Go to main content

man pages section 5: File Formats

Exit Print View

Updated: Thursday, June 13, 2019
 
 

ntp.conf (5)

Name

ntp.conf - Configuration file for the NTP Daemon.

Synopsis

Please see following description for synopsis

Description

ntp.conf(5)                      File Formats                      ntp.conf(5)



NAME
       ntp.conf - Configuration file for the NTP Daemon.

DESCRIPTION
       The ntp.conf file contains the directives used by the ntpd to configure
       itself.

   Configuration Commands
       server address [options ...]
       peer address [options ...]
       broadcast address [options ...]
       manycastclient address [options ...]
       pool address [options ...]
           These commands specify the time server name or address to  be  used
           and  the  mode in which to operate. The address can be either a DNS
           name or a IPv4 or IPv6 address in standard  notation.  In  general,
           multiple commands of each type can be used for different server and
           peer addresses or multicast groups.
       server
           For type s and r addresses (only), this command mobilizes a persis-
           tent  client  mode  association with the specified remote server or
           local reference clock. If the preempt flag is specified, a preempt-
           able client mode association is mobilized instead.
       peer
           For  type  s  addresses (only), this command mobilizes a persistent
           symmetric-active mode association with the specified remote peer.
       broadcast
           For type b and m ddresses (only), this command mobilizes a  persis-
           tent broadcast or multicast server mode association. Note that type
           b messages go only to the interface specified, but type m  messages
           go to all interfaces.
       manycastclient
           For  type  m  addresses  (only),  this command mobilizes a manycast
           client mode association for the multicast group address  specified.
           In  this  mode  the address must match the address specified on the
           manycastserver command of one or more designated manycast servers.
       pool
           For type s messages (only) this command  mobilizes  a  client  mode
           association for servers implementing the pool automatic server dis-
           covery scheme described  on  the  Association  Management  page  at
           file:///usr/share/doc/ntp/assoc.html.  The address is a DNS name in
           the form area.pool.ntp.org, where area is a  qualifier  designating
           the server geographic area such as us or europe.

   Command Options
       Each of the above configuation commands takes zero or more options from
       the list below:
       autokey
           Send and  receive  packets  authenticated  by  the  autokey  scheme
           described     in     the    Authentication    Options    page    at
           file:///usr/share/doc/ntp/authopt.html. This option is  valid  only
           with server and peer commands and type s addresses. It is incompat-
           ible with the key option.
       burst
           When the server is reachable, send a burst of six  packets  instead
           of  the usual one. The packet spacing is normally 2 s; however, the
           spacing between the first and second packets can  be  changed  with
           the  fBcalldelay  command  to  allow additional time for a modem or
           ISDN call to complete. This option is  valid  only  with  only  the
           server  command  and  type s addressesa. It is a recommended option
           when the maxpoll option is greater than 10 (1024 s).
       iburst
           When the server is unreachable,  send  a  burst  of  eight  packets
           instead  of the usual one. The packet spacing is normally 2 s; how-
           ever, the spacing between the  first  and  second  packets  can  be
           changed  with  the calldelay command to allow additional time for a
           modem or ISDN call to complete. This option is valid only with  the
           server  command  and  type  s addresses. It is a recommended option
           with this command.
       key key
           Send and receive packets authenticated by the symmetric key  scheme
           described     in     the    Authentication    Options    page    at
           file:///usr/share/doc/ntp/authopt.html. This option is  valid  only
           with  server and peer commands and type s addresses. The key speci-
           fies the key identifier with values from  1  to  65535,  inclusive.
           This option is incompatible with the autokey option.
       minpoll minpoll
       maxpoll maxpoll
           These  options  specify  the minimum and maximum poll intervals for
           NTP messages, in seconds as a power of two. The maximum poll inter-
           val  defaults  to  10 (1024 s), but can be increased by the maxpoll
           option to an upper limit of 17 (36 h). The  minimum  poll  interval
           defaults to 6 (64 s), but can be decreased by the minpoll option to
           a lower limit of 4 (16 s). These option are  valid  only  with  the
           server and peer commands and type s addresses.
       mode option
           Pass  the  option  to  a reference clock driver, where option is an
           integer in the range from 0 to 255, inclusive. This option is valid
           only with the server command and type r addresses.
       noselect
           Marks  the  server or peer to be ignored by the selection algorithm
           but visible to the monitoring program. This option is ignored  with
           the broadcast command.
       preempt
           Specifies  the  association  as preemptable rather than the default
           persistent. This option is ignored with the  broadcast command  and
           is most useful with the manycastclient and pool commands.
       prefer
           Mark  the  server  as preferred. All other things being equal, this
           host will be chosen for synchronization among a  set  of  correctly
           operating    hosts.    See    the    Mitigation   Rules   page   at
           file:///usr/share/doc/ntp/prefer.html for further information. This
           option is valid only with the server and peer commands.
       true
           Mark  the  association to assume truechimer status; that is, always
           survive the selection and clustering algorithms. This option can be
           used  with any association, but is most useful for reference clocks
           with large jitter on the serial port and precision pulse-per-second
           (PPS) signals. Caution: this option defeats the algorithms designed
           to cast out falsetickers and can allow these  sources  to  set  the
           system  clock.  This  option is valid only with the server and peer
           commands.
       ttl ttl
           This option specifies the time-to-live ttl for the broadcast  comm-
           mand  and the maximum ttl for the expanding ring search used by the
           manycastclient  command.  Selection  of  the  proper  value,  which
           defaults  to 127, is something of a black art and should be coordi-
           nated with the network administrator.
       version version
           Specifies the version number to be used for outgoing  NTP  packets.
           Versions 1-4 are the choices, with version 4 the default.

