ntp.conf - Configuration file for the NTP Daemon.
Please see following description for synopsis
ntp.conf(5) File Formats ntp.conf(5) NAME ntp.conf - Configuration file for the NTP Daemon. DESCRIPTION The ntp.conf file contains the directives used by the ntpd to configure itself. Configuration Commands server address [options ...] peer address [options ...] broadcast address [options ...] manycastclient address [options ...] pool address [options ...] unpeer [address | associd ] These commands specify the time server name or address to be used and the mode in which to operate. The address can be either a DNS name or a IPv4 or IPv6 address in standard notation. In general, multiple commands of each type can be used for different server and peer addresses or multicast groups. server For type s and r addresses (only), this command mobilizes a persistent client mode association with the specified remote server or local reference clock. If the preempt flag is specified, a preemptible client mode association is mobi- lized instead. peer For type s addresses (only), this command mobilizes a per- sistent symmetric-active mode association with the specified remote peer. broadcast For type b and m ddresses (only), this command mobilizes a persistent broadcast or multicast server mode association. Note that type b messages go only to the interface speci- fied, but type m messages go to all interfaces. manycastclient For type m addresses (only), this command mobilizes a many- cast client mode association for the multicast group address specified. In this mode the address must match the address specified on the manycastserver command of one or more des- ignated manycast servers. pool For type s messages (only) this command mobilizes a client mode association for servers implementing the pool automatic server discovery scheme described on the Association Manage- ment page at file:///usr/share/doc/ntp/assoc.html. The address is a DNS name in the form area.pool.ntp.org, where area is a qualifier designating the server geographic area such as us or europe. unpeer This command removes a previously configured association. An address or association ID can be used to identify the asso- ciation. Either an IP address or DNS name can be used. This command is most useful when supplied via ntpq runtime con- figuration commands :config and config-from-file. Command Options Each of the above configuration commands takes zero or more options from the list below: autokey Send and receive packets authenticated by the autokey scheme described in the Authentication Options page at file:///usr/share/doc/ntp/authopt.html. This option is valid only with server and peer commands and type s addresses. It is incompat- ible with the key option. burst When the server is reachable, send a burst of six packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the fBcalldelay command to allow additional time for a modem or ISDN call to complete. This option is valid only with only the server command and type s addressesa. It is a recommended option when the maxpoll option is greater than 10 (1024 s). iburst When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; how- ever, the spacing between the first and second packets can be changed with the calldelay command to allow additional time for a modem or ISDN call to complete. This option is valid only with the server command and type s addresses. It is a recommended option with this command. ident group Specify the group name for the association. key key Send and receive packets authenticated by the symmetric key scheme described in the Authentication Options page at file:///usr/share/doc/ntp/authopt.html. This option is valid only with server and peer commands and type s addresses. The key speci- fies the key identifier with values from 1 to 65535, inclusive. This option is incompatible with the autokey option. minpoll minpoll maxpoll maxpoll These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll inter- val defaults to 10 (1024 s), but can be increased by the maxpoll option to an upper limit of 17 (36 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 4 (16 s). These option are valid only with the server and peer commands and type s addresses. mode option Pass the option to a reference clock driver, where option is an integer in the range from 0 to 255, inclusive. This option is valid only with the server command and type r addresses. noselect Marks the server or peer to be ignored by the selection algorithm but visible to the monitoring program. This option is ignored with the broadcast command. preempt Specifies the association as preemptible rather than the default persistent. This option is ignored with the broadcast command and is most useful with the manycastclient and pool commands. prefer Mark the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the Mitigation Rules page at file:///usr/share/doc/ntp/prefer.html for further information. This option is valid only with the server and peer commands. true Mark the association to assume truechimer status; that is, always survive the selection and clustering algorithms. This option can be used with any association, but is most useful for reference clocks with large jitter on the serial port and precision pulse-per-second (PPS) signals. Caution: this option defeats the algorithms designed to cast out falsetickers and can allow these sources to set the system clock. This option is valid only with the server and peer commands. ttl ttl This option specifies the time-to-live ttl for the broadcast com- mand and the maximum ttl for the expanding ring search used by the manycastclient command. Selection of the proper value, which defaults to 127, is something of a black art and should be coordi- nated with the network administrator. xmtnonce Allowed in the server and pool modes, this flag causes the client to put a random number nonce in the transmit timestamp of its out- going packet. Since the server will reply copying the incoming transmit timestamp to the outgoing origin timestamp, this flag pro- vides extra security for the loopback test, at the expense of the server having no idea what time the client thinks it is. version version Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default. Auxiliary Commands broadcastclient [novolley] Enable reception of broadcast server messages to any local inter- face (type b address). Ordinarily, upon receiving a message for the first time, the broadcast client measures the nominal server propa- gation delay using a brief client/server exchange, after which it continues in listen-only mode. If the novolley keyword is present, the exchange is not used and the value specified in the broadcast- delay command is used or, if the broadcastdelay command is not used, the default 4.0 ms. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the Authentication Options page at file:///usr/share/doc/ntp/authopt.html. Note that the novolley key- word is incompatible with public key authentication. manycastserver address [...] Enable reception of manycast client messages (type m)to the multi- cast group address(es) (type m) specified. At least one address is required. Note that, in order to avoid accidental or malicious dis- ruption, both the server and client should operate using symmetric key or public key authentication as described in the Authentication Options page at file:///usr/share/doc/ntp/authopt.html. multicastclient address [...] Enable reception of multicast server messages to the multicast group address(es) (type m) specified. Upon receiving a message for the first time, the multicast client measures the nominal server propagation delay using a brief client/server exchange with the server, then enters the broadcast client mode, in which it synchro- nizes to succeeding multicast messages. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the Authentication Options page at file:///usr/share/doc/ntp/authopt.html. mdnstries number If we are participating in mDNS, after we have synched for the first time we attempt to register with the mDNS system. If that registration attempt fails, we try again at one minute intervals for up to number times. After all, ntpd may be starting before mDNS. The default value for mdnstries is 5. Reference Clock Commands server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int] This command can be used to configure reference clocks in special ways. The options are interpreted as follows: prefer Marks the reference clock as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the Mitigation Rules page at file:///usr/share/doc/ntp/prefer.html for fur- ther information. mode int Specifies a mode number which is interpreted in a device- specific fashion. For instance, it selects a dialing proto- col in the ACTS driver and a device subtype in the parse drivers. minpoll int maxpoll int These options specify the minimum and maximum polling inter- val for reference clock messages in seconds, interpreted as dual logarithms (2 ^ x). For most directly connected refer- ence clocks, both minpoll and maxpoll default to 6 (2^16 = 64 s). For modem reference clocks, minpoll defaults to 10 (2^10 = 1024 s = 17.1 m) and maxpoll defaults to 14 (2^14 = 16384 s = 4.25 h). The allowable range is 4 (16 s) to 17 (36.4 h) inclusive. fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string] [mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1] [minjitter secs] This command can be used to configure reference clocks in special ways. It must immediately follow the server command which config- ures the driver. Note that the same capability is possible at run- time using the ntpq program. The options are interpreted as fol- lows: time1 sec Specifies a constant to be added to the time offset produced by the driver, a fixed-point decimal number in seconds. This is used as a calibration constant to adjust the nominal time offset of a particular clock to agree with an external stan- dard, such as a precision PPS signal. It also provides a way to correct a systematic error or bias due to serial port or operating system latencies, different cable lengths or receiver internal delay. The specified offset is in addition to the propagation delay provided by other means, such as internal DIPswitches. Where a calibration for an individual system and driver is available, an approximate correction is noted in the driver documentation pages. Note: in order to facilitate calibration when more than one radio clock or PPS signal is supported, a special calibration feature is available. It takes the form of an argument to the enable command and operates as described in the Reference Clock Drivers page at file:///usr/share/doc/ntp/refclock.html. time2 secs Specifies a fixed-point decimal number in seconds, which is interpreted in a driver-dependent way. See the descriptions of specific drivers in the Reference Clock Drivers page at file:///usr/share/doc/ntp/refclock.html. stratum int Specifies the stratum number assigned to the driver, an integer between 0 and 15. This number overrides the default stratum number ordinarily assigned by the driver itself, usually zero. refid string Specifies an ASCII string of from one to four characters which defines the reference identifier used by the driver. This string overrides the default identifier ordinarily assigned by the driver itself. mode int Specifies a mode number which is interpreted in a device- specific fashion. For instance, it selects a dialing proto- col in the ACTS driver and a device subtype in the parse drivers. flag1 flag2 flag3 flag4 These four flags are used for customizing the clock driver. The interpretation of these values, and whether they are used at all, is a function of the particular clock driver. However, by convention flag4 is used to enable recording monitoring data to the clockstats file configured with the filegen command. minjitter secs If the source has a jitter that cannot be sensibly esti- mated, because it is not statistic jitter, the source will be detected as falseticker sooner or later. This has been observed e.g. with the serial data of certain GPS receivers. Enforcing a minimal jitter value avoids a too low estima- tion, keeping the clock in the zoo while still detecting higher jitter. Note: this changes the refclock samples and ends up in the clock dispersion, not the clock jitter, despite being called jitter. To see the modified values, check the NTP clock variable "filtdisp", not "jitter". The falseticker problem can also be avoided by increasing tos mindist, which extends the intersection interval, but that affects the root dispersion and is intended for the case of multiple reference clocks with reliable jitter that do not intersect otherwise. Authentication Commands automax [logsec] Specifies the interval between regenerations of the session key list used with the Autokey protocol. Note that the size of the key list for each association depends on this interval and the current poll interval. The default value is 12 (4096 s or about 1.1 hours). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. controlkey key Specifies the key identifier to use with the ntpq utility, which uses the standard protocol defined in RFC-1305. The key argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive. crypto [randfile file] [host name] [ident name] [pw password] This command requires the OpenSSL library. It activates public key cryptography and loads the required public/private encryption and sign kyes and public certificate. If one or more files are left unspecified, the default names are used as described below. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the keys- dir command or default /etc/inet. Following are the subcommands. host name Specifies the host name used in the host key link ntpkey_host_name, sign key link ntpkey_sign_name and certificate link ntp- key_cert_name. The ntp-keygen program automatically installs these links to the most recently generated files. ident name Specifies the group name used in the identity key link ntp- key_key_name, where key identifies the key type described on the ntp-keygen page. The ntp-keygen program automatically installs these links to the most recently generated files. pw password Specifies the password to decrypt files previously encrypted by the ntp-keygen program. randfile file Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the ntp-keygen(8) man page. keys keyfile Specifies the complete path to the MD5 key file containing the keys and key identifiers used by ntpd and ntpq when operating with sym- metric key cryptography. This is the same operation as the -k com- mand line option. keysdir path This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is /etc/inet/. requestkey key Specifies the key identifier to use with the ntpdc utility program, which uses a proprietary protocol specific to this implementation of ntpd. The key argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,535, inclusive. The ntpdc program is not delivered in Solaris but may be used from a remote system. revoke [logsec] Specifies the interval between re-randomization of certain crypto- graphic values used by the Autokey scheme, as a power of 2 in sec- onds. These values need to be updated frequently in order to deflect brute-force attacks on the algorithms; however, updating some values is a relatively expensive operation. The default inter- val is 16 (65,536 s or about 18 hours). For poll intervals above the specified interval, the values will be updated for every mes- sage sent. trustedkey key [...] Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the ntpq and ntpdc programs. The authentication proce- dures require that both the local and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The key arguments are 32-bit unsigned integers with values from 1 to 65,535. Access Control Commands discard [ average avg ][ minimum min ] [ monitor prob ] Set the parameters of the limited facility which protects the server from client abuse. The average subcommand specifies the min- imum average packet spacing, while the minimum subcommand specifies the minimum packet spacing. Packets that violate these minima are discarded and a kiss-o'-death packet returned if enabled. The default minimum average and minimum are 5 and 2, respectively. The monitor subcommand specifies the probability of discard for packets that overflow the rate-control window. restrict address [mask mask] [flag][...] The address argument expressed in dotted-quad form is the address of a host or network. Alternatively, the address argument can be a valid host DNS name. The mask argument expressed in dotted- quad form defaults to 255.255.255.255, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0) is always included and is always the first entry in the list. Note that text string default, with no mask option, may be used to indicate the default entry. In the current implementation, flag always restricts access, i.e., an entry with no flags indicates that free access to the server is to be given. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags can generally be classed into two categories, those which restrict time service and those which restrict informational queries and attempts to do runtime reconfiguration of the server. One or more of the following flags may be specified: ignore Deny packets of all kinds, including ntpq and ntpdc queries. kod If this flag is set when an access violation occurs, a kiss- o'-death (KoD) packet is sent. KoD packets are rate limited to no more than one per second. If another KoD packet occurs within one second after the last one, the packet is dropped limited Deny service if the packet spacing violates the lower limits specified in the discard command. A history of clients is kept using the monitoring capability of ntpd. Thus, monitor- ing is always active as long as there is a restriction entry with the limited flag. lowpriotrap Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the cur- rent limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps. nomodify Deny ntpq and ntpdc queries which attempt to modify the state of the server (i.e., runtime reconfiguration). Queries which return information are permitted. noquery Deny ntpq and ntpdc queries. Time service is not affected. nopeer Deny packets which would result in mobilizing a new associa- tion. This includes broadcast, symmetric-active and manycast client packets when a configured association does not exist. noserve Deny all packets except ntpq and