freebsd-dev/usr.sbin/ntp/doc/ntp.keys.5
Sheldon Hearn fb137ad4d1 Abandon hope of keeping in line with the author's structure,
in favour of placing information in the correct sections.

The ntp_acc(8), ntp_auth(8), ntp_clock(8), ntp_conf(8),
ntp_misc(8) and ntp_mon(8) pages have been merged into
ntp.conf(5) and ntp.keys(5).

Requested by:	rgrimes, wollman
2000-01-13 09:59:55 +00:00

135 lines
3.4 KiB
Groff

.\"
.\" $FreeBSD$
.\"
.Dd January 13, 2000
.Dt NTP.KEYS 5
.Os
.Sh NAME
.Nm ntp.keys
.Nd NTP daemon key file format
.Sh SYNOPSIS
.Nm /etc/ntp.keys
.Sh DESCRIPTION
Following is a description of the format of NTP key files.
For a description of the use of these files, see the
.Qq Authentication Support
section of the
.Xr ntp.conf 5
page.
.Pp
In the case of DES, the keys are 56 bits long with,
depending on type, a parity check on each byte.
In the case of MD5, the keys are 64 bits (8 bytes).
.Xr ntpd 8
reads its keys from a file specified using the
.Fl k
command line option or the
.Ic keys
statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more of the keys numbered 1 through 15
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
as the configuration file.
Key entries use a fixed format of the form
.Pp
.Dl keyno type key
.Pp
where
.Ar keyno
is a positive integer,
.Ar type
is a single character which defines the key format,
and
.Ar key
is the key itself.
.Pp
The
.Ar key
may be given in one of three different formats,
controlled by the
.Ar type
character.
The three key types, and corresponding formats,
are listed following.
.Bl -tag -width indent
.It S
The
.Ar key
is a 64-bit hexadecimal number in the format
specified in the DES specification;
that is, the high order seven bits of each octet are used
to form the 56-bit key
while the low order bit of each octet is given a value
such that odd parity is maintained for the octet.
Leading zeroes must be specified
(i.e. the key must be exactly 16 hex digits long)
and odd parity must be maintained.
Hence a zero
.Ar key ,
in standard format, would be given as
.Li 0101010101010101 .
.It N
The
.Ar key
is a 64-bit hexadecimal number in the format
specified in the NTP standard.
This is the same as the DES format,
except the bits in each octet have been rotated one bit right
so that the parity bit is now the high order bit of the octet.
Leading zeroes must be specified and odd parity must be maintained.
A zero
.Ar key
in NTP format would be specified as
.Li 8080808080808080 .
.It A
The
.Ar key
is a 1-to-8 character ASCII string.
A key is formed from this by using the low order 7 bits
of each ASCII character in the string,
with zeroes added on the right
when necessary to form a full width 56-bit key,
in the same way that encryption keys are formed from Unix passwords.
.It M
The
.Ar key
is a 1-to-8 character ASCII string,
using the MD5 authentication scheme.
Note that both the keys and the authentication schemes (DES or MD5)
must be identical between a set of peers sharing the same key number.
.El
.Pp
Note that the keys used by the
.Xr ntpq 8
and
.Xr ntpdc 8
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
.Sh FILES
.Bl -tag -width /etc/ntp.drift -compact
.It Pa /etc/ntp.keys
the default name of the configuration file
.El
.Sh SEE ALSO
.Xr ntp.conf 5 ,
.Xr ntpd 8 ,
.Xr ntpdc 8 ,
.Xr ntpdate 8
.Sh HISTORY
Written by
.An David Mills
at the University of Delaware.
.Sh BUGS
.Xr ntpd 8
has gotten rather fat.
While not huge, it has gotten larger than might
be desireable for an elevated-priority daemon running on a workstation,
particularly since many of the fancy features which consume the space
were designed more with a busy primary server, rather than a high
stratum workstation, in mind.