   Auxiliary Commands
       broadcastclient [novolley]
           Enable  reception  of broadcast server messages to any local inter-
           face (type b address). Ordinarily, upon receiving a message for the
           first time, the broadcast client measures the nominal server propa-
           gation delay using a brief client/server exchange, after  which  it
           continues  in listen-only mode. If the novolley keyword is present,
           the exchange is not used and the value specified in the  broadcast-
           delay  command  is  used  or,  if the broadcastdelay command is not
           used, the default 4.0 ms. Note that, in order to  avoid  accidental
           or  malicious  disruption  in this mode, both the server and client
           should operate using symmetric key or public key authentication  as
           described     in     the    Authentication    Options    page    at
           file:///usr/share/doc/ntp/authopt.html. Note that the novolley key-
           word is incompatible with public key authentication.
       manycastserver address [...]
           Enable  reception of manycast client messages (type m)to the multi-
           cast group address(es) (type m) specified. At least one address  is
           required. Note that, in order to avoid accidental or malicious dis-
           ruption, both the server and client should operate using  symmetric
           key or public key authentication as described in the Authentication
           Options page at file:///usr/share/doc/ntp/authopt.html.
       multicastclient address [...]
           Enable reception of multicast  server  messages  to  the  multicast
           group  address(es) (type m) specified. Upon receiving a message for
           the first time, the multicast client measures  the  nominal  server
           propagation  delay  using  a  brief client/server exchange with the
           server, then enters the broadcast client mode, in which it synchro-
           nizes  to  succeeding  multicast  messages.  Note that, in order to
           avoid accidental or malicious disruption in  this  mode,  both  the
           server  and client should operate using symmetric key or public key
           authentication as described in the Authentication Options  page  at
           file:///usr/share/doc/ntp/authopt.html.

   Reference Clock Commands
       server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int]
           This  command  can be used to configure reference clocks in special
           ways. The options are interpreted as follows:
       prefer
           Marks the reference clock as  preferred.  All  other  things  being
           equal,  this host will be chosen for synchronization among a set of
           correctly  operating  hosts.  See  the  Mitigation  Rules  page  at
           file:///usr/share/doc/ntp/prefer.html for further information.
       mode int
           Specifies  a  mode number which is interpreted in a device-specific
           fashion. For instance, it selects a dialing protocol  in  the  ACTS
           driver and a device subtype in the parse drivers.
       minpoll int
       maxpoll int
           These  options specify the minimum and maximum polling interval for
           reference clock messages in seconds, interpreted as dual logarithms
           (2 ^ x). For most directly connected reference clocks, both minpoll
           and maxpoll default to 6 (2^16 = 64 s). For modem reference clocks,
           minpoll  defaults  to  10  (2^10  =  1024  s  = 17.1 m) and maxpoll
           defaults to 14 (2^14 = 16384 s = 4.25 h). The allowable range is  4
           (16 s) to 17 (36.4 h) inclusive.
       fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string]
       [mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1]
           This command can be used to configure reference clocks  in  special
           ways.  It  must immediately follow the server command which config-
           ures the driver. Note that the same capability is possible  at  run
           time  using  the  ntpq program. The options are interpreted as fol-
           lows:
       time1 sec
           Specifies a constant to be added to the time offset produced by the
           driver,  a fixed-point decimal number in seconds. This is used as a
           calibration constant to adjust the nominal time offset of a partic-
           ular  clock to agree with an external standard, such as a precision
           PPS signal. It also provides a way to correct a systematic error or
           bias  due  to  serial port or operating system latencies, different
           cable lengths or receiver internal delay. The specified  offset  is
           in  addition to the propagation delay provided by other means, such
           as internal DIPswitches. Where a calibration for an individual sys-
           tem  and driver is available, an approximate correction is noted in
           the driver documentation pages.

           Note: in order to facilitate calibration when more than  one  radio
           clock  or PPS signal is supported, a special calibration feature is
           available. It takes the form of an argument to the  enable  command
           and  operates  as  described in the Reference Clock Drivers page at
           file:///usr/share/doc/ntp/refclock.html.
       time2 secs
           Specifies a fixed-point decimal number in seconds, which is  inter-
           preted  in a driver-dependent way. See the descriptions of specific
           drivers    in    the    Reference    Clock    Drivers    page    at
           file:///usr/share/doc/ntp/refclock.html.
       stratum int
           Specifies  the  stratum  number  assigned to the driver, an integer
           between 0 and 15. This number overrides the default stratum  number
           ordinarily assigned by the driver itself, usually zero.
       refid string
           Specifies  an  ASCII  string  of  from one to four characters which
           defines the reference identifier used by the  driver.  This  string
           overrides  the default identifier ordinarily assigned by the driver
           itself.
       mode int
           Specifies a mode number which is interpreted in  a  device-specific
           fashion.  For  instance,  it selects a dialing protocol in the ACTS
           driver and a device subtype in the parse drivers.
       flag1 flag2 flag3 flag4
           These four flags are used for customizing  the  clock  driver.  The
           interpretation  of  these values, and whether they are used at all,
           is a function of the particular clock driver. However,  by  conven-
           tion  flag4  is  used  to  enable  recording monitoring data to the
           clockstats file configured with the filegen command.