ntpdc queries. notrap Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the ntpdq control message protocol which is intended for use by remote event logging programs. notrust Deny packets unless the packet is cryptographically authen- ticated. ntpport This is actually a match algorithm modifier, rather than a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both ntpport and non-ntpport may be specified. The ntpport is considered more specific and is sorted later in the list. version Deny packets that do not match the current NTP version. Monitoring Commands statistics name [...] Enables writing of statistics records. Currently, six kinds of namestatistics are supported. clockstats Enables recording of clock driver statistics information. Each update received from a clock driver appends a line of the following form to the file generation set named clock- stats: 49213 525.624 127.127.4.1 93 226 00:08:29.606 D The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the clock address in dotted-quad notation, The final field shows the last timecode received from the clock in decoded ASCII format, where meaningful. In some clock drivers a good deal of additional information can be gathered and displayed as well. See information specific to each clock for further details. cryptostats This option requires the OpenSSL cryptographic software library. It enables recording of cryptographic public key protocol information. Each message received by the protocol module appends a line of the following form to the file gen- eration set named cryptostats: 49213 525.624 127.127.4.1 message The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the peer address in dotted-quad notation, The final message field includes the message type and certain ancillary information. See the Authentication Options page at file:///usr/share/doc/ntp/authopt.html for further information. loopstats Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the follow- ing form to the file generation set named loopstats: 50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 6 The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter (seconds), Allan deviation (PPM) and clock discipline time constant. peerstats Enables recording of peer statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats: 48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674 The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address in dotted-quad notation and status, respectively. The status field is encoded in hex in the format described in Ap- pendix B of the NTP specification RFC 1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in seconds. rawstats Enables recording of raw-timestamp statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named rawstats: 50928 2132.2543 128.4.1.1 128.4.1.20 3102453281.2584327000 3102453281.258622800031 02453332.2540806000 3102453332.2541458000 The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the remote peer or clock address followed by the local address in dotted-quad notation, The final four fields show the originate, receive, transmit and final NTP timestamps in order. The timestamp values are as received and before processing by the various data smoothing and mitigation algorithms. sysstats Enables recording of ntpd statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named sysstats: 50928 2132.2543 36000 81965 0 9546 56 71793 512 540 10 147 The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The remaining ten fields show the statistics counter values accumulated since the last gen- erated line. Time since restart 36000: Time in hours since the system was last rebooted. Packets received 81965: Total number of packets received. Packets processed 0: Number of packets received in response to previous packets sent Current version 9546: Number of packets matching the current NTP version. Previous version 56: Number of packets matching the previous NTP version. Bad version 71793: Number of packets matching neither NTP version. Access denied 512: Number of packets denied access for any reason. Bad length or format 540: Number of packets with invalid length, format or port number. Bad authentication 10: Number of packets not verified as authentic. Rate exceeded 147: Number of packets discarded due to rate limitation. statsdir directory_path Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) filegen filename prefix to be modified for file genera- tion sets, which is useful for handling statistics logs. This directory must be writable by the user "daemon" and all files in it must be writable by that user. filegen name [file filename] [type typename] [link | nolink] [enable | disable] Configures setting of generation file set name. Generation file sets provide a means for handling files that are continuously grow- ing during the lifetime of a server. Server statistics are a typi- cal example for such files. Generation file sets provide access to a set of files used to store the actual data. At any time at most one element of the set is being written to. The type given speci- fies when and how data will be directed to a new element of the set. This way, information stored in elements of a file set that are currently unused are available for administrational operations without the risk of disturbing the operation of ntpd. (Most impor- tant: they can be removed to free space for new data produced.) Note that this command can be sent from the ntpdc program running at a remote location. name This is the type of the statistics records, as shown in the statistics command. file filename This is the file name for the statistics records. Filenames of set members are built from three concatenated elements prefix, filename and suffix: prefix This is a constant filename path. It is not subject to modi- fications via the filegen option. It is defined by the server, usually specified as a compile-time constant. It may, however, be configurable for individual file generation sets via other commands. For example, the prefix used with loopstats and peerstats generation can be configured using the statsdir option explained above. filename This string is directly concatenated to the prefix mentioned