052d159a8b
4.2.8p12 --> 4.2.8p13 MFC after: immediately Security: CVE-2019-8936 VuXML: c2576e14-36e2-11e9-9eda-206a8a720317 Obtained from: nwtime.org
142 lines
3.2 KiB
Plaintext
142 lines
3.2 KiB
Plaintext
@node ntp.keys Notes
|
|
@section Notes about ntp.keys
|
|
@pindex ntp.keys
|
|
@cindex NTP symmetric key file format
|
|
@ignore
|
|
#
|
|
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
|
|
#
|
|
# It has been AutoGen-ed February 20, 2019 at 09:56:41 AM by AutoGen 5.18.5
|
|
# From the definitions ntp.keys.def
|
|
# and the template file agtexi-file.tpl
|
|
@end ignore
|
|
|
|
|
|
|
|
This document describes the format of an NTP symmetric key file.
|
|
For a description of the use of this type of file, see the
|
|
"Authentication Support"
|
|
section of the
|
|
@code{ntp.conf(5)}
|
|
page.
|
|
|
|
@code{ntpd(8)}
|
|
reads its keys from a file specified using the
|
|
@code{-k}
|
|
command line option or the
|
|
@code{keys}
|
|
statement in the configuration file.
|
|
While key number 0 is fixed by the NTP standard
|
|
(as 56 zero bits)
|
|
and may not be changed,
|
|
one or more keys numbered between 1 and 65535
|
|
may be arbitrarily set in the keys file.
|
|
|
|
The key file uses the same comment conventions
|
|
as the configuration file.
|
|
Key entries use a fixed format of the form
|
|
|
|
@example
|
|
@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list}
|
|
@end example
|
|
|
|
where
|
|
@kbd{keyno}
|
|
is a positive integer (between 1 and 65535),
|
|
@kbd{type}
|
|
is the message digest algorithm,
|
|
@kbd{key}
|
|
is the key itself, and
|
|
@kbd{opt_IP_list}
|
|
is an optional comma-separated list of IPs
|
|
where the
|
|
@kbd{keyno}
|
|
should be trusted.
|
|
that are allowed to serve time.
|
|
Each IP in
|
|
@kbd{opt_IP_list}
|
|
may contain an optional
|
|
@code{/subnetbits}
|
|
specification which identifies the number of bits for
|
|
the desired subnet of trust.
|
|
If
|
|
@kbd{opt_IP_list}
|
|
is empty,
|
|
any properly-authenticated message will be
|
|
accepted.
|
|
|
|
The
|
|
@kbd{key}
|
|
may be given in a format
|
|
controlled by the
|
|
@kbd{type}
|
|
field.
|
|
The
|
|
@kbd{type}
|
|
@code{MD5}
|
|
is always supported.
|
|
If
|
|
@code{ntpd}
|
|
was built with the OpenSSL library
|
|
then any digest library supported by that library may be specified.
|
|
However, if compliance with FIPS 140-2 is required the
|
|
@kbd{type}
|
|
must be either
|
|
@code{SHA}
|
|
or
|
|
@code{SHA1}.
|
|
|
|
What follows are some key types, and corresponding formats:
|
|
|
|
@table @asis
|
|
@item @code{MD5}
|
|
The key is 1 to 16 printable characters terminated by
|
|
an EOL,
|
|
whitespace,
|
|
or
|
|
a
|
|
@code{#}
|
|
(which is the "start of comment" character).
|
|
|
|
@item @code{SHA}
|
|
@item @code{SHA1}
|
|
@item @code{RMD160}
|
|
The key is a hex-encoded ASCII string of 40 characters,
|
|
which is truncated as necessary.
|
|
@end table
|
|
|
|
Note that the keys used by the
|
|
@code{ntpq(8)}
|
|
and
|
|
@code{ntpdc(8)}
|
|
programs are checked against passwords
|
|
requested by the programs and entered by hand,
|
|
so it is generally appropriate to specify these keys in ASCII format.
|
|
|
|
This section was generated by @strong{AutoGen},
|
|
using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program.
|
|
This software is released under the NTP license, <http://ntp.org/license>.
|
|
|
|
@menu
|
|
* ntp.keys Files:: Files
|
|
* ntp.keys See Also:: See Also
|
|
* ntp.keys Notes:: Notes
|
|
@end menu
|
|
|
|
@node ntp.keys Files
|
|
@subsection ntp.keys Files
|
|
@table @asis
|
|
@item @file{/etc/ntp.keys}
|
|
the default name of the configuration file
|
|
@end table
|
|
@node ntp.keys See Also
|
|
@subsection ntp.keys See Also
|
|
@code{ntp.conf(5)},
|
|
@code{ntpd(1ntpdmdoc)},
|
|
@code{ntpdate(1ntpdatemdoc)},
|
|
@code{ntpdc(1ntpdcmdoc)},
|
|
@code{sntp(1sntpmdoc)}
|
|
@node ntp.keys Notes
|
|
@subsection ntp.keys Notes
|
|
This document was derived from FreeBSD.
|