   Authentication Commands
       autokey [logsec]
           Specifies the interval between regenerations  of  the  session  key
           list  used with the Autokey protocol. Note that the size of the key
           list for each association depends on this interval and the  current
           poll interval. The default value is 12 (4096 s or about 1.1 hours).
           For poll intervals above the specified interval, a session key list
           with a single entry will be regenerated for every message sent.
       controlkey key
           Specifies  the  key  identifier to use with the ntpq utility, which
           uses the standard protocol defined in RFC-1305. The key argument is
           the key identifier for a trusted key, where the value can be in the
           range 1 to 65,535, inclusive.
       crypto [randfile file] [host name] [ident name] [pw password]
           This command requires the OpenSSL library. It activates public  key
           cryptography  and  loads the required public/private encryption and
           sign kyes and public certificat. If one  or  more  files  are  left
           unspecified,  the default names are used as described below. Unless
           the complete path and name of the file are specified, the  location
           of  a file is relative to the keys directory specified in the keys-
           dir command or default /etc/inet. Following are the subcommands.
       host name
           Specifies the host name used in the host key link ntpkey_host_name,
           sign   key   link   ntpkey_sign_name   and  certificate  link  ntp-
           key_cert_name. The ntp-keygen program automatically installs  these
           links to the most recently generated files.
       ident name
           Specifies  the  group  name  used  in  the  identity  key link ntp-
           key_key_name, where key identifies the key type  described  on  the
           ntp-keygen  page.  The  ntp-keygen  program  automatically installs
           these links to the most recently generated files.
       pw password
           Specifies the password to decrypt files previously encrypted by the
           ntp-keygen program.
       randfile file
           Specifies  the location of the random seed file used by the OpenSSL
           library. The defaults are described on the ntp-keygen(8) man page.
       keys keyfile
           Specifies the complete path to the MD5 key file containing the keys
           and  key identifiers used by ntpd and ntpq when operating with sym-
           metric key cryptography. This is the same operation as the -k  com-
           mand line option.
       keysdir path
           This command specifies the default directory path for cryptographic
           keys, parameters and certificates. The default is /etc/inet/.
       requestkey key
           Specifies the key identifier to use with the ntpdc utility program,
           which  uses  a proprietary protocol specific to this implementation
           of ntpd. The key argument is a key identifier for the trusted  key,
           where  the  value  can  be in the range 1 to 65,535, inclusive. The
           ntpdc program is not delivered in Solaris but may be  used  from  a
           remote system.
       revoke [logsec]
           Specifies  the interval between re-randomization of certain crypto-
           graphic values used by the Autokey scheme, as a power of 2 in  sec-
           onds.  These  values  need  to  be  updated  frequently in order to
           deflect brute-force attacks on the  algorithms;  however,  updating
           some values is a relatively expensive operation. The default inter-
           val is 16 (65,536 s or about 18 hours). For  poll  intervals  above
           the  specified  interval, the values will be updated for every mes-
           sage sent.
       trustedkey key [...]
           Specifies the key identifiers which are trusted for the purposes of
           authenticating  peers  with  symmetric key cryptography, as well as
           keys used by the ntpq and ntpdc programs. The authentication proce-
           dures require that both the local and remote servers share the same
           key and key identifier for this purpose,  although  different  keys
           can  be  used  with different servers. The key arguments are 32-bit
           unsigned integers with values from 1 to 65,535.

   Access Control Commands
       discard [ average avg ][ minimum min ] [ monitor prob ]
           Set the parameters of  the  limited  facility  which  protects  the
           server from client abuse. The average subcommand specifies the min-
           imum average packet spacing, while the minimum subcommand specifies
           the  minimum  packet spacing. Packets that violate these minima are
           discarded and a  kiss-o'-death  packet  returned  if  enabled.  The
           default  minimum average and minimum are 5 and 2, respectively. The
           monitor subcommand specifies the probability of discard for packets
           that overflow the rate-control window.
       restrict address [mask mask] [flag][...]
           The  address  argument expressed in dotted-quad form is the address
           of a host or network. Alternatively, the address argument can be  a
           valid  host  DNS name.  The mask argument expressed in dotted-
           quad form defaults to 255.255.255.255, meaning that the address  is
           treated  as  the  address  of  an  individual host. A default entry
           (address 0.0.0.0, mask 0.0.0.0) is always included  and  is  always
           the first entry in the list. Note that text string default, with no
           mask option, may be used to indicate the default entry.