above (no intervening / (slash)). This can be modified using the file argument to the filegen statement. No .. elements are allowed in this component to prevent filenames referring to parts outside the filesystem hierarchy denoted by prefix. suffix This part is reflects individual elements of a file set. It is generated according to the type of a file set. type typename A file generation set is characterized by its type. The fol- lowing types are supported: none The file set is actually a single plain file. pid One element of file set is used per incarnation of a ntpd server. This type does not perform any changes to file set members during runtime, however it provides an easy way of separating files belonging to different ntpd server incarnations. The set member filename is built by appending a . (dot) to concatenated prefix and filename strings, and appending the decimal repre- sentation of the process ID of the ntpd server process. day One file generation set element is created per day. A day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix consists of a . (dot) and a day specification in the form YYYYMMdd. YYYY is a 4-digit year number (e.g., 1992). MM is a two digit month number. dd is a two digit day number. Thus, all information written at 10 December 1992 would end up in a file named prefix filename.19921210. week Any file set member contains data related to a certain week of a year. The term week is defined by computing day-of-year modulo 7. Elements of such a file genera- tion set are distinguished by appending the following suffix to the file set filename base: A dot, a 4-digit year number, the letter W, and a 2-digit week number. For example, information from January, 10th 1992 would end up in a file with suffix .1992W1. month One generation file set element is generated per month. The file name suffix consists of a dot, a 4-digit year number, and a 2-digit month. year One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number. age This type of file generation sets changes to a new element of the file set every 24 hours of server oper- ation. The filename suffix consists of a dot, the let- ter a, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying enable; output is prevented by specifying disable. link | nolink It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying link and disabled using nolink. If link is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter C, and the pid of the ntpd server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name. enable | disable Enables or disables the recording function. broadcastdelay seconds The broadcast and multicast modes require a special calibration to determine the network delay between the local and remote servers. Ordinarily, this is done automatically by the initial protocol exchanges between the client and server. In some cases, the cali- bration procedure may fail due to network or server access con- trols, for example. This command specifies the default delay to be used under these circumstances. Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. calldelay delay This option controls the delay in seconds between the first and second packets sent in burst or iburst mode to allow additional time for a modem or ISDN call to complete. driftfile driftfile { tolerance ] This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. This is the same operation as the -f command linke option. If the file exists, it is read at startup in order to set the initial frequency and then updated once per hour with the current frequency computed by the daemon. If the file name is specified, but the file itself does not exist, the starts with an initial frequency of zero and creates the file when writing it for the first time. If this command is not given, the daemon will always start with an initial frequency of zero. This file must be in a directory writable by the user "dae- mon". The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. This implies that ntpd must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided. The parameter tolerance is the wander threshold to skip writing the new value. If the value of wander computed from recent frequency changes is greater than this threshold the file will be updated once per hour. If below the threshold, the file will not be writ- ten. enable | disable [ auth | bclient | calibrate | kernel | mode7 | moni- tor | ntp | stats | | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early ] Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that all of these flags can be controlled remotely using the ntpq utility program. auth Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. The default for this flag is enable. bclient Enables the server to listen for a message from a broad- cast or multicast server, as in the multicastclient com- mand with default address. The default for this flag is disable. calibrate Enables the calibrate feature for reference clocks. The default for this flag is disable. kernel Enables the kernel time discipline, if available. The default for this flag is enable if support is available, otherwise disable. mode7 Enables processing mode 7 private request packets from the ntpdc utility program. The ntpdc program is not delivered with Solaris but may still be used remotely from other systems. The default is to not accept these packets. monitor Enables the monitoring facility. See the ntpq program and the mrulist command or further information. The default for this flag is enable. ntp Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable. stats Enables the statistics facility. The default for this flag is disable unpeer_crypto_early Enables the early resetting of an association in case of a crypto failure. This is generally a feature, but it can be used in a DoS attack. If these packets being used as a DoS attack then disable this flag. The default for this flag is enabled. This flag is excluded from runtime configura- tion using ntpq. unpeer_crypto_nak_early Enables the early resetting of an association in case of a crypto_NAK message. This is generally a feature, but it can be used in a DoS attack. If these packets being used as a