1 diff -up ntp-4.2.4p5/html/authopt.html.htmldoc ntp-4.2.4p5/html/authopt.html
2 --- ntp-4.2.4p5/html/authopt.html.htmldoc 2006-12-28 13:02:54.000000000 +0100
3 +++ ntp-4.2.4p5/html/authopt.html 2008-08-18 12:31:59.000000000 +0200
5 <dt><tt>controlkey <i>key</i></tt>
6 <dd>Specifies the key identifier to use with the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the standard protocol defined in RFC-1305. The <tt><i>key</i></tt> argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive.
7 <dt><tt>crypto [cert <i>file</i>] [leap <i>file</i>] [randfile <i>file</i>] [host <i>file</i>] [sign <i>file</i>] [ident <i>scheme</i>] [iffpar <i>file</i>] [gqpar <i>file</i>] [mvpar <i>file</i>] [pw <i>password</i>]</tt>
8 - <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/usr/local/etc</tt>. Following are the subcommands:
9 + <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/etc/ntp/crypto</tt>. Following are the subcommands:
11 <dt><tt>cert <i>file</i></tt>
12 <dd>Specifies the location of the required host public certificate file. This overrides the link <tt>ntpkey_cert_<i>hostname</i></tt> in the keys directory.
14 <dt><tt>keys <i>keyfile</i></tt>
15 <dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
16 <dt><tt>keysdir <i>path</i></tt>
17 - <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>.
18 + <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>.
19 <dt><tt>requestkey <i>key</i></tt>
20 <dd>Specifies the key identifier to use with the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
21 <dt><tt>revoke [<i>logsec</i>]</tt>
22 diff -up ntp-4.2.4p5/html/confopt.html.htmldoc ntp-4.2.4p5/html/confopt.html
23 --- ntp-4.2.4p5/html/confopt.html.htmldoc 2008-08-10 13:02:43.000000000 +0200
24 +++ ntp-4.2.4p5/html/confopt.html 2008-08-18 12:31:59.000000000 +0200
26 <p>There are three types of associations: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the <tt>prempt</tt> flag and are demobilized by timeout or error. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout or error.</p>
28 <dt><tt>server <i>address</i> [options ...]</tt><br>
29 - <tt>peer <i>address</i> [</tt><tt>options ...]<br>
30 - broadcast <i>address</i> [options ...]</tt><br>
31 + <tt>peer <i>address</i> [options ...]</tt><br>
32 + <tt>broadcast <i>address</i> [options ...]</tt><br>
33 <tt>manycastclient <i>address</i> [options ...]</tt>
34 <dd>These four commands specify the time server name or address to be used and the mode in which to operate. The <i>address</i> can be either a DNS name or a IP address in dotted-quad notation. Additional information on association behavior can be found in the <a href="assoc.html">Association Management</a> page.
36 diff -up ntp-4.2.4p5/html/keygen.html.htmldoc ntp-4.2.4p5/html/keygen.html
37 --- ntp-4.2.4p5/html/keygen.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
38 +++ ntp-4.2.4p5/html/keygen.html 2008-08-18 12:31:59.000000000 +0200
42 <h4 id="synop">Synopsis</h4>
43 - <p id="intro"><tt>ntp-keygen [ -deGgHIMnPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -p <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ]</tt></p>
44 + <p id="intro"><tt>ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -m <i>modulus</i> ] [ -p <i>password</i> ] [ -q <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ] [ -V <i>params</i> ]</tt></p>
45 <h4 id="descrip">Description</h4>
46 <p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
47 <p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
48 <p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
49 <p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
50 - <p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
51 + <p>All files are installed by default in the keys directory <tt>/etc/ntp/crypto</tt>. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
52 <p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
53 <p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
54 <h4 id="run">Running the program</h4>
55 - <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
56 + <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/etc/ntp/crypto</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
57 <p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
58 <p>Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identification parameter files, although encoded as the other files, are probably not compatible with anything other than Autokey.</p>
59 <p>Running the program as other than root and using the Unix <tt>su</tt> command to assume root may not work properly, since by default the OpenSSL library looks for the random seed file <tt>.rnd</tt> in the user home directory. However, there should be only one <tt>.rnd</tt>, most conveniently in the root directory, so it is convenient to define the <tt>$RANDFILE</tt> environment variable used by the OpenSSL library as the path to <tt>/.rnd</tt>.</p>
61 <dd>Set the suject name to <i>name</i>. This is used as the subject field in certificates and in the file name for host and sign keys.