           In the current implementation, flag always restricts access,  i.e.,
           an  entry with no flags indicates that free access to the server is
           to be given. The flags are not orthogonal, in that more restrictive
           flags  will  often  make less restrictive ones redundant. The flags
           can generally be classed into two catagories, those which  restrict
           time  service  and  those  which restrict informational queries and
           attempts to do run-time reconfiguration of the server. One or  more
           of the following flags may be specified:
       ignore
           Deny packets of all kinds, including ntpq and ntpdc queries.
       kod
           If  this  flag  is  set  when  an  access violation occurs, a kiss-
           o'-death (KoD) packet is sent. KoD packets are rate limited  to  no
           more  than  one per second. If another KoD packet occurs within one
           second after the last one, the packet is dropped
       limited
           Deny service if the packet spacing violates the lower limits speci-
           fied in the discard command. A history of clients is kept using the
           monitoring capability of ntpd. Thus, monitoring is always active as
           long as there is a restriction entry with the limited flag.
       lowpriotrap
           Declare  traps set by matching hosts to be low priority. The number
           of traps a server can maintain is limited (the current limit is 3).
           Traps  are  usually  assigned  on a first come, first served basis,
           with later trap requestors being denied service. This flag modifies
           the assignment algorithm by allowing low priority traps to be over-
           ridden by later requests for normal priority traps.
       nomodify
           Deny ntpq and ntpdc queries which attempt to modify  the  state  of
           the  server  (i.e., run time reconfiguration). Queries which return
           information are permitted.
       noquery
           Deny ntpq and ntpdc queries. Time service is not affected.
       nopeer
           Deny packets which would result in mobilizing  a  new  association.
            This includes broadcast, symmetric-active and manycast client
           packets when a configured association does not exist.
       noserve
           Deny all packets except ntpq and ntpdc queries.
       notrap
           Decline to provide mode 6 control message trap service to  matching
           hosts. The trap service is a subsystem of the ntpdq control message
           protocol which is intended for use by  remote  event  logging  pro-
           grams.
       notrust
           Deny packets unless the packet is cryptographically authenticated.
       ntpport
           This is actually a match algorithm modifier, rather than a restric-
           tion flag. Its presence causes the restriction entry to be  matched
           only  if the source port in the packet is the standard NTP UDP port
           (123). Both ntpport and non-ntpport may be specified.  The  ntpport
           is considered more specific and is sorted later in the list.
       version
           Deny packets that do not match the current NTP version.

   Monitoring Commands
       statistics name [...]
           Enables  writing  of  statistics  records.  Currently, six kinds of
           namestatistics are supported.
       clockstats
           Enables recording of  clock  driver  statistics  information.  Each
           update received from a clock driver appends a line of the following
           form to the file generation set named clockstats:

           49213 525.624 127.127.4.1 93 226 00:08:29.606 D

           The first two fields show the date (Modified Julian Day)  and  time
           (seconds  and fraction past UTC midnight). The next field shows the
           clock address in dotted-quad notation, The final  field  shows  the
           last  timecode  received  from  the  clock in decoded ASCII format,
           where meaningful. In some clock drivers a good deal  of  additional
           information  can be gathered and displayed as well. See information
           specific to each clock for further details.
       cryptostats
           This option requires the OpenSSL cryptographic software library. It
           enables recording of cryptographic public key protocol information.
           Each message received by the protocol module appends a line of  the
           following form to the file generation set named cryptostats:

           49213 525.624 127.127.4.1 message

           The  first  two fields show the date (Modified Julian Day) and time
           (seconds and fraction past UTC midnight). The next field shows  the
           peer  address  in  dotted-quad  notation,  The  final message field
           includes the message type and certain  ancillary  information.  See
           the          Authentication         Options         page         at
           file:///usr/share/doc/ntp/authopt.html for further information.
       loopstats
           Enables recording  of  loop  filter  statistics  information.  Each
           update  of  the local clock outputs a line of the following form to
           the file generation set named loopstats:

           50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 6

           The first two fields show the date (Modified Julian Day)  and  time
           (seconds and fraction past UTC midnight). The next five fields show
           time offset (seconds), frequency offset (parts per million -  PPM),
           RMS  jitter  (seconds),  Allan deviation (PPM) and clock discipline
           time constant.
       peerstats
           Enables recording of peer  statistics  information.  This  includes
           statistics records of all peers of a NTP server and of special sig-
           nals, where present and configured. Each  valid  update  appends  a
           line of the following form to the current element of a file genera-
           tion set named peerstats:

           48773   10847.650   127.127.4.1   9714   -0.001605376   0.000000000
           0.001424877 0.000958674

           The  first  two fields show the date (Modified Julian Day) and time
           (seconds and fraction past UTC midnight). The next two fields  show
           the  peer address in dotted-quad notation and status, respectively.
           The status field is encoded in hex in the format described  in  Ap-
           pendix  B  of the NTP specification RFC 1305. The final four fields
           show the offset, delay, dispersion and RMS jitter, all in seconds.
       rawstats
           Enables recording of  raw-timestamp  statistics  information.  This
           includes  statistics  records  of  all peers of a NTP server and of
           special signals, where present and  configured.  Each  NTP  message
           received  from a peer or clock driver appends a line of the follow-
           ing form to the file generation set named rawstats:

