Unix/Linux Go Back    


Linux 2.6 - man page for ntp.conf (linux section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


NTP.CONF(5)		   The Network Time Protocol (NTP) Distribution 	      NTP.CONF(5)

NAME
       ntp.conf - NTP server configuration file

SYNOPSIS
       ntp.conf

DESCRIPTION
       Ordinarily,  ntpd reads the ntp.conf configuration file at startup time in order to deter-
       mine the synchronization sources and operating modes.  It is also possible  to  specify	a
       working,  although limited, configuration entirely on the command line, obviating the need
       for a configuration file.  This may be particularly useful when the local host  is  to  be
       configured  as  a broadcast/multicast client, with all peers being determined by listening
       to broadcasts at run time.

       Usually, the configuration file is installed in the /etc directory, but could be installed
       elsewhere  (see the -c conffile command line option).  The file format is similar to other
       Unix configuration files - comments begin with a # character and extend to the end of  the
       line; blank lines are ignored.

       Configuration commands consist of an initial keyword followed by a list of arguments, some
       of which may be optional, separated by whitespace.  Commands may  not  be  continued  over
       multiple  lines.  Arguments  may be host names, host addresses written in numeric, dotted-
       quad form, integers, floating point numbers (when specifying times in  seconds)	and  text
       strings.   Optional  arguments  are  delimited by [ ] in the following descriptions, while
       alternatives are separated by |.  The notation [ ... ] means an optional, indefinite repe-
       tition of the last item before the [ ... ].

       Following  is a description of the configuration commands in NTPv4.  There are two classes
       of commands, configuration commands that configure an association with  a  remote  server,
       peer  or reference clock, and auxiliary commands that specify environmental variables that
       control various related operations.

   Configuration Commands
       The various modes are determined by the command	keyword  and  the  required  IP  address.
       Addresses  are classed by type as (s) a remote server or peer (IPv4 class A, B and C), (b)
       the broadcast address of a local interface, (m) a multicast address (IPv4 class D), or (r)
       a reference clock address (127.127.x.x).  The options that can be used with these commands
       are listed below.

       If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for  the
       IPv6  address  family  is generated in addition to the default support of the IPv4 address
       family.	IPv6 addresses can be identified by the presence of colons  ":"  in  the  address
       field.	IPv6  addresses  can  be used almost everywhere where IPv4 addresses can be used,
       with the exception of reference clock addresses, which are always IPv4.	Note that in con-
       texts  where  a	host  name is expected, a -4 qualifier preceding the host name forces DNS
       resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to	the  IPv6
       namespace.

       There  are three types of associations: persistent, preemptable and ephemeral.  Persistent
       associations are mobilized by a configuration command and never demobilized.   Preemptable
       associations,  which  are  new  to  NTPv4,  are mobilized by a configuration command which
       includes the prempt flag and are demobilized by timeout or error.  Ephemeral  associations
       are mobilized upon arrival of designated messages and demobilized by timeout or error.

       server address [options ...]

       peer address [options ...]

       broadcast address [options ...]

       manycastclient address [options ...]
	      These four commands specify the time server name or address to be used and the mode
	      in which to operate.  The address can be either a DNS name or a IP address in  dot-
	      ted-quad	notation.  Additional information on association behavior can be found in
	      the Association Management page.

	      server For type s and r addresses (only), this command normally mobilizes a persis-
		     tent  client mode association with the specified remote server or local ref-
		     erence clock. If the preempt flag is specified, a preemptable association is
		     mobilized	instead.  In  client mode the client clock can synchronize to the
		     remote server or local reference clock, but the remote server can	never  be
		     synchronized to the client clock. This command should NOT be used for type b
		     or m addresses.

	      peer   For type s addresses (only), this command mobilizes a persistent  symmetric-
		     active  mode  association	with  the specified remote peer. In this mode the
		     local clock can be synchronized to the remote peer or the remote peer can be
		     synchronized  to  the  local  clock.  This is useful in a network of servers
		     where, depending on various failure scenarios, either the	local  or  remote
		     peer  may	be the better source of time. This command should NOT be used for
		     type b, m or r addresses.

	      broadcast
		     For type b and m addresses  (only),  this	command  mobilizes  a  persistent
		     broadcast	mode association. Multiple commands can be used to specify multi-
		     ple local broadcast interfaces (subnets) and/or multiple  multicast  groups.
		     Note  that local broadcast messages go only to the interface associated with
		     the subnet specified, but multicast messages go to all interfaces.

