diff options
author | delphij <delphij@FreeBSD.org> | 2015-07-15 19:21:26 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2015-07-15 19:21:26 +0000 |
commit | 2a25cee78ab1d37e7d2bc40ae675646974d99f56 (patch) | |
tree | b0302ac4be59e104f4e1e54014561a1389397192 /usr.sbin/ntp/doc/ntp.keys.5 | |
parent | a0741a75537b2e0514472ac3b28afc55a7846c30 (diff) | |
download | FreeBSD-src-2a25cee78ab1d37e7d2bc40ae675646974d99f56.zip FreeBSD-src-2a25cee78ab1d37e7d2bc40ae675646974d99f56.tar.gz |
MFC r280849,280915-280916,281015-281016,282097,282408,282415,283542,
284864,285169-285170,285435:
ntp 4.2.8p3.
Relnotes: yes
Approved by: re (?)
Diffstat (limited to 'usr.sbin/ntp/doc/ntp.keys.5')
-rw-r--r-- | usr.sbin/ntp/doc/ntp.keys.5 | 170 |
1 files changed, 106 insertions, 64 deletions
diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5 index dc9531c..4ec3bb3 100644 --- a/usr.sbin/ntp/doc/ntp.keys.5 +++ b/usr.sbin/ntp/doc/ntp.keys.5 @@ -1,25 +1,37 @@ +.Dd February 4 2015 +.Dt NTP_KEYS 5 File Formats +.Os SunOS 5.10 +.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" .\" $FreeBSD$ .\" -.Dd January 13, 2000 -.Dt NTP.KEYS 5 -.Os +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed February 4, 2015 at 02:42:10 AM by AutoGen 5.18.5pre4 +.\" From the definitions ntp.keys.def +.\" and the template file agmdoc-file.tpl .Sh NAME .Nm ntp.keys -.Nd NTP daemon key file format +.Nd NTP symmetric key file format + +.Sh NAME +.Nm ntp.keys +.Nd NTP symmetric key file format .Sh SYNOPSIS -.Nm /etc/ntp.keys +.Nm +.Op Fl \-option\-name +.Op Fl \-option\-name Ar value +.Pp +All arguments must be options. +.Pp .Sh DESCRIPTION -Following is a description of the format of NTP key files. -For a description of the use of these files, see the +This document describes the format of an NTP symmetric key file. +For a description of the use of this type of file, see the .Qq Authentication Support section of the .Xr ntp.conf 5 page. .Pp -In the case of DES, the keys are 56 bits long with, -depending on type, a parity check on each byte. -In the case of MD5, the keys are 64 bits (8 bytes). .Xr ntpd 8 reads its keys from a file specified using the .Fl k @@ -29,7 +41,7 @@ statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, -one or more of the keys numbered 1 through 15 +one or more keys numbered between 1 and 65534 may be arbitrarily set in the keys file. .Pp The key file uses the same comment conventions @@ -40,57 +52,51 @@ Key entries use a fixed format of the form .Pp where .Ar keyno -is a positive integer, +is a positive integer (between 1 and 65534), .Ar type -is a single character which defines the key format, +is the message digest algorithm, and .Ar key is the key itself. .Pp The .Ar key -may be given in one of four different formats, +may be given in a format controlled by the .Ar type -character. -The four key types, and corresponding formats, -are listed following. -.Bl -tag -width X -.It Li S -The key is a 64-bit hexadecimal number in the format -specified in the DES specification; -that is, the high order seven bits of each octet are used -to form the 56-bit key -while the low order bit of each octet is given a value -such that odd parity is maintained for the octet. -Leading zeroes must be specified -(i.e., the key must be exactly 16 hex digits long) -and odd parity must be maintained. -Hence a zero key, in standard format, would be given as -.Ql 0101010101010101 . -.It Li N -The key is a 64-bit hexadecimal number in the format -specified in the NTP standard. -This is the same as the DES format, -except the bits in each octet have been rotated one bit right -so that the parity bit is now the high order bit of the octet. -Leading zeroes must be specified and odd parity must be maintained. -A zero key in NTP format would be specified as -.Ql 8080808080808080 . -.It Li A -The key is a 1-to-8 character ASCII string. -A key is formed from this by using the low order 7 bits -of each ASCII character in the string, -with zeroes added on the right -when necessary to form a full width 56-bit key, -in the same way that encryption keys are formed from -.Ux -passwords. -.It Li M -The key is a 1-to-8 character ASCII string, -using the MD5 authentication scheme. -Note that both the keys and the authentication schemes (DES or MD5) -must be identical between a set of peers sharing the same key number. +field. +The +.Ar type +.Li MD5 +is always supported. +If +.Li ntpd +was built with the OpenSSL library +then any digest library supported by that library may be specified. +However, if compliance with FIPS 140\-2 is required the +.Ar type +must be either +.Li SHA +or +.Li SHA1 . +.Pp +What follows are some key types, and corresponding formats: +.Pp +.Bl -tag -width RMD160 -compact +.It Li MD5 +The key is 1 to 16 printable characters terminated by +an EOL, +whitespace, +or +a +.Li # +(which is the "start of comment" character). +.Pp +.It Li SHA +.It Li SHA1 +.It Li RMD160 +The key is a hex\-encoded ASCII string of 40 characters, +which is truncated as necessary. .El .Pp Note that the keys used by the @@ -100,21 +106,57 @@ and programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in ASCII format. +.Sh "OPTIONS" +.Bl -tag +.It Fl \-help +Display usage information and exit. +.It Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from environment variables named: +.nf + \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP +.fi +.ad +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. .Sh FILES -.Bl -tag -width /etc/ntp.drift -compact +.Bl -tag -width /etc/ntp.keys -compact .It Pa /etc/ntp.keys the default name of the configuration file .El -.Sh SEE ALSO +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "SEE ALSO" .Xr ntp.conf 5 , .Xr ntpd 8 , .Xr ntpdate 8 , -.Xr ntpdc 8 -.Sh BUGS -.Xr ntpd 8 -has gotten rather fat. -While not huge, it has gotten larger than might -be desirable for an elevated-priority daemon running on a workstation, -particularly since many of the fancy features which consume the space -were designed more with a busy primary server, rather than a high -stratum workstation, in mind. +.Xr ntpdc 8 , +.Xr sntp 8 +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh "BUGS" +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh NOTES +This document was derived from FreeBSD. +.Pp +This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP +option definitions. |