           50928   2132.2543   128.4.1.1   128.4.1.20    3102453281.2584327000
           3102453281.258622800031 02453332.2540806000 3102453332.2541458000

           The  first  two fields show the date (Modified Julian Day) and time
           (seconds and fraction past UTC midnight). The next two fields  show
           the  remote  peer or clock address followed by the local address in
           dotted-quad notation, The final four  fields  show  the  originate,
           receive,  transmit and final NTP timestamps in order. The timestamp
           values are as received and before processing by  the  various  data
           smoothing and mitigation algorithms.
       sysstats
           Enables  recording of ntpd statistics counters on a periodic basis.
           Each hour a line of the following form is appended to the file gen-
           eration set named sysstats:

           50928 2132.2543 36000 81965 0 9546 56 71793 512 540 10 147

           The  first  two fields show the date (Modified Julian Day) and time
           (seconds and fraction past UTC midnight). The remaining ten  fields
           show  the statistics counter values accumulated since the last gen-
           erated line.
           Time since restart 36000: Time in hours since the system was last
           rebooted.
           Packets received 81965: Total number of packets received.
           Packets processed 0: Number of packets received in response to pre-
           vious packets sent
           Current version 9546: Number of packets matching the current NTP
           version.
           Previous version 56: Number of packets matching the previous NTP
           version.
           Bad version 71793: Number of packets matching neither NTP version.
           Access denied 512: Number of packets denied access for any reason.
           Bad length or format 540: Number of packets with invalid length,
           format or port number.
           Bad authentication 10: Number of packets not verified as authentic.
           Rate exceeded 147: Number of packets discarded due to rate limita-
           tion.
       statsdir directory_path
           Indicates the full path  of  a  directory  where  statistics  files
           should  be  created (see below). This keyword allows the (otherwise
           constant) filegen filename prefix to be modified for  file  genera-
           tion  sets,  which  is  useful  for  handling statistics logs. This
           directory must be writable by the user "daemon" and all files in it
           must be writable by that user.
       filegen name [file filename] [type typename] [link | nolink] [enable |
       disable]
           Configures setting of generation file  set  name.  Generation  file
           sets provide a means for handling files that are continuously grow-
           ing during the lifetime of a server. Server statistics are a  typi-
           cal  example for such files. Generation file sets provide access to
           a set of files used to store the actual data. At any time  at  most
           one  element  of the set is being written to. The type given speci-
           fies when and how data will be directed to a  new  element  of  the
           set.  This  way,  information stored in elements of a file set that
           are currently unused are available for administrational  operations
           without  the risk of disturbing the operation of ntpd. (Most impor-
           tant: they can be removed to free space for new data produced.)
           Note that this command can be sent from the ntpdc  program  running
           at a remote location.

           name   This is the type of the statistics records, as shown in the
                  statistics command.

           file filename
                  This is the file name for the statistics records. Filenames
                  of set members are built from three concatenated elements
                  prefix, filename and suffix:

           prefix This is a constant filename path. It is not subject to modi-
                  fications via the filegen option. It is defined by the
                  server, usually specified as a compile-time constant. It
                  may, however, be configurable for individual file generation
                  sets via other commands. For example, the prefix used with
                  loopstats and peerstats generation can be configured using
                  the statsdir option explained above.

           filename
                  This string is directly concatenated to the prefix mentioned
                  above (no intervening / (slash)). This can be modified using
                  the file argument to the filegen statement. No .. elements
                  are allowed in this component to prevent filenames referring
                  to parts outside the filesystem hierarchy denoted by prefix.

           suffix This part is reflects individual elements of a file set. It
                  is generated according to the type of a file set.

           type typename
                  A file generation set is characterized by its type. The fol-
                  lowing types are supported:

                 none   The file set is actually a single plain file.

                 pid    One element of file set is used per incarnation of a
                        ntpd server. This type does not perform any changes to
                        file set members during runtime, however it provides
                        an easy way of separating files belonging to different
                        ntpd server incarnations. The set member filename is
                        built by appending a . (dot) to concatenated prefix
                        and filename strings, and appending the decimal repre-
                        sentation of the process ID of the ntpd server
                        process.

                 day    One file generation set element is created per day. A
                        day is defined as the period between 00:00 and 24:00
                        UTC. The file set member suffix consists of a . (dot)
                        and a day specification in the form YYYYMMdd. YYYY is
                        a 4-digit year number (e.g., 1992). MM is a two digit
                        month number. dd is a two digit day number. Thus, all
                        information written at 10 December 1992 would end up
                        in a file named prefix filename.19921210.

                 week   Any file set member contains data related to a certain
                        week of a year. The term week is defined by computing
                        day-of-year modulo 7. Elements of such a file genera-
                        tion set are distinguished by appending the following
                        suffix to the file set filename base: A dot, a 4-digit
                        year number, the letter W, and a 2-digit week number.
                        For example, information from January, 10th 1992 would
                        end up in a file with suffix .1992W1.