DoS attack then disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using ntpq. unpeer_digest_early Enables the early resetting of an association in case of a autokey disgest failure. This is generally a feature, but it can be used in a DoS attack. If these packets being used as a DoS attack then disable this flag. The default for this flag is enabled. This flag is excluded from run- time configuration using ntpq. includefile includefile This command allows additional configuration commands to be included from a separate file. Include files may be nested to a depth of five; upon reaching the end of any include file, command processing resumes in the previous configuration file. This option is useful for sites that run ntpd on multiple hosts, with (mostly) common options (e.g., a restriction list). The include file must be in a file readable by the user "daemon". interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | address[/prefixlen]] This command controls which network addresses ntpd opens, and whether input is dropped without processing. The first parameter determines the action for addresses which match the second parame- ter. That parameter specifies a class of addresses, or a specific interface name, or an address. In the address case, prefixlen determines how many bits must match for this rule to apply. ignore prevents opening matching addresses, drop causes ntpd to open the address and drop all received packets without examination. Multiple interface commands can be used. The last rule which matches a par- ticular address determines the action for it. interface commands are disabled if any -I, --interface, -L, or --novirtualips command- line options are used. If none of those options are used and no interface actions are specified in the configuration file, all available network addresses are opened. leapfile leapfile [checkhash | ignorehash] This command loads the IERS leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from the IERS at https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list or ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list. The ignorehash keyword instructs ntpd to ignore the hash signature on the file, checkhash (which is the default when omitted) needs a hash line in the file to be valid. Files without any hash signature are loaded in both cases. The leapfile is scanned when ntpd processes the leapfile directive or when ntpd detects that leapfile has changed. ntpd checks once a day to see if the leapfile has changed. (R) logconfig configkeyword This command controls the amount and type of output written to the system syslog facility or the alternate logfile log file. All con- figkeyword keywords can be prefixed with =, + and -, where = sets the syslogmask, + adds and - removes messages. syslog messages can be controlled in four classes (clock, peer, sys and sync). Within these classes four types of messages can be controlled: informa- tional messages (info), event messages (events), statistics mes- sages (statistics) and status messages (status). Configuration keywords are formed by concatenating the message class with the event class. The all prefix can be used instead of a message class. A message class may also be followed by the all key- word to enable/disable all messages of the respective message class. By default, logconfig output is set to allsync. Thus, a minimal log configuration could look like this: logconfig =syncstatus +sysevents This would just list the synchronizations state of ntpd and the major system events. For a simple reference server, the following minimum message configuration could be useful: logconfig =allsync +allclock This configuration will list all clock information and synchroniza- tion information. All other events and messages about peers, system events and so on is suppressed. logfile logfile This command specifies the location of an alternate log file to be used instead of the default system syslog facility. This is the same operation as the -l command line option. This file must be writable by the user "daemon" and be in a directory writable by that user. mru [ maxdepth count | maxmem kilobytes | mindepth count | maxage sec- onds | initalloc count | initmem kilobytes | inalloc count | incmem kilobytes] Controls size limits of the monitoring facility Most Recently Used (MRU) list of client addresses, which is also used by the rate con- trol facility. maxdepth count, maxmem kilobytes Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes. The actual limit will be up to incalloc entries or incmem kilobytes larger. As with all of the mru options offered in units of entries or kilobytes, if both maxdepth and maxmem are used, the last one used con- trols. The default is 1024 kilobytes. mindepth count Lower limit on the MRU list size. When the MRU list has fewer than mindepth entries, existing entries are never removed to make room for newer ones, regardless of their age. The default is 600 entries. maxage seconds Once the MRU list has mindepth entries and an additional client address is to be added to the list, if the oldest entry was updated more than maxage seconds ago, that entry is removed and its storage reused. If the oldest entry was updated more recently, the MRU list is grown, subject to maxdepth/maxmem. The default is 64 seconds. initalloc count, initmem kilobytes Initial memory allocation at the time the monitoring facil- ity is first enabled, in terms of entries or kilobytes. The default is 4 kilobytes. incalloc count, incmem kilobytes Size of additional memory allocations when growing the MRU list, in entries or kilobytes. The default is 4 kilobytes. nonvolatile threshold Specify the threshold in seconds to write the frequency file, with default of 1e-7 (0.1 PPM). The frequency file is inspected each hour. If the difference between the current frequency and the last value written exceeds the threshold, the file is writ- ten and the thresholdfR becomes the new threshold value. If the threshold is not exceeded, it is reduced by half. This is intended to reduce the frequency of unnecessary file writes for embedded systems with nonvolatile memory. phone dial1 dial2 ... This command