server command which config-
ures the driver. Note that the same capability is possible at run-
time using the ntpq program. The options are interpreted as fol-
lows:
time1 sec
Specifies a constant to be added to the time offset produced
by the driver, a fixed-point decimal number in seconds. This
is used as a calibration constant to adjust the nominal time
offset of a particular clock to agree with an external stan-
dard, such as a precision PPS signal. It also provides a way
to correct a systematic error or bias due to serial port or
operating system latencies, different cable lengths or
receiver internal delay. The specified offset is in addition
to the propagation delay provided by other means, such as
internal DIPswitches. Where a calibration for an individual
system and driver is available, an approximate correction is
noted in the driver documentation pages.
Note: in order to facilitate calibration when more than one radio
clock or PPS signal is supported, a special calibration feature is
available. It takes the form of an argument to the enable command
and operates as described in the Reference Clock Drivers page at
file:///usr/share/doc/ntp/refclock.html.
time2 secs
Specifies a fixed-point decimal number in seconds, which is
interpreted in a driver-dependent way. See the descriptions
of specific drivers in the Reference Clock Drivers page at
file:///usr/share/doc/ntp/refclock.html.
stratum int
Specifies the stratum number assigned to the driver, an
integer between 0 and 15. This number overrides the default
stratum number ordinarily assigned by the driver itself,
usually zero.
refid string
Specifies an ASCII string of from one to four characters
which defines the reference identifier used by the driver.
This string overrides the default identifier ordinarily
assigned by the driver itself.
mode int
Specifies a mode number which is interpreted in a device-
specific fashion. For instance, it selects a dialing proto-
col in the ACTS driver and a device subtype in the parse
drivers.
flag1 flag2 flag3 flag4
These four flags are used for customizing the clock driver.
The interpretation of these values, and whether they are
used at all, is a function of the particular clock driver.
However, by convention flag4 is used to enable recording
monitoring data to the clockstats file configured with the
filegen command.
minjitter secs
If the source has a jitter that cannot be sensibly esti-
mated, because it is not statistic jitter, the source will
be detected as falseticker sooner or later. This has been
observed e.g. with the serial data of certain GPS receivers.
Enforcing a minimal jitter value avoids a too low estima-
tion, keeping the clock in the zoo while still detecting
higher jitter.
Note: this changes the refclock samples and ends up in the
clock dispersion, not the clock jitter, despite being called
jitter. To see the modified values, check the NTP clock
variable "filtdisp", not "jitter".
The falseticker problem can also be avoided by increasing
tos mindist, which extends the intersection interval, but
that affects the root dispersion and is intended for the
case of multiple reference clocks with reliable jitter that
do not intersect otherwise.
Authentication Commands
automax [logsec]
Specifies the interval between regenerations of the session key
list used with the Autokey protocol. Note that the size of the key
list for each association depends on this interval and the current
poll interval. The default value is 12 (4096 s or about 1.1 hours).
For poll intervals above the specified interval, a session key list
with a single entry will be regenerated for every message sent.
controlkey key
Specifies the key identifier to use with the ntpq utility, which
uses the standard protocol defined in RFC-1305. The key argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,535, inclusive.
crypto [randfile file] [host name] [ident name] [pw password]
This command requires the OpenSSL library. It activates public key
cryptography and loads the required public/private encryption and
sign kyes and public certificate. If one or more files are left
unspecified, the default names are used as described below. Unless
the complete path and name of the file are specified, the location
of a file is relative to the keys directory specified in the keys-
dir command or default /etc/inet. Following are the subcommands.
host name
Specifies the host name used in the host key link ntpkey_host_name,
sign key link ntpkey_sign_name and certificate link ntp-
key_cert_name. The ntp-keygen program automatically installs these
links to the most recently generated files.
ident name
Specifies the group name used in the identity key link ntp-
key_key_name, where key identifies the key type described on the
ntp-keygen page. The ntp-keygen program automatically installs
these links to the most recently generated files.
pw password
Specifies the password to decrypt files previously encrypted by the
ntp-keygen program.
randfile file
Specifies the location of the random seed file used by the OpenSSL
library. The defaults are described on the ntp-keygen(8) man page.
keys keyfile
Specifies the complete path to the MD5 key file containing the keys
and key identifiers used by ntpd and ntpq when operating with sym-
metric key cryptography. This is the same operation as the -k com-
mand line option.
keysdir path
This command specifies the default directory path for cryptographic
keys, parameters and certificates. The default is /etc/inet/.