                 month  One generation file set element is generated per
                        month. The file name suffix consists of a dot, a
                        4-digit year number, and a 2-digit month.

                 year   One generation file element is generated per year. The
                        filename suffix consists of a dot and a 4 digit year
                        number.

                 age    This type of file generation sets changes to a new
                        element of the file set every 24 hours of server oper-
                        ation. The filename suffix consists of a dot, the let-
                        ter a, and an 8-digit number. This number is taken to
                        be the number of seconds the server is running at the
                        start of the corresponding 24-hour period. Information
                        is only written to a file generation by specifying
                        enable; output is prevented by specifying disable.

           link | nolink
                  It is convenient to be able to access the current element of
                  a file generation set by a fixed name. This feature is
                  enabled by specifying link and disabled using nolink. If
                  link is specified, a hard link from the current file set
                  element to a file without suffix is created. When there is
                  already a file with this name and the number of links of
                  this file is one, it is renamed appending a dot, the letter
                  C, and the pid of the ntpd server process. When the number
                  of links is greater than one, the file is unlinked. This
                  allows the current file to be accessed by a constant name.

           enable | disable
                  Enables or disables the recording function.
       broadcastdelay seconds
           The broadcast and multicast modes require a special calibration  to
           determine  the  network delay between the local and remote servers.
           Ordinarily, this is done  automatically  by  the  initial  protocol
           exchanges  between  the client and server. In some cases, the cali-
           bration procedure may fail due to network  or  server  access  con-
           trols,  for example. This command specifies the default delay to be
           used under these circumstances. Typically (for Ethernet), a  number
           between  0.003  and  0.007 seconds is appropriate. The default when
           this command is not used is 0.004 seconds.
       calldelay delay
           This option controls the delay in seconds  between  the  first  and
           second  packets  sent  in  burst or iburst mode to allow additional
           time for a modem or ISDN call to complete.
       driftfile driftfile { tolerance ]
           This command specifies the complete path and name of the file  used
           to  record the frequency of the local clock oscillator. This is the
           same operation as the -f command linke option. If the file  exists,
           it  is  read  at  startup in order to set the initial frequency and
           then updated once per hour with the current frequency  computed  by
           the daemon. If the file name is specified, but the file itself does
           not exist, the starts with an initial frequency of zero and creates
           the file when writing it for the first time. If this command is not
           given, the daemon will always start with an  initial  frequency  of
           zero.  This  file must be in a directory writable by the user "dae-
           mon".

           The file format consists of  a  single  line  containing  a  single
           floating  point number, which records the frequency offset measured
           in parts-per-million (PPM). The file is updated  by  first  writing
           the  current  drift  value  into a temporary file and then renaming
           this file to replace the old version. This implies that  ntpd  must
           have  write  permission for the directory the drift file is located
           in, and that file system links, symbolic or  otherwise,  should  be
           avoided.

           The parameter tolerance is the wander threshold to skip writing the
           new value. If the value of wander computed  from  recent  frequency
           changes  is  greater  than  this threshold the file will be updated
           once per hour. If below the threshold, the file will not  be  writ-
           ten.
       enable [ auth | bclient | calibrate | kernel | mode7 | monitor | ntp |
       pps | stats]
       disable [ auth | bclient | calibrate | kernel | mode7 | monitor | ntp |
       pps | stats ]
           Provides  a  way to enable or disable various system options. Flags
           not mentioned are unaffected. Note that all of these flags  can  be
           controlled remotely using the ntpq utility program.
       auth
           Enables  the  server to synchronize with unconfigured peers only if
           the peer has been correctly authenticated using either  public  key
           or private key cryptography. The default for this flag is enable.
       bclient
           Enables the server to listen for a message from a broadcast or mul-
           ticast server, as  in  the  multicastclient  command  with  default
           address. The default for this flag is disable.
       calibrate
           Enables the calibrate feature for reference clocks. The default for
           this flag is disable.
       kernel
           Enables the kernel time discipline, if available. The  default  for
           this flag is enable if support is available, otherwise disable.
       mode7
           Enables  processing  mode  7 private request packets from the ntpdc
           utility program. The ntpdc program is not  delivered  with  Solaris
           but  may  still be used remotely from other systems. The default is
           to not accept these packets.
       monitor
           Enables the monitoring facility.  See  the  ntpq  program  and  the
           mrulist  command  or further information. The default for this flag
           is enable.
       ntp
           Enables time and frequency discipline. In effect, this switch opens
           and  closes  the  feedback  loop,  which is useful for testing. The
           default for this flag is enable.
       pps
           Enables the pulse-per-second (PPS) signal when frequency  and  time
           is  disciplined by the precision time kernel modifications. See the
           Kernel    Model    for    Precision     Timekeeping     page     at
           file:///usr/share/doc/ntp/kern.html  for  further  information. The
           default for this flag is disable.
       stats
           Enables the statistics facility. The default for this flag is  dis-
           able
       includefile includefile
           This   command  allows  additional  configuration  commands  to  be
           included from a separate file. Include files may  be  nested  to  a
           depth  of  five; upon reaching the end of any include file, command
           processing resumes in the previous configuration file. This  option
           is  useful for sites that run ntpd on multiple hosts, with (mostly)
           common options (e.g., a restriction list). The include file must be
           in a file readable by the user "daemon".
       logconfig configkeyword
           This  command controls the amount and type of output written to the
           system syslog facility or the alternate logfile log file. All  con-
           figkeyword  keywords  can be prefixed with =, + and -, where = sets
           the syslogmask, + adds and - removes messages. syslog messages  can
           be  controlled  in four classes (clock, peer, sys and sync). Within
           these classes four types of messages can  be  controlled:  informa-
           tional  messages  (info),  event messages (events), statistics mes-
           sages (statistics) and status messages (status).