is used in conjunction with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone num- bers used to dial USNO, NIST or European time services. The Hayes command ATDT is normally prepended to the number, which can contain other modem control codes as well. pollskewlist [poll early| delay ] ... [ default early | delay] Enable skewing of our poll requests to our servers. poll is a num- ber between 3 and 17 inclusive, identifying a specific poll inter- val. A poll interval is 2^n seconds in duration, so a poll value of 3 corresponds to 8 seconds and a poll interval of 17 corresponds to 131,072 seconds, or about a day and a half. The next two numbers must be between 0 and one-half of the poll interval, inclusive. early specifies how early the poll may start, while delayow late the poll may be delayed. With no arguments, internally specified default values are chosen. Note that earlyand delay are separated by the literal "|". reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer] Reset one or more groups of counters maintained by ntpd and exposed by ntpq and ntpdc rlimit [memlock Nmegabytes | stacksize N4kPages | filenum Nfiledescrip- tors] This command alters certain process storage allocation limits, and is only available on some operating systems. Options are as fol- lows: memlock Nmegabytes - Specify the number of megabytes of memory that should be allocated and locked. The default is 32 megabytes. 0 means "lock whatever memory the process wants into memory". stacksize N4kPages - Specifies the maximum size of the process stack on systems with the mlockall() function. Defaults to 50 4k pages. filenum Nfiledescriptors Specifies the maximum number of file descriptors ntp may have open at the same time. Defaults to system default. saveconfigdir directorypath Specify the directory in which to write configuration snapshots requested with ntpq's saveconfig command. If saveconfigdir does not appear in the configuration file, saveconfig requests are rejected by ntpd. setvar variable [default] This command adds an additional system variable. These variables can be used to distribute additional information such as the access policy. If the variable of the form name = value is followed by the default keyword, the variable will be listed as part of the default system variables (ntpq rv command). These additional variables serve informational purposes only. They are not related to the pro- tocol other that they can be listed. The known protocol variables will always override any variables defined via the setvar mecha- nism. There are three special variables that contain the names of all variable of the same group. The sys_var_list holds the names of all system variables. The peer_var_list holds the names of all peer variables and the clock_var_list holds the names of the reference clock variables. tinker [ allan allan | dispersion dispersion | freq freq | huffpuff huffpuff | panic panic | step step | stepout stepout ] This command can be used to alter several system variables in very exceptional circumstances. It should occur in the configuration file before any other configuration options. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. In general, they interact in intricate ways that are hard to predict and some combi- nations can result in some very nasty behavior. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs anyway and this command is for them. Emphasis added: twisters are on their own and can expect no help from the support group. The variables operate as follows: allan allan The argument becomes the new value for the Allan intercept, which is a parameter of the PLL/FLL clock discipline algo- rithm. The value is in seconds with default 1500 s, which is appropriate for most computer clocks. dispersion dispersion The argument becomes the new value for the dispersion increase rate, normally .000015 s/s. freq freq The argument becomes the initial value of the frequency off- set in parts-per-million. This overrides the value in the frequency file, if present, and avoids the initial training state if it is not. huffpuff huffpuff The argument becomes the new value for the experimental huff- n'-puff filter span, which determines the most recent inter- val the algorithm will search for a minimum delay. The lower limit is 900 s (15 m), but a more reasonable value is 7200 (2 hours). There is no default, since the filter is not enabled unless this command is given. panic panic The argument is the panic threshold, by default 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted. step step The argument is the step threshold, by default 0.128 s. It can be set to any positive number in seconds. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default. stepout stepout The argument is the stepout timeout, by default 900 s. It can be set to any positive number in seconds. If set to zero, the stepout pulses will not be suppressed. tos [ basedate basedate | bcpollstep poll-gate | beacon beacon | ceil- ing ceiling | cohort {0 | 1} | floor floor | maxclock maxclock | maxdist maxdist | minclock minclock | minsdist mindist | minsane min- sane | orphan stratum | orphanwait delay ] This command affects the clock selection and clustering algorithms. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in manycast mode. The variables operate as follows: basedate basedate Set NTP and GPS era anchor. basedate is either a date in ISO8601 format (YYYY-MM-DD) or an integer giving the days since 1900-01-01, the start of the NTP epoch. ntpd will clamp the system time to an era starting with the start of this this day (00:00:00Z), covering a range of 232 seconds or roughly 136 years. The lowest accepted value is effectively 1970-01-02. The GPS era base is the next Sunday on or fol- lowing the base date, but obviously not before 1980-01-06. GPS time stamps are mapped into the 1024 weeks following the GPS base. The default value is derived from the repository or build time stamp, minus 11 days. 1970-01-02 was chosen as lower bound so the local time is always after 1970-01-01,00:00. Some systems get into trouble if this is not the case. Note: If the system clock is before the effective (implied or