requestkey key
Specifies the key identifier to use with the ntpdc utility program,
which uses a proprietary protocol specific to this implementation
of ntpd. The key argument is a key identifier for the trusted key,
where the value can be in the range 1 to 65,535, inclusive. The
ntpdc program is not delivered in Solaris but may be used from a
remote system.
revoke [logsec]
Specifies the interval between re-randomization of certain crypto-
graphic values used by the Autokey scheme, as a power of 2 in sec-
onds. These values need to be updated frequently in order to
deflect brute-force attacks on the algorithms; however, updating
some values is a relatively expensive operation. The default inter-
val is 16 (65,536 s or about 18 hours). For poll intervals above
the specified interval, the values will be updated for every mes-
sage sent.
trustedkey key [...]
Specifies the key identifiers which are trusted for the purposes of
authenticating peers with symmetric key cryptography, as well as
keys used by the ntpq and ntpdc programs. The authentication proce-
dures require that both the local and remote servers share the same
key and key identifier for this purpose, although different keys
can be used with different servers. The key arguments are 32-bit
unsigned integers with values from 1 to 65,535.
Access Control Commands
discard [ average avg ][ minimum min ] [ monitor prob ]
Set the parameters of the limited facility which protects the
server from client abuse. The average subcommand specifies the min-
imum average packet spacing, while the minimum subcommand specifies
the minimum packet spacing. Packets that violate these minima are
discarded and a kiss-o'-death packet returned if enabled. The
default minimum average and minimum are 5 and 2, respectively. The
monitor subcommand specifies the probability of discard for packets
that overflow the rate-control window.
restrict address [mask mask] [flag][...]
The address argument expressed in dotted-quad form is the address
of a host or network. Alternatively, the address argument can be a
valid host DNS name. The mask argument expressed in dotted-
quad form defaults to 255.255.255.255, meaning that the address is
treated as the address of an individual host. A default entry
(address 0.0.0.0, mask 0.0.0.0) is always included and is always
the first entry in the list. Note that text string default, with no
mask option, may be used to indicate the default entry.
In the current implementation, flag always restricts access, i.e.,
an entry with no flags indicates that free access to the server is
to be given. The flags are not orthogonal, in that more restrictive
flags will often make less restrictive ones redundant. The flags
can generally be classed into two categories, those which restrict
time service and those which restrict informational queries and
attempts to do runtime reconfiguration of the server. One or more
of the following flags may be specified:
ignore Deny packets of all kinds, including ntpq and ntpdc queries.
kod If this flag is set when an access violation occurs, a kiss-
o'-death (KoD) packet is sent. KoD packets are rate limited
to no more than one per second. If another KoD packet occurs
within one second after the last one, the packet is dropped
limited
Deny service if the packet spacing violates the lower limits
specified in the discard command. A history of clients is
kept using the monitoring capability of ntpd. Thus, monitor-
ing is always active as long as there is a restriction entry
with the limited flag.
lowpriotrap
Declare traps set by matching hosts to be low priority. The
number of traps a server can maintain is limited (the cur-
rent limit is 3). Traps are usually assigned on a first
come, first served basis, with later trap requestors being
denied service. This flag modifies the assignment algorithm
by allowing low priority traps to be overridden by later
requests for normal priority traps.
nomodify
Deny ntpq and ntpdc queries which attempt to modify the
state of the server (i.e., runtime reconfiguration). Queries
which return information are permitted.
noquery
Deny ntpq and ntpdc queries. Time service is not affected.
nopeer Deny packets which would result in mobilizing a new associa-
tion. This includes broadcast, symmetric-active and
manycast client packets when a configured association does
not exist.
noserve
Deny all packets except ntpq and ntpdc queries.
notrap Decline to provide mode 6 control message trap service to
matching hosts. The trap service is a subsystem of the ntpdq
control message protocol which is intended for use by remote
event logging programs.
notrust
Deny packets unless the packet is cryptographically authen-
ticated.
ntpport
This is actually a match algorithm modifier, rather than a
restriction flag. Its presence causes the restriction entry
to be matched only if the source port in the packet is the
standard NTP UDP port (123). Both ntpport and non-ntpport
may be specified. The ntpport is considered more specific
and is sorted later in the list.
version
Deny packets that do not match the current NTP version.
Monitoring Commands
statistics name [...]
Enables writing of statistics records. Currently, six kinds of
namestatistics are supported.
clockstats
Enables recording of clock driver statistics information.