63 <dd>Generate MD5 keys, obsoleting any that may exist.
64 + <dt><tt>-m <i>modulus</i></tt>
65 + <dd>Set prime modulus size in bits (256 - 2048). Default size is 512.
67 <dd>Generate a private certificate. By default, the program generates public certificates.
68 <dt><tt>-p <i>password</i></tt>
69 <dd>Encrypt generated files containing private data with <tt><i>password</i></tt> and the DES-CBC algorithm.
71 + <dt><tt>-q <i>password</i></tt>
72 <dd>Set the password for reading files to <tt><i>password</i></tt>.
73 <dt><tt>-S [ RSA | DSA ]</tt>
74 <dd>Generate a new sign key of the designated type, obsoleting any that may exist. By default, the program uses the host key as the sign key.
75 diff -up ntp-4.2.4p5/html/monopt.html.htmldoc ntp-4.2.4p5/html/monopt.html
76 --- ntp-4.2.4p5/html/monopt.html.htmldoc 2006-12-28 13:02:56.000000000 +0100
77 +++ ntp-4.2.4p5/html/monopt.html 2008-08-18 12:31:59.000000000 +0200
80 <dt><i><tt>name</tt></i>
81 <dd>This is the type of the statistics records, as shown in the <tt>statistics</tt> command.
83 - <dd><tt>file <i>filename</i></tt>
85 + <dt><tt>file <i>filename</i></tt>
86 <dd>This is the file name for the statistics records. Filenames of set members are built from three concatenated elements <i><tt>prefix</tt></i>, <i><tt>filename</tt></i> and <i><tt>suffix</tt></i>:
88 <dt><i><tt>prefix</tt></i>
90 <dt><i><tt>suffix</tt></i>
91 <dd>This part is reflects individual elements of a file set. It is generated according to the type of a file set.
94 - <dd><tt>type <i>typename</i></tt>
96 + <dt><tt>type <i>typename</i></tt>
97 <dd>A file generation set is characterized by its type. The following types are supported:
102 <dd>This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter <tt>a</tt>, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying <tt>enable</tt>; output is prevented by specifying <tt>disable</tt>.
105 - <dd><tt>link | nolink</tt>
107 + <dt><tt>link | nolink</tt>
108 <dd>It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying <tt>link</tt> and disabled using <tt>nolink</tt>. If <tt>link</tt> is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter <tt>C</tt>, and the pid of the <tt>ntpd</tt> server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
110 - <dd><tt>enable | disable</tt>
112 + <dt><tt>enable | disable</tt>
113 <dd>Enables or disables the recording function.
116 diff -up ntp-4.2.4p7/html/ntp-wait.html.htmldoc ntp-4.2.4p7/html/ntp-wait.html
117 --- ntp-4.2.4p7/html/ntp-wait.html.htmldoc 2009-10-21 15:33:41.000000000 +0200
118 +++ ntp-4.2.4p7/html/ntp-wait.html 2009-10-21 15:51:18.000000000 +0200
120 +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
123 + <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
124 + <meta name="generator" content="HTML Tidy, see www.w3.org">
125 + <title>ntp-wait - waits until ntpd is in synchronized state</title>
126 + <link href="scripts/style.css" type="text/css" rel="stylesheet">
129 + <h3><tt>ntp-wait</tt> - waits until ntpd is in synchronized state</h3>
132 + <p><tt>ntp-wait [ -fv ] [ -n <i>tries</i> ] [ -s <i>seconds</i> ]</tt></p>
133 + <h4>Description</h4>
134 + <p>The <tt>ntp-wait</tt> program blocks until ntpd is in synchronized state.
135 + This can be useful at boot time, to delay the boot sequence
136 + until after "ntpd -g" has set the time.
137 + <h4>Command Line Options</h4>
140 + <dd>Return a non-zero exit code if the state is unknown.
141 + <dt><tt>-n <i>tries</i></tt>
142 + <dd>Number of tries before giving up. The default is 1000.