specific) basedate, the system clock will be set to the base date once and immediately when ntpd starts. This helps sys- tems that have lost time completely to recover. Though not noticeable under normal conditions, it can happen. Check the logs if starting ntpd causes sudden clock moves. bepollstep poll-gate This option will cause the client to delay applying backward time steps from a broadcast server for bcpollbstep poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until poll-gate consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified. beacon beacon The manycast server sends packets at intervals of 64 s if less than maxclock servers are available. Otherwise, it sends packets at the beacon interval in seconds. The default is 3600 s. ceiling ceiling Servers with stratum at or above ceiling will be discarded if there are at least minclock peers remaining. This value defaults to 15, but can be changed to any number from 1 to 15. cohort { 0 | 1 } This is a binary flag which enables (0) or disables (1) many- cast server replies to manycast clients with the same stratum level. This is useful to reduce implosions where large num- bers of clients with the same stratum level are present. The default is to enable these replies. floor floor Peers with strata below floor will be discarded if there are at least minclock peers remaining. This value defaults to 1, but can be changed to any number from 1 to 15. maxclock maxclock Specify the maximum number of servers retained by the server discovery schemes. The default is 10. maxdist maxdist The selection algorithm accumulates a number of packets before setting the clock in order to use the best data avail- able. The number is determined by the synchronization dis- tance for each association and a limit called the distance threshold. The synchronization distance starts at 16, then drops by a factor of about two as each packet is received. The default distance threshold is 1.0, which usually results in four packets. Setting maxdistance to some value between 1 and 16 can be used to change the number of packets required. For instance, setting it to 16 will set the clock on the first packet received; however, setting it to this value essentially disables the mitigation and grooming algorithms. mindist mindist The selection algorithm normally pads each intersection a minimum of one millisecond to avoid needless classification. In some cases, such as reference clocks with high jitter and a PPS signal, it is useful to increase the padding. This com- mand can be used for that purpose. As a general rule, set the mindistance to the maximum expected offset plus the maximum expected jitter, in seconds. minclock minclock The clustering algorithm repeatedly casts out outlyer associ- ations until no more than minclock associations remain. This value defaults to 3, but can be changed to any number from 1 to the number of configured sources. minsane minsane This is the minimum number of candidates available to the clock selection algorithm in order to produce one or more truechimers for the clustering algorithm. If fewer than this number are available, the clock is undisciplined and allowed to run free. The default is 1 for legacy purposes. However, according to principles of Byzantine agreement, minsane should be at least 4 in order to detect and discard a single falseticker. orphan stratum If stratum is set at some value less than 16 a special orphan mode is enterred when no outside source of synchronization is available. To use orphan mode a number of participants are identically configured both as broadcast client and as broad- cast server. One or more participants are configured to use an outside source, either a reference clock or another Inter- net server. When the source or sources fail, the system stra- tum is set at stratum and a leader is elected to serve as the reference source. When an outside source of synchronization is again available, the orphan mode is disabled. orphanwait delay Specify the delay in seconds from the time all sources are lost until orphan parent mode is enabled with default 300 s (five minutes). During this period, the local clock driver and the modem driver are not selectable, unless marked with the prefer keyword. This allows time for one or more primary sources to become reachable and selectable before using backup sources, and avoids transient use of the backup sources at startup. trap host_address [port port_number] [interface interface_address] This command configures a trap receiver at the given host address and port number for sending messages with the specified local interface address. If the port number is unspecified, a value of 18447 is used. If the interface address is not specified, the mes- sage is sent with a source address of the local interface the mes- sage is sent through. Note that on a multihomed host the interface used may vary from time to time with routing changes. The trap receiver will generally log event messages and other information from the server in a log file. While such monitor pro- grams may also request their own trap dynamically, configuring a trap receiver will ensure that no messages are lost when the server is started. ttl hop ... This command specifies a list of TTL values in increasing order. Up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight mul- tiples of 32 starting at 31. FILES /etc/inet/ntp.conf ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+---------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+---------------------+ |Availability | service/network/ntp | +---------------+---------------------+ |Stability | Uncommitted | +---------------+---------------------+ NOTES The documentation available at /usr/share/doc/ntp is provided as is from the NTP distribution and may contain information that is not applicable to the software as provided in this partIcular distribution. Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from http://ar- chive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15.tar.gz. Further information about this software can be found on the open source community website at http://www.ntp.org/. SEE ALSO ntpd(8) ntp.conf(5)