Each update received from a clock driver appends a line of
the following form to the file generation set named clock-
stats:
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next field shows the
clock address in dotted-quad notation, The final field shows the
last timecode received from the clock in decoded ASCII format,
where meaningful. In some clock drivers a good deal of additional
information can be gathered and displayed as well. See information
specific to each clock for further details.
cryptostats
This option requires the OpenSSL cryptographic software
library. It enables recording of cryptographic public key
protocol information. Each message received by the protocol
module appends a line of the following form to the file gen-
eration set named cryptostats:
49213 525.624 127.127.4.1 message
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next field shows the
peer address in dotted-quad notation, The final message field
includes the message type and certain ancillary information. See
the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html for further information.
loopstats
Enables recording of loop filter statistics information.
Each update of the local clock outputs a line of the follow-
ing form to the file generation set named loopstats:
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 6
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next five fields show
time offset (seconds), frequency offset (parts per million - PPM),
RMS jitter (seconds), Allan deviation (PPM) and clock discipline
time constant.
peerstats
Enables recording of peer statistics information. This
includes statistics records of all peers of a NTP server and
of special signals, where present and configured. Each valid
update appends a line of the following form to the current
element of a file generation set named peerstats:
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000
0.001424877 0.000958674
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next two fields show
the peer address in dotted-quad notation and status, respectively.
The status field is encoded in hex in the format described in Ap-
pendix B of the NTP specification RFC 1305. The final four fields
show the offset, delay, dispersion and RMS jitter, all in seconds.
rawstats
Enables recording of raw-timestamp statistics information.
This includes statistics records of all peers of a NTP
server and of special signals, where present and configured.
Each NTP message received from a peer or clock driver
appends a line of the following form to the file generation
set named rawstats:
50928 2132.2543 128.4.1.1 128.4.1.20 3102453281.2584327000
3102453281.258622800031 02453332.2540806000 3102453332.2541458000
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next two fields show
the remote peer or clock address followed by the local address in
dotted-quad notation, The final four fields show the originate,
receive, transmit and final NTP timestamps in order. The timestamp
values are as received and before processing by the various data
smoothing and mitigation algorithms.
sysstats
Enables recording of ntpd statistics counters on a periodic
basis. Each hour a line of the following form is appended to
the file generation set named sysstats:
50928 2132.2543 36000 81965 0 9546 56 71793 512 540 10 147
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The remaining ten fields
show the statistics counter values accumulated since the last gen-
erated line.
Time since restart 36000:
Time in hours since the system was last rebooted.
Packets received 81965:
Total number of packets received.
Packets processed 0:
Number of packets received in response to previous
packets sent
Current version 9546:
Number of packets matching the current NTP version.
Previous version 56:
Number of packets matching the previous NTP version.
Bad version 71793:
Number of packets matching neither NTP version.
Access denied 512:
Number of packets denied access for any reason.
Bad length or format 540:
Number of packets with invalid length, format or port
number.
Bad authentication 10:
Number of packets not verified as authentic.
Rate exceeded 147:
Number of packets discarded due to rate limitation.
statsdir directory_path
Indicates the full path of a directory where statistics files
should be created (see below). This keyword allows the (otherwise
constant) filegen filename prefix to be modified for file genera-
tion sets, which is useful for handling statistics logs. This
directory must be writable by the user "daemon" and all files in it
must be writable by that user.
filegen name [file filename] [type typename] [link | nolink] [enable |
disable]
Configures setting of generation file set name. Generation file
sets provide a means for handling files that are continuously grow-
ing during the lifetime of a server. Server statistics are a typi-
cal example for such files. Generation file sets provide access to
a set of files used to store the actual data. At any time at most
one element of the set is being written to. The type given speci-
fies when and how data will be directed to a new element of the
set. This way, information stored in elements of a file set that
are currently unused are available for administrational operations
without the risk of disturbing the operation of ntpd. (Most impor-
tant: they can be removed to free space for new data produced.)
