ntp.conf(4) File Formats ntp.conf(4)NAMEntp.conf - Configuration file for the NTP Daemon.
DESCRIPTION
The ntp.conf file contains the directives used by the ntpd to configure
itself.
Configuration Commands
server address [options ...]
peer address [options ...]
broadcast address [options ...]
manycastclient address [options ...]
pool address [options ...]
These commands specify the time server name or address to be used
and the mode in which to operate. The address can be either a DNS
name or a IPv4 or IPv6 address in standard notation. In general,
multiple commands of each type can be used for different server and
peer addresses or multicast groups.
server
For type s and r addresses (only), this command mobilizes a persis‐
tent client mode association with the specified remote server or
local reference clock. If the preempt flag is specified, a preempt‐
able client mode association is mobilized instead.
peer
For type s addresses (only), this command mobilizes a persistent
symmetric-active mode association with the specified remote peer.
broadcast
For type b and m ddresses (only), this command mobilizes a persis‐
tent broadcast or multicast server mode association. Note that type
b messages go only to the interface specified, but type m messages
go to all interfaces.
manycastclient
For type m addresses (only), this command mobilizes a manycast
client mode association for the multicast group address specified.
In this mode the address must match the address specified on the
manycastserver command of one or more designated manycast servers.
pool
For type s messages (only) this command mobilizes a client mode
association for servers implementing the pool automatic server dis‐
covery scheme described on the Association Management page at
file:///usr/share/doc/ntp/assoc.html. The address is a DNS name in
the form area.pool.ntp.org, where area is a qualifier designating
the server geographic area such as us or europe.
Command Options
Each of the above configuation commands takes zero or more options from
the list below:
autokey
Send and receive packets authenticated by the autokey scheme
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. This option is valid only
with server and peer commands and type s addresses. It is incompat‐
ible with the key option.
burst
When the server is reachable, send a burst of six packets instead
of the usual one. The packet spacing is normally 2 s; however, the
spacing between the first and second packets can be changed with
the fBcalldelay command to allow additional time for a modem or
ISDN call to complete. This option is valid only with only the
server command and type s addressesa. It is a recommended option
when the maxpoll option is greater than 10 (1024 s).
iburst
When the server is unreachable, send a burst of eight packets
instead of the usual one. The packet spacing is normally 2 s; how‐
ever, the spacing between the first and second packets can be
changed with the calldelay command to allow additional time for a
modem or ISDN call to complete. This option is valid only with the
server command and type s addresses. It is a recommended option
with this command.
key key
Send and receive packets authenticated by the symmetric key scheme
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. This option is valid only
with server and peer commands and type s addresses. The key speci‐
fies the key identifier with values from 1 to 65534, inclusive.
This option is incompatible with the autokey option.
minpoll minpoll
maxpoll maxpoll
These options specify the minimum and maximum poll intervals for
NTP messages, in seconds as a power of two. The maximum poll inter‐
val defaults to 10 (1024 s), but can be increased by the maxpoll
option to an upper limit of 17 (36 h). The minimum poll interval
defaults to 6 (64 s), but can be decreased by the minpoll option to
a lower limit of 4 (16 s). These option are valid only with the
server and peer commands and type s addresses.
mode option
Pass the option to a reference clock driver, where option is an
integer in the range from 0 to 255, inclusive. This option is valid
only with the server command and type r addresses.
noselect
Marks the server or peer to be ignored by the selection algorithm
but visible to the monitoring program. This option is ignored with
the broadcast command.
preempt
Specifies the association as preemptable rather than the default
persistent. This option is ignored with the broadcast command and
is most useful with the manycastclient and pool commands.
prefer
Mark the server as preferred. All other things being equal, this
host will be chosen for synchronization among a set of correctly
operating hosts. See the Mitigation Rules page at
file:///usr/share/doc/ntp/prefer.html for further information. This
option is valid only with the server and peer commands.
true
Mark the association to assume truechimer status; that is, always
survive the selection and clustering algorithms. This option can be
used with any association, but is most useful for reference clocks
with large jitter on the serial port and precision pulse-per-second
(PPS) signals. Caution: this option defeats the algorithms designed
to cast out falsetickers and can allow these sources to set the
system clock. This option is valid only with the server and peer
commands.
ttl ttl
This option specifies the time-to-live ttl for the broadcast comm‐
mand and the maximum ttl for the expanding ring search used by the
manycastclient command. Selection of the proper value, which
defaults to 127, is something of a black art and should be coordi‐
nated with the network administrator.
version version
Specifies the version number to be used for outgoing NTP packets.
Versions 1-4 are the choices, with version 4 the default.
Auxilliary Commands
broadcastclient [novolley]
Enable reception of broadcast server messages to any local inter‐
face (type b address). Ordinarily, upon receiving a message for the
first time, the broadcast client measures the nominal server propa‐
gation delay using a brief client/server exchange, after which it
continues in listen-only mode. If the novolley keyword is present,
the exchange is not used and the value specified in the broadcast‐
delay command is used or, if the broadcastdelay command is not
used, the default 4.0 ms. Note that, in order to avoid accidental
or malicious disruption in this mode, both the server and client
should operate using symmetric key or public key authentication as
described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html. Note that the novolley key‐
word is incompatible with public key authentication.
manycastserver address [...]