143 + <dt><tt>-s <i>seconds</i></tt>
144 + <dd>Seconds to sleep between tries. The default is 6 seconds.
148 + <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
152 diff -up ntp-4.2.4p5/html/ntpd.html.htmldoc ntp-4.2.4p5/html/ntpd.html
153 --- ntp-4.2.4p5/html/ntpd.html.htmldoc 2006-12-28 13:02:57.000000000 +0100
154 +++ ntp-4.2.4p5/html/ntpd.html 2008-08-18 12:31:59.000000000 +0200
158 <h4 id="synop">Synopsis</h4>
159 - <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
160 + <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
161 <h4 id="descr">Description</h4>
162 <p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
163 <h4 id="op">How NTP Operates</h4>
165 <p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
166 <p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
167 <p>When <tt>ntpd</tt> starts it looks at the value of <tt>umask</tt>, and if zero <tt>ntpd</tt> will set the <tt>umask</tt> to <tt>022</tt>.</p>
168 + <p>Unless the <tt>-n</tt>, <tt>-d</tt> or <tt>-D</tt> option is used, <tt>ntpd</tt> changes the current working directory to the root directory, so any options or commands specifying paths need to use an absolute path or a path relative to the root.</p>
169 <h4 id="cmd">Command Line Options</h4>
172 + <dd>Force DNS resolution of host names to the IPv4 namespace.
174 + <dd>Force DNS resolution of host names to the IPv6 namespace.
176 <dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.
179 <dt><tt>-D <i>level</i></tt>
180 <dd>Specify debugging level directly.
181 <dt><tt>-f <i>driftfile</i></tt>
182 - <dd>Specify the name and path of the frequency file, default <tt>/etc/ntp.drift</tt>. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
183 + <dd>Specify the name and path of the frequency file. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
185 <dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.
186 <dt><tt>-i <i>jaildir</i></tt>
187 <dd>Chroot the server to the directory <i>jaildir</i>. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a <tt>-u</tt> option.
188 + <dt><tt>-I <i>iface</i></tt>
189 + <dd>Listen on interface. This option may appear an unlimited number of times.
190 <dt><tt>-k <i>keyfile</i></tt>
191 - <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
192 + <dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
193 <dt><tt>-l <i>logfile</i></tt>
194 <dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
199 <td width="30%">frequency file</td>
200 - <td width="30%"><tt>/etc/ntp.drift</tt></td>
201 + <td width="30%"><tt>none</tt></td>
202 <td width="20%"><tt>-f</tt></td>
203 <td width="20%"><tt>driftfile</tt></td>
205 @@ -167,17 +174,20 @@
208 <td width="30%">statistics path</td>
209 - <td width="30%"><tt>/var/NTP</tt></td>
210 + <td width="30%"><tt>/var/log/ntpstats/</tt></td>
211 <td width="20%"><tt>-s</tt></td>
212 <td width="20%"><tt>statsdir</tt></td>
215 <td width="30%">keys path</td>
216 - <td width="30%"><tt>/usr/local/etc</tt></td>
217 - <td width="20%"><tt>-k</tt></td>
218 + <td width="30%"><tt>/etc/ntp/crypto</tt></td>
219 + <td width="20%"><tt>none</tt></td>
220 <td width="20%"><tt>keysdir</tt></td>
223 + <h4 id="codes">Exit Codes</h4>
224 + <p>A non-zero exit code indicates an error. Any error messages are logged to the system log by default.</p>
225 + <p>The exit code is 0 only when <tt>ntpd</tt> is terminated by a signal, or when the <tt>-q</tt> option is used and <tt>ntpd</tt> successfully sets the system clock.</p>
227 <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
229 diff -up ntp-4.2.4p5/html/ntpdate.html.htmldoc ntp-4.2.4p5/html/ntpdate.html
230 --- ntp-4.2.4p5/html/ntpdate.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
231 +++ ntp-4.2.4p5/html/ntpdate.html 2008-08-18 12:31:59.000000000 +0200
234 <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
236 - <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
237 + <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
239 - <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
240 + <p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p>
241 <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
242 <p>Time adjustments are made by <tt>ntpdate</tt> in one of two ways. If <tt>ntpdate</tt> determines the clock is in error more than 0.5 second it will simply step the time by calling the system <tt>settimeofday()</tt> routine. If the error is less than 0.5 seconds, it will slew the time by calling the system <tt>adjtime()</tt> routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when <tt>ntpdate</tt> is run by <tt>cron</tt> every hour or two.</p>
243 <p><tt>ntpdate</tt> will decline to set the date if an NTP server daemon (e.g., <tt>ntpd</tt>) is running on the same host. When running <tt>ntpdate</tt> on a regular basis from <tt>cron</tt> as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.</p>
246 <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
247 <dt><tt>-a <i>key</i></tt>
248 - <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i><tt>ntpdate</tt>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
249 + <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
251 - <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
252 + <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-500 ms. The default is to step the time using settimeofday() if the offset is greater than +-500 ms. Note that, if the offset is much greater than +-500 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
254 <dd>Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
257 <dt><tt>-e <i>authdelay</i></tt>
258 <dd>Specify the processing delay to perform an authentication function as the value <i>authdelay</i>, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.