Note that this command can be sent from the ntpdc program running
at a remote location.
name This is the type of the statistics records, as shown in the
statistics command.
file filename
This is the file name for the statistics records. Filenames
of set members are built from three concatenated elements
prefix, filename and suffix:
prefix This is a constant filename path. It is not subject to modi-
fications via the filegen option. It is defined by the
server, usually specified as a compile-time constant. It
may, however, be configurable for individual file generation
sets via other commands. For example, the prefix used with
loopstats and peerstats generation can be configured using
the statsdir option explained above.
filename
This string is directly concatenated to the prefix mentioned
above (no intervening / (slash)). This can be modified using
the file argument to the filegen statement. No .. elements
are allowed in this component to prevent filenames referring
to parts outside the filesystem hierarchy denoted by prefix.
suffix This part is reflects individual elements of a file set. It
is generated according to the type of a file set.
type typename
A file generation set is characterized by its type. The fol-
lowing types are supported:
none The file set is actually a single plain file.
pid One element of file set is used per incarnation of a
ntpd server. This type does not perform any changes to
file set members during runtime, however it provides
an easy way of separating files belonging to different
ntpd server incarnations. The set member filename is
built by appending a . (dot) to concatenated prefix
and filename strings, and appending the decimal repre-
sentation of the process ID of the ntpd server
process.
day One file generation set element is created per day. A
day is defined as the period between 00:00 and 24:00
UTC. The file set member suffix consists of a . (dot)
and a day specification in the form YYYYMMdd. YYYY is
a 4-digit year number (e.g., 1992). MM is a two digit
month number. dd is a two digit day number. Thus, all
information written at 10 December 1992 would end up
in a file named prefix filename.19921210.
week Any file set member contains data related to a certain
week of a year. The term week is defined by computing
day-of-year modulo 7. Elements of such a file genera-
tion set are distinguished by appending the following
suffix to the file set filename base: A dot, a 4-digit
year number, the letter W, and a 2-digit week number.
For example, information from January, 10th 1992 would
end up in a file with suffix .1992W1.
month One generation file set element is generated per
month. The file name suffix consists of a dot, a
4-digit year number, and a 2-digit month.
year One generation file element is generated per year. The
filename suffix consists of a dot and a 4 digit year
number.
age This type of file generation sets changes to a new
element of the file set every 24 hours of server oper-
ation. The filename suffix consists of a dot, the let-
ter a, and an 8-digit number. This number is taken to
be the number of seconds the server is running at the
start of the corresponding 24-hour period. Information
is only written to a file generation by specifying
enable; output is prevented by specifying disable.
link | nolink
It is convenient to be able to access the current element of
a file generation set by a fixed name. This feature is
enabled by specifying link and disabled using nolink. If
link is specified, a hard link from the current file set
element to a file without suffix is created. When there is
already a file with this name and the number of links of
this file is one, it is renamed appending a dot, the letter
C, and the pid of the ntpd server process. When the number
of links is greater than one, the file is unlinked. This
allows the current file to be accessed by a constant name.
enable | disable
Enables or disables the recording function.
broadcastdelay seconds
The broadcast and multicast modes require a special calibration to
determine the network delay between the local and remote servers.
Ordinarily, this is done automatically by the initial protocol
exchanges between the client and server. In some cases, the cali-
bration procedure may fail due to network or server access con-
trols, for example. This command specifies the default delay to be
used under these circumstances. Typically (for Ethernet), a number
between 0.003 and 0.007 seconds is appropriate. The default when
this command is not used is 0.004 seconds.
calldelay delay
This option controls the delay in seconds between the first and
second packets sent in burst or iburst mode to allow additional
time for a modem or ISDN call to complete.
driftfile driftfile { tolerance ]
This command specifies the complete path and name of the file used
to record the frequency of the local clock oscillator. This is the
same operation as the -f command linke option. If the file exists,
it is read at startup in order to set the initial frequency and
then updated once per hour with the current frequency computed by
the daemon. If the file name is specified, but the file itself does
not exist, the starts with an initial frequency of zero and creates
the file when writing it for the first time. If this command is not
given, the daemon will always start with an initial frequency of
zero. This file must be in a directory writable by the user "dae-
mon".
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM). The file is updated by first writing
the current drift value into a temporary file and then renaming
this file to replace the old version. This implies that ntpd must
have write permission for the directory the drift file is located
in, and that file system links, symbolic or otherwise, should be
avoided.
