MFC r280849,280915-280916,281015-281016,282097,282408,282415,283542,

     284864,285169-285170,285435:

ntp 4.2.8p3.

Relnotes:	yes
Approved by:	re (?)

1 files changed, 106 insertions, 64 deletions

diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5
index dc9531c..4ec3bb3 100644
--- a/usr.sbin/ntp/doc/ntp.keys.5
+++ b/usr.sbin/ntp/doc/ntp.keys.5
@@ -1,25 +1,37 @@
+.Dd February 4 2015
+.Dt NTP_KEYS 5 File Formats
+.Os SunOS 5.10
+.\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 13, 2000
-.Dt NTP.KEYS 5
-.Os
+.\" $FreeBSD$
+.\"
+.\"  It has been AutoGen-ed  February  4, 2015 at 02:42:10 AM by AutoGen 5.18.5pre4
+.\"  From the definitions    ntp.keys.def
+.\"  and the template file   agmdoc-file.tpl
 .Sh NAME
 .Nm ntp.keys
-.Nd NTP daemon key file format
+.Nd NTP symmetric key file format
+
+.Sh NAME
+.Nm ntp.keys
+.Nd NTP symmetric key file format
 .Sh SYNOPSIS
-.Nm /etc/ntp.keys
+.Nm
+.Op Fl \-option\-name
+.Op Fl \-option\-name Ar value
+.Pp
+All arguments must be options.
+.Pp
 .Sh DESCRIPTION
-Following is a description of the format of NTP key files.
-For a description of the use of these files, see the
+This document describes the format of an NTP symmetric key file.
+For a description of the use of this type of file, see the
 .Qq Authentication Support
 section of the
 .Xr ntp.conf 5
 page.
 .Pp
-In the case of DES, the keys are 56 bits long with,
-depending on type, a parity check on each byte.
-In the case of MD5, the keys are 64 bits (8 bytes).
 .Xr ntpd 8
 reads its keys from a file specified using the
 .Fl k
@@ -29,7 +41,7 @@ statement in the configuration file.
 While key number 0 is fixed by the NTP standard
 (as 56 zero bits)
 and may not be changed,
-one or more of the keys numbered 1 through 15
+one or more keys numbered between 1 and 65534
 may be arbitrarily set in the keys file.
 .Pp
 The key file uses the same comment conventions
@@ -40,57 +52,51 @@ Key entries use a fixed format of the form
 .Pp
 where
 .Ar keyno
-is a positive integer,
+is a positive integer (between 1 and 65534),
 .Ar type
-is a single character which defines the key format,
+is the message digest algorithm,
 and
 .Ar key
 is the key itself.
 .Pp
 The
 .Ar key
-may be given in one of four different formats,
+may be given in a format
 controlled by the
 .Ar type
-character.
-The four key types, and corresponding formats,
-are listed following.
-.Bl -tag -width X
-.It Li S
-The key is a 64-bit hexadecimal number in the format
-specified in the DES specification;
-that is, the high order seven bits of each octet are used
-to form the 56-bit key
-while the low order bit of each octet is given a value
-such that odd parity is maintained for the octet.
-Leading zeroes must be specified
-(i.e., the key must be exactly 16 hex digits long)
-and odd parity must be maintained.
-Hence a zero key, in standard format, would be given as
-.Ql 0101010101010101 .
-.It Li N
-The key is a 64-bit hexadecimal number in the format
-specified in the NTP standard.
-This is the same as the DES format,
-except the bits in each octet have been rotated one bit right
-so that the parity bit is now the high order bit of the octet.
-Leading zeroes must be specified and odd parity must be maintained.
-A zero key in NTP format would be specified as
-.Ql 8080808080808080 .
-.It Li A
-The key is a 1-to-8 character ASCII string.
-A key is formed from this by using the low order 7 bits
-of each ASCII character in the string,
-with zeroes added on the right
-when necessary to form a full width 56-bit key,
-in the same way that encryption keys are formed from
-.Ux
-passwords.
-.It Li M
-The key is a 1-to-8 character ASCII string,
-using the MD5 authentication scheme.
-Note that both the keys and the authentication schemes (DES or MD5)
-must be identical between a set of peers sharing the same key number.
+field.
+The
+.Ar type
+.Li MD5
+is always supported.
+If
+.Li ntpd
+was built with the OpenSSL library
+then any digest library supported by that library may be specified.
+However, if compliance with FIPS 140\-2 is required the
+.Ar type
+must be either
+.Li SHA
+or
+.Li SHA1 .
+.Pp
+What follows are some key types, and corresponding formats:
+.Pp
+.Bl -tag -width RMD160 -compact
+.It Li MD5
+The key is 1 to 16 printable characters terminated by
+an EOL,
+whitespace,
+or
+a
+.Li #
+(which is the "start of comment" character).
+.Pp
+.It Li SHA
+.It Li SHA1
+.It Li RMD160
+The key is a hex\-encoded ASCII string of 40 characters,
+which is truncated as necessary.
 .El
 .Pp
 Note that the keys used by the
@@ -100,21 +106,57 @@ and
 programs are checked against passwords
 requested by the programs and entered by hand,
 so it is generally appropriate to specify these keys in ASCII format.
+.Sh "OPTIONS"
+.Bl -tag
+.It Fl \-help
+Display usage information and exit.
+.It Fl \-more\-help
+Pass the extended usage information through a pager.
+.It Fl \-version Op Brq Ar v|c|n
+Output version of program and exit.  The default mode is `v', a simple
+version.  The `c' mode will print copyright information and `n' will
+print the full copyright notice.
+.El
+.Sh "OPTION PRESETS"
+Any option that is not marked as \fInot presettable\fP may be preset
+by loading values from environment variables named:
+.nf
+  \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP
+.fi
+.ad
+.Sh "ENVIRONMENT"
+See \fBOPTION PRESETS\fP for configuration environment variables.
 .Sh FILES
-.Bl -tag -width /etc/ntp.drift -compact
+.Bl -tag -width /etc/ntp.keys -compact
 .It Pa /etc/ntp.keys
 the default name of the configuration file
 .El
-.Sh SEE ALSO
+.Sh "EXIT STATUS"
+One of the following exit values will be returned:
+.Bl -tag
+.It 0 " (EXIT_SUCCESS)"
+Successful program execution.
+.It 1 " (EXIT_FAILURE)"
+The operation failed or the command syntax was not valid.
+.It 70 " (EX_SOFTWARE)"
+libopts had an internal operational error.  Please report
+it to autogen\-users@lists.sourceforge.net.  Thank you.
+.El
+.Sh "SEE ALSO"
 .Xr ntp.conf 5 ,
 .Xr ntpd 8 ,
 .Xr ntpdate 8 ,
-.Xr ntpdc 8
-.Sh BUGS
-.Xr ntpd 8
-has gotten rather fat.
-While not huge, it has gotten larger than might
-be desirable for an elevated-priority daemon running on a workstation,
-particularly since many of the fancy features which consume the space
-were designed more with a busy primary server, rather than a high
-stratum workstation, in mind.
+.Xr ntpdc 8 ,
+.Xr sntp 8
+.Sh "AUTHORS"
+The University of Delaware and Network Time Foundation
+.Sh "COPYRIGHT"
+Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
+This program is released under the terms of the NTP license, <http://ntp.org/license>.
+.Sh "BUGS"
+Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
+.Sh NOTES
+This document was derived from FreeBSD.
+.Pp
+This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP
+option definitions.