259 <dt><tt>-k <i>keyfile</i></tt>
260 - <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
261 + <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
262 <dt><tt>-o <i>version</i></tt>
263 - <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 3. This allows <tt>ntpdate</tt> to be used with older NTP versions.
264 + <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.
265 <dt><tt>-p <i>samples</i></tt>
266 <dd>Specify the number of samples to be acquired from each server as the integer <i>samples</i>, with values from 1 to 8 inclusive. The default is 4.
267 <dt><i><tt>-q</tt></i>
269 <dt><tt>-t <i>timeout</i></tt>
270 <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
272 - <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
273 + <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
274 <dt><tt>-<i>v</i></tt>
275 <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
279 <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
281 - <tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>.
282 + <tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>.
284 The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>.
286 diff -up ntp-4.2.4p5/html/ntpdc.html.htmldoc ntp-4.2.4p5/html/ntpdc.html
287 --- ntp-4.2.4p5/html/ntpdc.html.htmldoc 2008-08-10 13:02:44.000000000 +0200
288 +++ ntp-4.2.4p5/html/ntpdc.html 2008-08-18 12:38:13.000000000 +0200
290 <script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
293 - <tt>ntpdc [ -ilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
294 + <tt>ntpdc [ -46dilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
296 - <tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.
297 + <p><tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.</p>
298 <p>If one or more request options are included on the command line when <tt>ntpdc</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpdc</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpdc</tt> will prompt for commands if the standard input is a terminal device.</p>
299 <p><tt>ntpdc</tt> uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpdc</tt> makes no attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
300 <p>The operation of <tt>ntpdc</tt> are specific to the particular implementation of the <tt>ntpd</tt> daemon and can be expected to work only with this and maybe some previous versions of the daemon. Requests from a remote <tt>ntpdc</tt> program which affect the state of the local server must be authenticated, which requires both the remote program and local server share a common key and key identifier.</p>
302 <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
303 <dt><tt>-c <i>command</i></tt>
304 <dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple -c options may be given.
306 + <dd>Turn on debugging mode.
308 <dd>Force <tt>ntpdc</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
310 @@ -134,11 +136,11 @@
311 <dt><tt>addpeer <i>peer_address</i> [
312 <i>keyid</i> ] [ <i>version</i> ] [
313 <tt>minpoll# | prefer | iburst | burst | minpoll
314 - <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
315 + <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
316 <dt><tt>addpeer <i>peer_address</i> [
317 <tt>prefer | iburst | burst | minpoll
318 <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
319 - <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
320 + <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
321 <dd>Add a configured peer association at the
322 given address and operating in symmetric
323 active mode. Note that an existing association
324 @@ -162,15 +164,15 @@
325 <tt>peer</tt> configuration file command of
326 ntpd. See the <a href="confopt.html">Server Options</a> page for further information.
327 Each flag (or its absence) replaces the
328 - previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal.
329 + previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronization if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronization so is the PPS signal.