The parameter tolerance is the wander threshold to skip writing the
new value. If the value of wander computed from recent frequency
changes is greater than this threshold the file will be updated
once per hour. If below the threshold, the file will not be writ-
ten.
enable | disable [ auth | bclient | calibrate | kernel | mode7 | moni-
tor | ntp | stats | | unpeer_crypto_early | unpeer_crypto_nak_early |
unpeer_digest_early ]
Provides a way to enable or disable various system options. Flags
not mentioned are unaffected. Note that all of these flags can be
controlled remotely using the ntpq utility program.
auth Enables the server to synchronize with unconfigured peers
only if the peer has been correctly authenticated using
either public key or private key cryptography. The default
for this flag is enable.
bclient
Enables the server to listen for a message from a broad-
cast or multicast server, as in the multicastclient com-
mand with default address. The default for this flag is
disable.
calibrate
Enables the calibrate feature for reference clocks. The default
for this flag is disable.
kernel Enables the kernel time discipline, if available. The
default for this flag is enable if support is available,
otherwise disable.
mode7 Enables processing mode 7 private request packets from the
ntpdc utility program. The ntpdc program is not delivered
with Solaris but may still be used remotely from other
systems. The default is to not accept these packets.
monitor
Enables the monitoring facility. See the ntpq program and
the mrulist command or further information. The default
for this flag is enable.
ntp Enables time and frequency discipline. In effect, this
switch opens and closes the feedback loop, which is useful
for testing. The default for this flag is enable.
stats Enables the statistics facility. The default for this flag
is disable
unpeer_crypto_early
Enables the early resetting of an association in case of a
crypto failure. This is generally a feature, but it can be
used in a DoS attack. If these packets being used as a DoS
attack then disable this flag. The default for this flag
is enabled. This flag is excluded from runtime configura-
tion using ntpq.
unpeer_crypto_nak_early
Enables the early resetting of an association in case of a
crypto_NAK message. This is generally a feature, but it
can be used in a DoS attack. If these packets being used
as a DoS attack then disable this flag. The default for
this flag is enabled. This flag is excluded from runtime
configuration using ntpq.
unpeer_digest_early
Enables the early resetting of an association in case of a
autokey disgest failure. This is generally a feature, but
it can be used in a DoS attack. If these packets being
used as a DoS attack then disable this flag. The default
for this flag is enabled. This flag is excluded from run-
time configuration using ntpq.
includefile includefile
This command allows additional configuration commands to be
included from a separate file. Include files may be nested to a
depth of five; upon reaching the end of any include file, command
processing resumes in the previous configuration file. This option
is useful for sites that run ntpd on multiple hosts, with (mostly)
common options (e.g., a restriction list). The include file must be
in a file readable by the user "daemon".
interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name
| address[/prefixlen]]
This command controls which network addresses ntpd opens, and
whether input is dropped without processing. The first parameter
determines the action for addresses which match the second parame-
ter. That parameter specifies a class of addresses, or a specific
interface name, or an address. In the address case, prefixlen
determines how many bits must match for this rule to apply. ignore
prevents opening matching addresses, drop causes ntpd to open the
address and drop all received packets without examination. Multiple
interface commands can be used. The last rule which matches a par-
ticular address determines the action for it. interface commands
are disabled if any -I, --interface, -L, or --novirtualips command-
line options are used. If none of those options are used and no
interface actions are specified in the configuration file, all
available network addresses are opened.
leapfile leapfile [checkhash | ignorehash]
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond time, expiration time and
TAI offset. The file can be obtained directly from the IERS at
https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list or
ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list. The
ignorehash keyword instructs ntpd to ignore the hash signature on
the file, checkhash (which is the default when omitted) needs a
hash line in the file to be valid. Files without any hash signature
are loaded in both cases.
The leapfile is scanned when ntpd processes the leapfile directive
or when ntpd detects that leapfile has changed. ntpd checks once a
day to see if the leapfile has changed. (R)
logconfig configkeyword
This command controls the amount and type of output written to the
system syslog facility or the alternate logfile log file. All con-
figkeyword keywords can be prefixed with =, + and -, where = sets
the syslogmask, + adds and - removes messages. syslog messages can
be controlled in four classes (clock, peer, sys and sync). Within
these classes four types of messages can be controlled: informa-
tional messages (info), event messages (events), statistics mes-
sages (statistics) and status messages (status).
Configuration keywords are formed by concatenating the message
class with the event class. The all prefix can be used instead of a
message class. A message class may also be followed by the all key-
word to enable/disable all messages of the respective message
class. By default, logconfig output is set to allsync.