           Configuration keywords are  formed  by  concatenating  the  message
           class with the event class. The all prefix can be used instead of a
           message class. A message class may also be followed by the all key-
           word  to  enable/disable  all  messages  of  the respective message
           class. By default, logconfig output is set to allsync.

           Thus, a minimal log configuration could look like this:

           logconfig =syncstatus +sysevents

           This would just list the synchronizations state  of  ntpd  and  the
           major  system  events. For a simple reference server, the following
           minimum message configuration could be useful:

           logconfig =allsync +allclock

           This configuration will list all clock information and synchroniza-
           tion information. All other events and messages about peers, system
           events and so on is suppressed.
       logfile logfile

           This command specifies the location of an alternate log file to  be
           used  instead  of  the  default system syslog facility. This is the
           same operation as the -l command line option.  This  file  must  be
           writable  by  the  user  "daemon" and be in a directory writable by
           that user.
       phone dial1 dial2 ...
           This command is used in conjunction  with  the  ACTS  modem  driver
           (type  18). The arguments consist of a maximum of 10 telephone num-
           bers used to dial USNO, NIST or European time services.  The  Hayes
           command  ATDT is  normally  prepended to the number, which can
           contain other modem control codes as well.
       setvar variable [default]
           This command adds an additional system  variable.  These  variables
           can be used to distribute additional information such as the access
           policy. If the variable of the form name = value is followed by the
           default keyword, the variable will be listed as part of the default
           system variables (ntpq  rv  command).  These  additional  variables
           serve informational purposes only. They are not related to the pro-
           tocol other that they can be listed. The known  protocol  variables
           will  always  override  any variables defined via the setvar mecha-
           nism. There are three special variables that contain the  names  of
           all variable of the same group. The sys_var_list holds the names of
           all system variables. The peer_var_list holds the names of all peer
           variables  and  the clock_var_list holds the names of the reference
           clock variables.
       tinker [ allan allan | dispersion dispersion | freq freq | huffpuff
       huffpuff | panic panic | step step | stepout stepout ]
           This  command can be used to alter several system variables in very
           exceptional circumstances. It should  occur  in  the  configuration
           file  before any other configuration options. The default values of
           these variables have been carefully optimized for a wide  range  of
           network  speeds  and  reliability  expectations.  In  general, they
           interact in intricate ways that are hard to predict and some combi-
           nations  can  result in some very nasty behavior. Very rarely is it
           necessary to change the  default  values;  but,  some  folks  can't
           resist  twisting  the  knobs  anyway  and this command is for them.
           Emphasis added: twisters are on their own and can  expect  no  help
           from the support group.

           The variables operate as follows:
           allan allan
                 The  argument  becomes the new value for the Allan intercept,
                 which is a parameter of the PLL/FLL  clock  discipline  algo-
                 rithm. The value is in  seconds with default 1500 s, which is
                 appropriate for most computer clocks.
           dispersion dispersion
                 The  argument  becomes  the  new  value  for  the  dispersion
                 increase rate, normally .000015 s/s.
           freq freq
                 The  argument becomes the initial value of the frequency off-
                 set in parts-per-million. This overrides  the  value  in  the
                 frequency  file,  if present, and avoids the initial training
                 state if it is not.
           huffpuff huffpuff
                 The argument becomes the new value for the experimental huff-
                 n'-puff  filter span, which determines the most recent inter-
                 val the algorithm will search for a minimum delay. The  lower
                 limit is 900 s (15 m), but a more reasonable value is 7200 (2
                 hours). There is no default, since the filter is not  enabled
                 unless this command is given.
           panic panic
                 The  argument  is  the panic threshold, by default 1000 s. If
                 set to zero, the panic sanity check is disabled and  a  clock
                 offset of any value will be accepted.
           step step
                 The  argument  is  the step threshold, by default 0.128 s. It
                 can be set to any positive number in seconds. If set to zero,
                 step adjustments will never occur. Note: The kernel time
                 discipline is disabled if the step threshold is set  to  zero
                 or greater than the default.
           stepout stepout
                 The argument is the stepout timeout, by default 900 s. It can
                 be set to any positive number in seconds. If set to zero, the
                 stepout pulses will not be suppressed.