330 <dt><tt>addserver <i>peer_address</i> [
331 <i>keyid</i> ] [ <i>version</i> ] [
332 <tt>minpoll# | prefer | iburst | burst | minpoll
333 - <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
334 + <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
335 <dt><tt>addserver <i>peer_address</i> [
336 <tt>prefer | iburst | burst | minpoll
337 <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
338 - <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
339 + <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
340 <dd>Identical to the addpeer command, except that the operating mode is client.
341 <dt><tt>broadcast <i>peer_address</i> [
342 <i>keyid</i> ] [ <i>version</i> ] [ <i>prefer</i> ]</tt>
344 <dd>Returns information concerning the authentication module, including known keys and counts of encryptions and decryptions which have been done.
346 <dd>Display the traps set in the server. See the source listing for further information.
347 - <dt><tt>addtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i> ]</tt>
348 + <dt><tt>addtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i> ]</tt>
349 <dd>Set a trap for asynchronous messages. See the source listing for further information.
350 - <dt><tt>clrtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i>]</tt>
351 + <dt><tt>clrtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i>]</tt>
352 <dd>Clear a trap for asynchronous messages. See the source listing for further information.
354 <dd>Clear the statistics counters in various modules of the server. See the source listing for further information.
355 diff -up ntp-4.2.4p5/html/ntpq.html.htmldoc ntp-4.2.4p5/html/ntpq.html
356 --- ntp-4.2.4p5/html/ntpq.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
357 +++ ntp-4.2.4p5/html/ntpq.html 2008-08-18 12:31:59.000000000 +0200
359 <script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
362 - <tt>ntpq [-inp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
363 + <tt>ntpq [-46dinp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
365 <p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations and determine performance. It uses the standard NTP mode 6 control message formats defined in Appendix B of the NTPv3 specification RFC1305. The same formats are used in NTPv4, although some of the variables have changed and new ones added. The description on this page is for the NTPv4 variables.</p>
366 <p>The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. The <tt>ntpq</tt> can also obtain and print a list of peers in a common format by sending multiple queries to the server.</p>
367 - <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt>will prompt for commands if the standard input is a terminal device.</p>
368 + <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt> will prompt for commands if the standard input is a terminal device.</p>
369 <p><tt>ntpq</tt> uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpq</tt> makes one attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
370 <p>Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
371 <p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.</p>
374 <dd>Exit <tt>ntpq</tt>.
376 - <dd>Causes all output from query commands is printed as received from the remote server. The only formating/interpretation done on the data is to transform nonascii data into a printable (but barely understandable) form.
377 + <dd>Causes all output from query commands is printed as received from the remote server. The only formatting/interpretation done on the data is to transform non-ASCII data into a printable (but barely understandable) form.
378 <dt><tt>timeout <i>millseconds</i></tt>
379 <dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <tt>ntpq</tt> retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set.
382 <dt><tt>* sys.peer</tt>
383 <dd>The peer has been declared the system peer and lends its variables to the system variables.
384 <dt><tt>o pps.peer</tt>
385 - <dd>The peer has been declared the system peer and lends its variables to thesystem variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
386 + <dd>The peer has been declared the system peer and lends its variables to the system variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
388 <h4>System Variables</h4>
389 <p>The <tt>status, leap, stratum, precision, rootdelay, rootdispersion, refid, reftime, poll, offset, and frequency</tt> variables are described in RFC-1305 specification. Additional NTPv4 system variables include the following.</p>
390 @@ -240,14 +240,14 @@
391 <dd>Access is denied. See the <a href="accopt.html">Access Control Options</a> page.
392 <dt><tt>0x010 TEST5</tt>
393 <dd>Cryptographic authentication fails. See the <a href="authopt.html">Authentication Options</a> page.
394 - <dt><tt>0x020TEST6</tt>
395 + <dt><tt>0x020 TEST6</tt>
396 <dd>The server is unsynchronized. Wind up its clock first.
397 <dt><tt>0x040 TEST7</tt>
398 <dd>The server stratum is at the maximum than 15. It is probably unsynchronized and its clock needs to be wound up.
399 <dt><tt>0x080 TEST8</tt>
400 <dd>Either the root delay or dispersion is greater than one second, which is highly unlikely unless the peer is unsynchronized to Mars.
401 <dt><tt>0x100 TEST9</tt>
402 - <dd>Either the peer delay or dispersion is greater than one second, which is higly unlikely unless the peer is on Mars.