Thus, a minimal log configuration could look like this:
logconfig =syncstatus +sysevents
This would just list the synchronizations state of ntpd and the
major system events. For a simple reference server, the following
minimum message configuration could be useful:
logconfig =allsync +allclock
This configuration will list all clock information and synchroniza-
tion information. All other events and messages about peers, system
events and so on is suppressed.
logfile logfile
This command specifies the location of an alternate log file to be
used instead of the default system syslog facility. This is the
same operation as the -l command line option. This file must be
writable by the user "daemon" and be in a directory writable by
that user.
mru [ maxdepth count | maxmem kilobytes | mindepth count | maxage sec-
onds | initalloc count | initmem kilobytes | inalloc count | incmem
kilobytes]
Controls size limits of the monitoring facility Most Recently Used
(MRU) list of client addresses, which is also used by the rate con-
trol facility.
maxdepth count, maxmem kilobytes
Equivalent upper limits on the size of the MRU list, in
terms of entries or kilobytes. The actual limit will be up
to incalloc entries or incmem kilobytes larger. As with all
of the mru options offered in units of entries or kilobytes,
if both maxdepth and maxmem are used, the last one used con-
trols. The default is 1024 kilobytes.
mindepth count
Lower limit on the MRU list size. When the MRU list has
fewer than mindepth entries, existing entries are never
removed to make room for newer ones, regardless of their
age. The default is 600 entries.
maxage seconds
Once the MRU list has mindepth entries and an additional
client address is to be added to the list, if the oldest
entry was updated more than maxage seconds ago, that entry
is removed and its storage reused. If the oldest entry was
updated more recently, the MRU list is grown, subject to
maxdepth/maxmem. The default is 64 seconds.
initalloc count, initmem kilobytes
Initial memory allocation at the time the monitoring facil-
ity is first enabled, in terms of entries or kilobytes. The
default is 4 kilobytes.
incalloc count, incmem kilobytes
Size of additional memory allocations when growing the MRU
list, in entries or kilobytes. The default is 4 kilobytes.
nonvolatile threshold
Specify the threshold in seconds to write the frequency file,
with default of 1e-7 (0.1 PPM). The frequency file is inspected
each hour. If the difference between the current frequency and
the last value written exceeds the threshold, the file is writ-
ten and the thresholdfR becomes the new threshold value. If the
threshold is not exceeded, it is reduced by half. This is
intended to reduce the frequency of unnecessary file writes for
embedded systems with nonvolatile memory.
phone dial1 dial2 ...
This command is used in conjunction with the ACTS modem driver
(type 18). The arguments consist of a maximum of 10 telephone num-
bers used to dial USNO, NIST or European time services. The Hayes
command ATDT is normally prepended to the number, which can
contain other modem control codes as well.
pollskewlist [poll early| delay ] ... [ default early | delay]
Enable skewing of our poll requests to our servers. poll is a num-
ber between 3 and 17 inclusive, identifying a specific poll inter-
val. A poll interval is 2^n seconds in duration, so a poll value of
3 corresponds to 8 seconds and a poll interval of 17 corresponds to
131,072 seconds, or about a day and a half. The next two numbers
must be between 0 and one-half of the poll interval, inclusive.
early specifies how early the poll may start, while delayow late
the poll may be delayed. With no arguments, internally specified
default values are chosen. Note that earlyand delay are separated
by the literal "|".
reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]
Reset one or more groups of counters maintained by ntpd and exposed
by ntpq and ntpdc
rlimit [memlock Nmegabytes | stacksize N4kPages | filenum Nfiledescrip-
tors]
This command alters certain process storage allocation limits, and
is only available on some operating systems. Options are as fol-
lows:
memlock Nmegabytes - Specify the number of megabytes of memory
that should be allocated and locked. The default is 32 megabytes. 0
means "lock whatever memory the process wants into memory".
stacksize N4kPages - Specifies the maximum size of the process
stack on systems with the mlockall() function. Defaults to 50 4k
pages.
filenum Nfiledescriptors
Specifies the maximum number of file descriptors ntp may
have open at the same time. Defaults to system default.
saveconfigdir directorypath
Specify the directory in which to write configuration snapshots
requested with ntpq's saveconfig command. If saveconfigdir does not
appear in the configuration file, saveconfig requests are rejected
by ntpd.
setvar variable [default]
This command adds an additional system variable. These variables
can be used to distribute additional information such as the access
policy. If the variable of the form name = value is followed by the
default keyword, the variable will be listed as part of the default
system variables (ntpq rv command). These additional variables
serve informational purposes only. They are not related to the pro-
tocol other that they can be listed. The known protocol variables
will always override any variables defined via the setvar mecha-
nism. There are three special variables that contain the names of
all variable of the same group. The sys_var_list holds the names of
all system variables. The peer_var_list holds the names of all peer
variables and the clock_var_list holds the names of the reference
clock variables.