		     In broadcast mode the local server sends periodic broadcast  messages  to	a
		     client  population  at the address specified, which is usually the broadcast
		     address on (one of) the local network(s) or a multicast address assigned  to
		     NTP.  The	IANA  has assigned the multicast group address IPv4 224.0.1.1 and
		     IPv6 ff05::101 (site local) exclusively to  NTP,  but  other  nonconflicting
		     addresses	can  be used to contain the messages within administrative bound-
		     aries. Ordinarily, this specification applies only to the local server oper-
		     ating  as	a sender; for operation as a broadcast client, see the broadcast-
		     client or multicastclient commands below.

	      manycastclient
		     For type m addresses (only), this command mobilizes a  preemptable  manycast
		     client  mode  association for the multicast group address specified. In this
		     mode a specific address must be supplied which matches the address  used  on
		     the manycastserver command for the designated manycast servers. The NTP mul-
		     ticast address 224.0.1.1 assigned by the IANA should  NOT	be  used,  unless
		     specific  means are taken to avoid spraying large areas of the Internet with
		     these messages and causing a possibly massive implosion of  replies  at  the
		     sender.

		     The  manycastclient  command specifies that the host is to operate in client
		     mode with the remote servers that are discovered as  the  result  of  broad-
		     cast/multicast  messages.	The  client  broadcasts  a request message to the
		     group address associated with the specified address and specifically enabled
		     servers  respond to these messages. The client selects the servers providing
		     the best time and continues  as  with  the  server  command.  The	remaining
		     servers are discarded as if never heard.

   Command Options
       autokey
	      All packets sent to and received from the server or peer are to include authentica-
	      tion fields encrypted using the autokey  scheme  described  in  the  Authentication
	      Options page.  This option is valid with all commands.

       burst  When  the  server  is reachable, send a burst of eight packets instead of the usual
	      one.  The packet spacing is normally 2 s; however, the spacing  between  the  first
	      and  second  packets  can be changed with the calldelay command to allow additional
	      time for a modem or ISDN call to complete.  This option  is  valid  with	only  the
	      server  command  and  is	a  recommended	option with this command when the maxpoll
	      option is 11 or greater.

       iburst When the server is unreachable, send a burst of eight packets instead of the  usual
	      one.   The  packet  spacing is normally 2 s; however, the spacing between the first
	      and second packets can be changed with the calldelay command  to	allow  additional
	      time  for  a  modem  or  ISDN call to complete.  This option is valid with only the
	      server command and is a recommended option with this command.

       key key
	      All packets sent to and received from the server or peer are to include authentica-
	      tion  fields  encrypted  using  the  specified key identifier with values from 1 to
	      65534, inclusive.  The default is to include no encryption field.  This  option  is
	      valid with all commands.

       minpoll minpoll, maxpoll maxpoll
	      These  options  specify the minimum and maximum poll intervals for NTP messages, in
	      seconds as a power of two.  The maximum poll interval defaults to 10 (1,024 s), but
	      can be increased by the maxpoll option to an upper limit of 17 (36.4 h).	The mini-
	      mum poll interval defaults to 6 (64 s), but can be decreased by the minpoll  option
	      to a lower limit of 4 (16 s).  These option are valid only with the server and peer
	      commands.

       mode option
	      Pass the option to a reference clock driver, where option  is  an  integer  in  the
	      range from 0 to 255, inclusive. This option is valid only with type r addresses.

       noselect
	      Marks  the  server as unused, except for display purposes.  The server is discarded
	      by the selection algorithm.  This option is valid only with  the	server	and  peer
	      commands.

       preempt
	      Specifies  the association as preemptable rather than the default persistent.  This
	      option is valied only with the server command.

