diff options
Diffstat (limited to 'ntpd/ntp.keys.def')
-rw-r--r-- | ntpd/ntp.keys.def | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/ntpd/ntp.keys.def b/ntpd/ntp.keys.def new file mode 100644 index 0000000..dcb3d55 --- /dev/null +++ b/ntpd/ntp.keys.def @@ -0,0 +1,152 @@ +/* -*- Mode: Text -*- */ + +autogen definitions options; + +#include copyright.def +#include version.def + +// We want the synopsis to be "/etc/ntp.keys" but we need the prog-name +// to be ntp.keys - the latter is also how autogen produces the output +// file name. +prog-name = "ntp.keys"; +file-path = "/etc/ntp.keys"; +prog-title = "NTP symmetric key file format"; + +/* explain: Additional information whenever the usage routine is invoked */ +explain = <<- _END_EXPLAIN + _END_EXPLAIN; + +doc-section = { + ds-type = 'DESCRIPTION'; + ds-format = 'mdoc'; + ds-text = <<- _END_PROG_MDOC_DESCRIP +This document describes the format of an NTP symmetric key file. +For a description of the use of this type of file, see the +.Qq Authentication Support +section of the +.Xr ntp.conf 5 +page. +.Pp +.Xr ntpd 8 +reads its keys from a file specified using the +.Fl k +command line option or the +.Ic keys +statement in the configuration file. +While key number 0 is fixed by the NTP standard +(as 56 zero bits) +and may not be changed, +one or more keys numbered between 1 and 65534 +may be arbitrarily set in the keys file. +.Pp +The key file uses the same comment conventions +as the configuration file. +Key entries use a fixed format of the form +.Pp +.D1 Ar keyno type key +.Pp +where +.Ar keyno +is a positive integer (between 1 and 65534), +.Ar type +is the message digest algorithm, +and +.Ar key +is the key itself. +.Pp +The +.Ar key +may be given in a format +controlled by the +.Ar type +field. +The +.Ar type +.Li MD5 +is always supported. +If +.Li ntpd +was built with the OpenSSL library +then any digest library supported by that library may be specified. +However, if compliance with FIPS 140-2 is required the +.Ar type +must be either +.Li SHA +or +.Li SHA1 . +.Pp +What follows are some key types, and corresponding formats: +.Pp +.Bl -tag -width RMD160 -compact +.It Li MD5 +The key is 1 to 16 printable characters terminated by +an EOL, +whitespace, +or +a +.Li # +(which is the "start of comment" character). +.Pp +.It Li SHA +.It Li SHA1 +.It Li RMD160 +The key is a hex-encoded ASCII string of 40 characters, +which is truncated as necessary. +.El +.Pp +Note that the keys used by the +.Xr ntpq 8 +and +.Xr ntpdc 8 +programs are checked against passwords +requested by the programs and entered by hand, +so it is generally appropriate to specify these keys in ASCII format. + _END_PROG_MDOC_DESCRIP; +}; + +doc-section = { + ds-type = 'FILES'; + ds-format = 'mdoc'; + ds-text = <<- _END_MDOC_FILES +.Bl -tag -width /etc/ntp.keys -compact +.It Pa /etc/ntp.keys +the default name of the configuration file +.El + _END_MDOC_FILES; +}; + +doc-section = { + ds-type = 'SEE ALSO'; + ds-format = 'mdoc'; + ds-text = <<- _END_MDOC_SEE_ALSO +.Xr ntp.conf 5 , +.Xr ntpd 1ntpdmdoc , +.Xr ntpdate 1ntpdatemdoc , +.Xr ntpdc 1ntpdcmdoc , +.Xr sntp 1sntpmdoc + _END_MDOC_SEE_ALSO; +}; + +/* +doc-section = { + ds-type = 'BUGS'; + ds-format = 'mdoc'; + ds-text = <<- _END_MDOC_BUGS +.Xr ntpd 8 +has gotten rather fat. +While not huge, it has gotten larger than might +be desirable for an elevated-priority daemon running on a workstation, +particularly since many of the fancy features which consume the space +were designed more with a busy primary server, rather than a high +stratum workstation, in mind. + _END_MDOC_BUGS; +}; +*/ + +doc-section = { + ds-type = 'NOTES'; + ds-format = 'mdoc'; + ds-text = <<- _END_MDOC_NOTES +This document was derived from FreeBSD. + _END_MDOC_NOTES; +}; |