tinker [ allan allan | dispersion dispersion | freq freq | huffpuff
huffpuff | panic panic | step step | stepout stepout ]
This command can be used to alter several system variables in very
exceptional circumstances. It should occur in the configuration
file before any other configuration options. The default values of
these variables have been carefully optimized for a wide range of
network speeds and reliability expectations. In general, they
interact in intricate ways that are hard to predict and some combi-
nations can result in some very nasty behavior. Very rarely is it
necessary to change the default values; but, some folks can't
resist twisting the knobs anyway and this command is for them.
Emphasis added: twisters are on their own and can expect no help
from the support group.
The variables operate as follows:
allan allan
The argument becomes the new value for the Allan intercept,
which is a parameter of the PLL/FLL clock discipline algo-
rithm. The value is in seconds with default 1500 s, which is
appropriate for most computer clocks.
dispersion dispersion
The argument becomes the new value for the dispersion
increase rate, normally .000015 s/s.
freq freq
The argument becomes the initial value of the frequency off-
set in parts-per-million. This overrides the value in the
frequency file, if present, and avoids the initial training
state if it is not.
huffpuff huffpuff
The argument becomes the new value for the experimental huff-
n'-puff filter span, which determines the most recent inter-
val the algorithm will search for a minimum delay. The lower
limit is 900 s (15 m), but a more reasonable value is 7200 (2
hours). There is no default, since the filter is not enabled
unless this command is given.
panic panic
The argument is the panic threshold, by default 1000 s. If
set to zero, the panic sanity check is disabled and a clock
offset of any value will be accepted.
step step
The argument is the step threshold, by default 0.128 s. It
can be set to any positive number in seconds. If set to zero,
step adjustments will never occur. Note: The kernel time
discipline is disabled if the step threshold is set to zero
or greater than the default.
stepout stepout
The argument is the stepout timeout, by default 900 s. It can
be set to any positive number in seconds. If set to zero, the
stepout pulses will not be suppressed.
tos [ basedate basedate | bcpollstep poll-gate | beacon beacon | ceil-
ing ceiling | cohort {0 | 1} | floor floor | maxclock maxclock |
maxdist maxdist | minclock minclock | minsdist mindist | minsane min-
sane | orphan stratum | orphanwait delay ]
This command affects the clock selection and clustering algorithms.
It can be used to select the quality and quantity of peers used to
synchronize the system clock and is most useful in manycast mode.
The variables operate as follows:
basedate basedate
Set NTP and GPS era anchor. basedate is either a date in
ISO8601 format (YYYY-MM-DD) or an integer giving the days
since 1900-01-01, the start of the NTP epoch. ntpd will clamp
the system time to an era starting with the start of this
this day (00:00:00Z), covering a range of 232 seconds or
roughly 136 years. The lowest accepted value is effectively
1970-01-02. The GPS era base is the next Sunday on or fol-
lowing the base date, but obviously not before 1980-01-06.
GPS time stamps are mapped into the 1024 weeks following the
GPS base. The default value is derived from the repository
or build time stamp, minus 11 days. 1970-01-02 was chosen as
lower bound so the local time is always after
1970-01-01,00:00. Some systems get into trouble if this is
not the case.
Note: If the system clock is before the effective (implied or
specific) basedate, the system clock will be set to the base
date once and immediately when ntpd starts. This helps sys-
tems that have lost time completely to recover. Though not
noticeable under normal conditions, it can happen. Check the
logs if starting ntpd causes sudden clock moves.
bepollstep poll-gate
This option will cause the client to delay applying backward
time steps from a broadcast server for bcpollbstep poll
intervals. NTP Broadcast networks are expected to be trusted,
and if the server's time gets stepped backwards then it's
desireable that the clients follow this change as soon as
possible. However, in spite of various protections built-in
to the broadcast protocol, it is possible that an attacker
could perform a carefully-constructed replay attack and cause
clients to erroneously step their clocks backward. If the
risk of a successful broadcast replay attack is greater than
the risk of the clients being out of sync in the event that
there is a backward step on the broadcast time servers, this
option may be used to cause the clients to delay beliveving
backward time steps until poll-gate consecutive polls have
been received. The default is 0, which means the client will
accept these steps upon receipt. Any value from 0 to 4 can be
specified.