       prefer Marks the server as preferred.  All other things being equal,  this  host  will  be
	      chosen for synchronization among a set of correctly operating hosts.  See the Miti-
	      gation Rules and the prefer Keyword page for further information.  This  option  is
	      valid only with the server and peer commands.

       true   Force  the  association  to  assume  truechimer status; that is, always survive the
	      selection and clustering algorithms.  This option can be used with any association,
	      but  is  most  useful for reference clocks with large jitter on the serial port and
	      precision pulse-per-second (PPS) signals.  Caution: this option defeats  the  algo-
	      rithms  designed	to  cast  out falsetickers and can allow these sources to set the
	      system clock.  This option is valid only with the server and peer commands.

       ttl ttl
	      This option is used only with broadcast server and manycast client modes.  It spec-
	      ifies  the time-to-live ttl to use on broadcast server and multicast server and the
	      maximum ttl for the expanding ring search with manycast client packets.	Selection
	      of  the proper value, which defaults to 127, is something of a black art and should
	      be coordinated with the network administrator.

       version version
	      Specifies the version number to be used for outgoing NTP packets.  Versions 1-4 are
	      the  choices,  with  version  4  the  default.   This option is valid only with the
	      server, peer and broadcast commands.

       xleave Operate in interleaved mode (symmetric and broadcast modes only). (see  NTP  Inter-
	      leaved Modes)

   Auxiliary Commands
       broadcastclient [novolley]
	      This  command enables reception of broadcast server messages to any local interface
	      (type b) address.  Ordinarily, upon receiving a message for  the	first  time,  the
	      broadcast  client  measures  the	nominal  server  propagation  delay using a brief
	      client/server exchange with the server, after which  it  continues  in  listen-only
	      mode.   If  the novolley keyword is present, the exchange is not used and the value
	      specified in the broadcastdelay command is used or, if the  broadcastdelay  command
	      is  not used, the default 4.0 ms.  Note that, in order to avoid accidental or mali-
	      cious disruption in this mode, both the server and client should operate using sym-
	      metric  key or public key authentication as described in the Authentication Options
	      page.  Note that the novolley keyword is incompatible with public  key  authentica-
	      tion.

       manycastserver address [...]
	      This  command  enables reception of manycast client messages to the multicast group
	      address(es) (type m) specified.  At least one address is required.  The NTP  multi-
	      cast  address  224.0.1.1	assigned  by the IANA should NOT be used, unless specific
	      means are taken to limit the span of the reply and avoid a possibly massive  implo-
	      sion  at the original sender.  Note that, in order to avoid accidental or malicious
	      disruption in this mode, both the server and client should operate using	symmetric
	      key or public key authentication as described in the Authentication Options page.

       multicastclient address [...]
	      This  command enables reception of multicast server messages to the multicast group
	      address(es) (type m) specified.  Upon receiving a message for the first  time,  the
	      multicast  client  measures  the	nominal  server  propagation  delay using a brief
	      client/server exchange with the server, then enters the broadcast client	mode,  in
	      which  it  synchronizes  to  succeeding multicast messages.  Note that, in order to
	      avoid accidental or malicious disruption in this mode, both the server  and  client
	      should operate using symmetric key or public key authentication as described in the
	      Authentication Options page.

   Authentication Commands
       autokey [logsec]
	      Specifies the interval between regenerations of the session key list used with  the
	      autokey  feature.   Note that the size of the key list for each association depends
	      on this interval and the current poll interval.  The default value is 12 (4096 s or
	      about  1.1  hours).  For poll intervals above the specified interval, a session key
	      list with a single entry will be regenerated for every message sent.

       revoke [logsec]
	      Specifies the interval between recomputations of the private value  used	with  the
	      autokey  feature,  which	ordinarily requires an expensive public- key computation.
	      The default value is 12 (65,536 s or about 18 hours).  For poll intervals above the
	      specified interval, a new private value will be recomputed for every message sent.

