invoke-ntp.keys.texi revision 316722
1168404Spjd@node ntp.keys Notes 2168404Spjd@section Notes about ntp.keys 3168404Spjd@pindex ntp.keys 4168404Spjd@cindex NTP symmetric key file format 5168404Spjd@ignore 6168404Spjd# 7168404Spjd# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) 8168404Spjd# 9168404Spjd# It has been AutoGen-ed March 21, 2017 at 10:31:04 AM by AutoGen 5.18.5 10168404Spjd# From the definitions ntp.keys.def 11168404Spjd# and the template file agtexi-file.tpl 12168404Spjd@end ignore 13168404Spjd 14168404Spjd 15168404Spjd 16168404SpjdThis document describes the format of an NTP symmetric key file. 17168404SpjdFor a description of the use of this type of file, see the 18168404Spjd"Authentication Support" 19168404Spjdsection of the 20168404Spjd@code{ntp.conf(5)} 21168404Spjdpage. 22168404Spjd 23168404Spjd@code{ntpd(8)} 24168404Spjdreads its keys from a file specified using the 25168404Spjd@code{-k} 26168404Spjdcommand line option or the 27168404Spjd@code{keys} 28168404Spjdstatement in the configuration file. 29168404SpjdWhile key number 0 is fixed by the NTP standard 30168404Spjd(as 56 zero bits) 31168404Spjdand may not be changed, 32168404Spjdone or more keys numbered between 1 and 65534 33168404Spjdmay be arbitrarily set in the keys file. 34168404Spjd 35168404SpjdThe key file uses the same comment conventions 36168404Spjdas the configuration file. 37168404SpjdKey entries use a fixed format of the form 38168404Spjd 39168404Spjd@example 40168404Spjd@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} 41168404Spjd@end example 42168404Spjd 43168404Spjdwhere 44168404Spjd@kbd{keyno} 45168404Spjdis a positive integer (between 1 and 65534), 46168404Spjd@kbd{type} 47168404Spjdis the message digest algorithm, 48168404Spjdand 49168404Spjd@kbd{key} 50168404Spjdis the key itself, and 51168404Spjd@kbd{opt_IP_list} 52168404Spjdis an optional comma-separated list of IPs 53168404Spjdthat are allowed to serve time. 54168404SpjdIf 55168404Spjd@kbd{opt_IP_list} 56168404Spjdis empty, 57168404Spjdany properly-authenticated server message will be 58168404Spjdaccepted. 59168404Spjd 60168404SpjdThe 61168404Spjd@kbd{key} 62168404Spjdmay be given in a format 63168404Spjdcontrolled by the 64168404Spjd@kbd{type} 65168404Spjdfield. 66168404SpjdThe 67168404Spjd@kbd{type} 68168404Spjd@code{MD5} 69168404Spjdis always supported. 70168404SpjdIf 71168488Spjd@code{ntpd} 72168404Spjdwas built with the OpenSSL library 73168404Spjdthen any digest library supported by that library may be specified. 74168488SpjdHowever, if compliance with FIPS 140-2 is required the 75168404Spjd@kbd{type} 76168404Spjdmust be either 77168404Spjd@code{SHA} 78168404Spjdor 79168404Spjd@code{SHA1}. 80168488Spjd 81168404SpjdWhat follows are some key types, and corresponding formats: 82168404Spjd 83168404Spjd@table @asis 84168404Spjd@item @code{MD5} 85168404SpjdThe key is 1 to 16 printable characters terminated by 86168404Spjdan EOL, 87168404Spjdwhitespace, 88168404Spjdor 89168404Spjda 90168404Spjd@code{#} 91168404Spjd(which is the "start of comment" character). 92168404Spjd 93168404Spjd@item @code{SHA} 94168404Spjd@item @code{SHA1} 95168404Spjd@item @code{RMD160} 96168404SpjdThe key is a hex-encoded ASCII string of 40 characters, 97168404Spjdwhich is truncated as necessary. 98168404Spjd@end table 99168404Spjd 100168404SpjdNote that the keys used by the 101168404Spjd@code{ntpq(8)} 102168404Spjdand 103168404Spjd@code{ntpdc(8)} 104168404Spjdprograms are checked against passwords 105168404Spjdrequested by the programs and entered by hand, 106168404Spjdso it is generally appropriate to specify these keys in ASCII format. 107168404Spjd 108168404SpjdThis section was generated by @strong{AutoGen}, 109168404Spjdusing the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program. 110168404SpjdThis software is released under the NTP license, <http://ntp.org/license>. 111168404Spjd 112168404Spjd@menu 113168404Spjd* ntp.keys Files:: Files 114168404Spjd* ntp.keys See Also:: See Also 115168404Spjd* ntp.keys Notes:: Notes 116168404Spjd@end menu 117168404Spjd 118168404Spjd@node ntp.keys Files 119168404Spjd@subsection ntp.keys Files 120168404Spjd@table @asis 121168404Spjd@item @file{/etc/ntp.keys} 122168404Spjdthe default name of the configuration file 123168404Spjd@end table 124168404Spjd@node ntp.keys See Also 125168404Spjd@subsection ntp.keys See Also 126168404Spjd@code{ntp.conf(5)}, 127168404Spjd@code{ntpd(1ntpdmdoc)}, 128168404Spjd@code{ntpdate(1ntpdatemdoc)}, 129168404Spjd@code{ntpdc(1ntpdcmdoc)}, 130168404Spjd@code{sntp(1sntpmdoc)} 131168404Spjd@node ntp.keys Notes 132168404Spjd@subsection ntp.keys Notes 133168404SpjdThis document was derived from FreeBSD. 134168404Spjd