beacon beacon
The manycast server sends packets at intervals of 64 s if
less than maxclock servers are available. Otherwise, it
sends packets at the beacon interval in seconds. The default
is 3600 s.
ceiling ceiling
Servers with stratum at or above ceiling will be discarded if
there are at least minclock peers remaining. This value
defaults to 15, but can be changed to any number from 1 to
15.
cohort { 0 | 1 }
This is a binary flag which enables (0) or disables (1) many-
cast server replies to manycast clients with the same stratum
level. This is useful to reduce implosions where large num-
bers of clients with the same stratum level are present. The
default is to enable these replies.
floor floor
Peers with strata below floor will be discarded if there are
at least minclock peers remaining. This value defaults to 1,
but can be changed to any number from 1 to 15.
maxclock maxclock
Specify the maximum number of servers retained by the server
discovery schemes. The default is 10.
maxdist maxdist
The selection algorithm accumulates a number of packets
before setting the clock in order to use the best data avail-
able. The number is determined by the synchronization dis-
tance for each association and a limit called the distance
threshold. The synchronization distance starts at 16, then
drops by a factor of about two as each packet is received.
The default distance threshold is 1.0, which usually results
in four packets. Setting maxdistance to some value between 1
and 16 can be used to change the number of packets required.
For instance, setting it to 16 will set the clock on the
first packet received; however, setting it to this value
essentially disables the mitigation and grooming algorithms.
mindist mindist
The selection algorithm normally pads each intersection a
minimum of one millisecond to avoid needless classification.
In some cases, such as reference clocks with high jitter and
a PPS signal, it is useful to increase the padding. This com-
mand can be used for that purpose. As a general rule, set the
mindistance to the maximum expected offset plus the maximum
expected jitter, in seconds.
minclock minclock
The clustering algorithm repeatedly casts out outlyer associ-
ations until no more than minclock associations remain. This
value defaults to 3, but can be changed to any number from 1
to the number of configured sources.
minsane minsane
This is the minimum number of candidates available to the
clock selection algorithm in order to produce one or more
truechimers for the clustering algorithm. If fewer than this
number are available, the clock is undisciplined and allowed
to run free. The default is 1 for legacy purposes. However,
according to principles of Byzantine agreement, minsane
should be at least 4 in order to detect and discard a single
falseticker.
orphan stratum
If stratum is set at some value less than 16 a special orphan
mode is enterred when no outside source of synchronization is
available. To use orphan mode a number of participants are
identically configured both as broadcast client and as broad-
cast server. One or more participants are configured to use
an outside source, either a reference clock or another Inter-
net server. When the source or sources fail, the system stra-
tum is set at stratum and a leader is elected to serve as the
reference source. When an outside source of synchronization
is again available, the orphan mode is disabled.
orphanwait delay
Specify the delay in seconds from the time all sources are
lost until orphan parent mode is enabled with default 300 s
(five minutes). During this period, the local clock driver
and the modem driver are not selectable, unless marked with
the prefer keyword. This allows time for one or more primary
sources to become reachable and selectable before using
backup sources, and avoids transient use of the backup
sources at startup.
trap host_address [port port_number] [interface interface_address]
This command configures a trap receiver at the given host address
and port number for sending messages with the specified local
interface address. If the port number is unspecified, a value of
18447 is used. If the interface address is not specified, the mes-
sage is sent with a source address of the local interface the mes-
sage is sent through. Note that on a multihomed host the interface
used may vary from time to time with routing changes.
The trap receiver will generally log event messages and other
information from the server in a log file. While such monitor pro-
grams may also request their own trap dynamically, configuring a
trap receiver will ensure that no messages are lost when the server
is started.
ttl hop ...
This command specifies a list of TTL values in increasing order. Up
to 8 values can be specified. In manycast mode these values are
used in turn in an expanding-ring search. The default is eight mul-
tiples of 32 starting at 31.
FILES
/etc/inet/ntp.conf
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+---------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+---------------------+
|Availability | service/network/ntp |
+---------------+---------------------+
|Stability | Uncommitted |
+---------------+---------------------+
NOTES
The documentation available at /usr/share/doc/ntp is provided as is
from the NTP distribution and may contain information that is not
applicable to the software as provided in this partIcular distribution.
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from http://ar-
chive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15.tar.gz.
Further information about this software can be found on the open source
community website at http://www.ntp.org/.
SEE ALSO
ntpd(8)
ntp.conf(5)