   Miscellaneous Options
       driftfile driftfile
	      This  command  specifies the name of the file use to record the frequency offset of
	      the local clock oscillator.  If the file exists, it is read at startup in order  to
	      set  the	initial  frequency offset and then updated once per hour with the current
	      frequency offset computed by the daemon.	If the file does not exist or  this  com-
	      mand  is	not  given,  the initial frequency offset is assumed to be zero.  In this
	      case, it may take some hours for the frequency to stabilize and the residual timing
	      errors to subside.

	      The  file  format consists of a single line containing a single floating point num-
	      ber, which records the frequency offset measured in parts-per-million  (PPM).   The
	      file  is updated by first writing the current drift value into a temporary file and
	      then renaming this file to replace the old version.  This implies  that  ntpd  must
	      have write permission for the directory the drift file is located in, and that file
	      system links, symbolic or otherwise, should be avoided.

       enable [auth | bclient | calibrate | kernel | monitor | ntp | pps | stats]

       disable [auth | bclient | calibrate | kernel | monitor | ntp | pps | stats]
	      Provides a way to enable or disable various server options.   Flags  not	mentioned
	      are  unaffected.	Note that all of these flags can be controlled remotely using the
	      ntpdc utility program.

	      auth   Enables the server to synchronize with unconfigured peers only if	the  peer
		     has  been	correctly  authenticated  using  either public key or private key
		     cryptography.  The default for this flag is enable.

	      bclient
		     Enables the server to listen for a message from  a  broadcast  or	multicast
		     server, as in the multicastclient command with default address.  The default
		     for this flag is disable.

	      calibrate
		     Enables the calibrate feature for reference clocks.  The  default	for  this
		     flag is disable.

	      kernel Enables the kernel time discipline, if available.	The default for this flag
		     is enable if support is available, otherwise disable.

	      monitor
		     Enables the monitoring facility.  See the ntpdc program and the monlist com-
		     mand or further information.  The default for this flag is enable.

	      ntp    Enables  time  and  frequency  discipline.  In effect, this switch opens and
		     closes the feedback loop, which is useful for testing.  The default for this
		     flag is enable.

	      pps    Enables  the pulse-per-second (PPS) signal when frequency and time is disci-
		     plined by the precision time kernel modifications.  See the A  Kernel  Model
		     for  Precision  Timekeeping  page	for further information.  The default for
		     this flag is disable.

	      stats  Enables the statistics facility.  See the Monitoring Options page	for  fur-
		     ther information.	The default for this flag is disable.

       includefile includefile
	      This  command  allows additional configuration commands to be included from a sepa-
	      rate file.  Include files may be nested to a depth of five; upon reaching  the  end
	      of any include file, command processing resumes in the previous configuration file.
	      This option is useful for sites that run ntpd on multiple hosts, with (mostly) com-
	      mon options (e.g., a restriction list).

       interface  [listen  |  ignore | drop] [all | ipv4 | ipv6 | wildcard | name | address[/pre-
       fixlen]]
	      This command controls which network addresses ntpd  opens,  and  whether	input  is
	      dropped without processing. The first parameter determines the action for addresses
	      which match the second parameter. That parameter specifies a class of addresses, or
	      a specific interface name, or an address. In the address case, prefixlen determines
	      how many bits must match for this rule to apply. ignore prevents	opening  matching
	      addresses, drop causes ntpd to open the address and drop all received packets with-
	      out examination. Multiple interface commands can	be  used.  The	last  rule  which
	      matches  a  particular address determines the action for it. interface commands are
	      disabled if any -I, --interface, -L, or  --novirtualips  command-line  options  are
	      used.  If  none of those options are used and no interface actions are specified in
	      the configuration file, all available network addresses are opened. The nic command
	      is an alias for interface.

FILES
       /etc/ntp.conf

NOTES
       Note that this manual page shows only the most important configuration commands.  The full
       documentation (see below) contains more details.

BUGS
       The syntax checking is not picky; some  combinations  of  ridiculous  and  even	hilarious
       options and modes may not be detected.

SEE ALSO
       ntpd(8)

       The  complete  documentation  can be found at /usr/share/doc/ntp-doc/html/ntpd.html#cfg in
       the package ntp-doc.

Debian					    2008-04-09				      NTP.CONF(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 05:37 AM.