403 + <dd>Either the peer delay or dispersion is greater than one second, which is highly unlikely unless the peer is on Mars.
404 <dt><tt>0x200 TEST10</tt>
405 <dd>The autokey protocol has detected an authentication failure. See the <a href="authopt.html">Authentication Options</a> page.
406 <dt><tt>0x400 TEST11</tt>
407 diff -up ntp-4.2.4p5/html/ntptrace.html.htmldoc ntp-4.2.4p5/html/ntptrace.html
408 --- ntp-4.2.4p5/html/ntptrace.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
409 +++ ntp-4.2.4p5/html/ntptrace.html 2008-08-18 12:31:59.000000000 +0200
414 - <tt>ntptrace [ -vdn ] [ -r <i>retries</i> ] [ -t <i>timeout</i> ] [ <i>server</i> ]</tt>
415 + <tt>ntptrace [ -n ] [ -m <i>maxhosts</i> ] [ <i>server</i> ]</tt>
417 <p><tt>ntptrace</tt> determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source. If given no arguments, it starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
419 @@ -29,16 +29,8 @@ usndh.edu: stratum 1, offset 0.0019298,
420 <p>On each line, the fields are (left to right): the host name, the host stratum, the time offset between that host and the local host (as measured by <tt>ntptrace</tt>; this is why it is not always zero for "<tt>localhost</tt>"), the host synchronization distance, and (only for stratum-1 servers) the reference clock ID. All times are given in seconds. Note that the stratum is the server hop count to the primary source, while the synchronization distance is the estimated error relative to the primary source. These terms are precisely defined in RFC-1305.</p>
424 - <dd>Turns on some debugging output.
426 <dd>Turns off the printing of host names; instead, host IP addresses are given. This may be useful if a nameserver is down.
427 - <dt><tt>-r <i>retries</i></tt>
428 - <dd>Sets the number of retransmission attempts for each host (default = 5).
429 - <dt><tt>-t <i>timeout</i></tt>
430 - <dd>Sets the retransmission timeout (in seconds) (default = 2).
432 - <dd>Prints verbose information about the NTP servers.
435 <p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
436 diff -up ntp-4.2.4p7/html/tickadj.html.htmldoc ntp-4.2.4p7/html/tickadj.html
437 --- ntp-4.2.4p7/html/tickadj.html.htmldoc 2006-06-06 22:16:08.000000000 +0200
438 +++ ntp-4.2.4p7/html/tickadj.html 2009-09-29 14:01:40.000000000 +0200
440 <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:50</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
443 - <tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt>
444 + <p><tt>tickadj [ <i>tick</i> ]</tt></p>
445 + <p><tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt></p>
447 <p>The <tt>tickadj</tt> program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel <tt>/dev/kmem</tt>. Newer machines with precision time support, including Solaris, Tru64, FreeBSD and Linux (with PPSkit patch) should NOT use the program. The particular variables that can be changed with <tt>tickadj</tt> include <tt>tick</tt>, which is the number of microseconds added to the system time for a clock interrupt, <tt>tickadj</tt>, which sets the slew rate and resolution used by the <tt>adjtime</tt> system call, and <tt>dosynctodr</tt>, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.</p>
448 + <p>On Linux, only the <tt>tick</tt> variable is supported and the only allowed argument is the tick value.</p>
449 <p>By default, with no arguments, <tt>tickadj</tt> reads the variables of interest in the kernel and displays them. At the same time, it determines an "optimal" value for the value of the <tt>tickadj</tt> variable if the intent is to run the <tt>ntpd</tt> Network Time Protocol (NTP) daemon, and prints this as well. Since the operation of <tt>tickadj</tt> when reading the kernel mimics the operation of similar parts of the <tt>ntpd</tt> program fairly closely, this can be useful when debugging problems with <tt>ntpd</tt>.</p>
450 <p>Note that <tt>tickadj</tt> should be run with some caution when being used for the first time on different types of machines. The operations which <tt>tickadj</tt> tries to perform are not guaranteed to work on all Unix machines and may in rare cases cause the kernel to crash.</p>
451 <h4>Command Line Options</h4>
453 <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
457 \ No newline at end of file
projects / packages / ntp.git / blob