       tos [ beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor |
       orphan orphan | maxdistance maxdistance | minclock minclock | minsane
       minsane ]
           This command affects the clock selection and clustering algorithms.
           It can be used to select the quality and quantity of peers used  to
           synchronize  the  system clock and is most useful in manycast mode.
           The variables operate as follows:
           beacon beacon
                 The manycast server sends packets at intervals  of  64  s  if
                 less  than   maxclock  servers  are  available. Otherwise, it
                 sends packets at the beacon interval in seconds. The  default
                 is 3600 s.
           ceiling ceiling
                 Servers with stratum at or above ceiling will be discarded if
                 there are at  least  minclock  peers  remaining.  This  value
                 defaults  to  15,  but can be changed to any number from 1 to
                 15.
           cohort { 0 | 1 }
                 This is a binary flag which enables (0) or disables (1) many-
                 cast server replies to manycast clients with the same stratum
                 level. This is useful to reduce implosions where  large  num-
                 bers  of clients with the same stratum level are present. The
                 default is to enable these replies.
           floor floor
                 Peers with strata below floor will be discarded if there  are
                 at  least minclock peers remaining. This value defaults to 1,
                 but can be changed to any number from 1 to 15.
           orphan stratum
                 If stratum is set at some value less than 16 a special orphan
                 mode is enterred when no outside source of synchronization is
                 available. To use orphan mode a number  of  participants  are
                 identically configured both as broadcast client and as broad-
                 cast server. One or more participants are configured  to  use
                 an outside source, either a reference clock or another Inter-
                 net server. When the source or sources fail, the system stra-
                 tum is set at stratum and a leader is elected to serve as the
                 reference source. When an outside source  of  synchronization
                 is again available, the orphan mode is disabled.
           mindist mindistance
                 The slection algorithm normally pads each intersection a min-
                 imum of one millisecond to avoid needless classification.  In
                 some  cases,  such as reference clocks with high jitter and a
                 PPS signal, it is useful to increase the padding.  This  com-
                 mand can be used for that purpose. As a general rule, set the
                 mindistance to the maximum expected offset plus the  maxiumum
                 expected jitter, in seconds.
           maxdist maxdistance
                 The  selection  algorithm  accumulates  a  number  of packets
                 before setting the clock in order to use the best data avail-
                 able.  The  number  is determined by the synchronization dis-
                 tance for each association and a limit  called  the  distance
                 threshold.  The  synchronization  distance starts at 16, then
                 drops by a factor of about two as each  packet  is  received.
                 The  default distance threshold is 1.0, which usually results
                 in four packets. Setting maxdistance to some value between  1
                 and  16 can be used to change the number of packets required.
                 For instance, setting it to 16 will  set  the  clock  on  the
                 first  packet  received;  howver,  setting  it  to this value
                 essentially disables the mitigation and grooming algorithms.
           minclock minclock
                 The clustering algorithm repeatedly casts out outlyer associ-
                 ations  until no more than minclock associations remain. This
                 value defaults to 3, but can be changed to any number from  1
                 to the number of configured sources.
           minsane minsane
                 This  is  the  minimum  number of candidates available to the
                 clock selection algorithm in order to  produce  one  or  more
                 truechimers  for the clustering algorithm. If fewer than this
                 number are available, the clock is undisciplined and  allowed
                 to  run  free. The default is 1 for legacy purposes. However,
                 according  to  principles  of  Byzantine  agreement,  minsane
                 should  be at least 4 in order to detect and discard a single
                 falseticker.

       ttl hop ...
           This command specifies a list of TTL values in increasing order. up
           to  8  values  can  be specified. In manycast mode these values are
           used in turn in an expanding-ring search. The default is eight mul-
           tiples of 32 starting at 31.
       trap host_address [port port_number] [interface interface_address]
           This  command  configures a trap receiver at the given host address
           and port number for  sending  messages  with  the  specified  local
           interface  address.  If  the port number is unspecified, a value of
           18447 is used. If the interface address is not specified, the  mes-
           sage  is sent with a source address of the local interface the mes-
           sage is sent through. Note that on a multihomed host the  interface
           used may vary from time to time with routing changes.

           The  trap  receiver  will  generally  log  event messages and other
           information from the server in a log file. While such monitor  pro-
           grams  may  also  request their own trap dynamically, configuring a
           trap receiver will ensure that no messages are lost when the server
           is started.
       ttl hop ...
           This command specifies a list of TTL values in increasing order. up
           to 8 values can be specified. In manycast  mode  these  values  are
           used in turn in an expanding-ring search. The default is eight mul-
           tiples of 32 starting at 31.

FILES
       /etc/inet/ntp.conf

ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+---------------------+
       |ATTRIBUTE TYPE |  ATTRIBUTE VALUE    |
       +---------------+---------------------+
       |Availability   | service/network/ntp |
       +---------------+---------------------+
       |Stability      | Uncommitted         |
       +---------------+---------------------+
NOTES
       The documentation available at /usr/share/doc/ntp  is  provided  as  is
       from  the  NTP  distribution  and  may  contain information that is not
       applicable to the software as provided in this partIcular distribution.

SEE ALSO
       ntpd(8)


       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source         was         downloaded         from           http://ar-
       chive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p13.tar.gz

       Further information about this software can be found on the open source
       community website at http://www.ntp.org/.



                                                                   ntp.conf(5)