Enable reception of manycast client messages (type m)to the multi‐
cast group address(es) (type m) specified. At least one address is
required. Note that, in order to avoid accidental or malicious dis‐
ruption, both the server and client should operate using symmetric
key or public key authentication as described in the Authentication
Options page at file:///usr/share/doc/ntp/authopt.html.
multicastclient address [...]
Enable reception of multicast server messages to the multicast
group address(es) (type m) specified. Upon receiving a message for
the first time, the multicast client measures the nominal server
propagation delay using a brief client/server exchange with the
server, then enters the broadcast client mode, in which it synchro‐
nizes to succeeding multicast messages. Note that, in order to
avoid accidental or malicious disruption in this mode, both the
server and client should operate using symmetric key or public key
authentication as described in the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html.
Reference Clock Commands
server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int]
This command can be used to configure reference clocks in special
ways. The options are interpreted as follows:
prefer
Marks the reference clock as preferred. All other things being
equal, this host will be chosen for synchronization among a set of
correctly operating hosts. See the Mitigation Rules page at
file:///usr/share/doc/ntp/prefer.html for further information.
mode int
Specifies a mode number which is interpreted in a device-specific
fashion. For instance, it selects a dialing protocol in the ACTS
driver and a device subtype in the parse drivers.
minpoll int
maxpoll int
These options specify the minimum and maximum polling interval for
reference clock messages in seconds, interpreted as dual logarithms
(2 ^ x). For most directly connected reference clocks, both minpoll
and maxpoll default to 6 (2^16 = 64 s). For modem reference clocks,
minpoll defaults to 10 (2^10 = 1024 s = 17.1 m) and maxpoll
defaults to 14 (2^14 = 16384 s = 4.25 h). The allowable range is 4
(16 s) to 17 (36.4 h) inclusive.
fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string]
[mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1]
This command can be used to configure reference clocks in special
ways. It must immediately follow the server command which config‐
ures the driver. Note that the same capability is possible at run
time using the ntpdc program. The options are interpreted as fol‐
lows:
time1 sec
Specifies a constant to be added to the time offset produced by the
driver, a fixed-point decimal number in seconds. This is used as a
calibration constant to adjust the nominal time offset of a partic‐
ular clock to agree with an external standard, such as a precision
PPS signal. It also provides a way to correct a systematic error or
bias due to serial port or operating system latencies, different
cable lengths or receiver internal delay. The specified offset is
in addition to the propagation delay provided by other means, such
as internal DIPswitches. Where a calibration for an individual sys‐
tem and driver is available, an approximate correction is noted in
the driver documentation pages.
Note: in order to facilitate calibration when more than one radio
clock or PPS signal is supported, a special calibration feature is
available. It takes the form of an argument to the enable command
and operates as described in the Reference Clock Drivers page at
file:///usr/share/doc/ntp/refclock.html.
time2 secs
Specifies a fixed-point decimal number in seconds, which is inter‐
preted in a driver-dependent way. See the descriptions of specific
drivers in the Reference Clock Drivers page at
file:///usr/share/doc/ntp/refclock.html.
stratum int
Specifies the stratum number assigned to the driver, an integer
between 0 and 15. This number overrides the default stratum number
ordinarily assigned by the driver itself, usually zero.
refid string
Specifies an ASCII string of from one to four characters which
defines the reference identifier used by the driver. This string
overrides the default identifier ordinarily assigned by the driver
itself.
mode int
Specifies a mode number which is interpreted in a device-specific
fashion. For instance, it selects a dialing protocol in the ACTS
driver and a device subtype in the parse drivers.
flag1 flag2 flag3 flag4
These four flags are used for customizing the clock driver. The
interpretation of these values, and whether they are used at all,
is a function of the particular clock driver. However, by conven‐
tion flag4 is used to enable recording monitoring data to the
clockstats file configured with the filegen command.
Authentication Commands
autokey [logsec]
Specifies the interval between regenerations of the session key
list used with the Autokey protocol. Note that the size of the key
list for each association depends on this interval and the current
poll interval. The default value is 12 (4096 s or about 1.1 hours).
For poll intervals above the specified interval, a session key list
with a single entry will be regenerated for every message sent.
controlkey key
Specifies the key identifier to use with the ntpq utility, which
uses the standard protocol defined in RFC-1305. The key argument is
the key identifier for a trusted key, where the value can be in the
range 1 to 65,534, inclusive.
crypto [randfile file] [host name] [ident name] [pw password]
This command requires the OpenSSL library. It activates public key
cryptography and loads the required public/private encryption and
sign kyes and public certificat. If one or more files are left
unspecified, the default names are used as described below. Unless
the complete path and name of the file are specified, the location
of a file is relative to the keys directory specified in the keys‐
dir command or default /etc/inet. Following are the subcommands.
host name
Specifies the host name used in the host key link ntpkey_host_name,
sign key link ntpkey_sign_name and certificate link ntp‐
key_cert_name. The ntp-keygen program automatically installs these
links to the most recently generated files.
ident name
Specifies the group name used in the identity key link ntp‐
key_key_name, where key identifies the key type described on the
ntp-keygen page. The ntp-keygen program automatically installs
these links to the most recently generated files.
pw password
Specifies the password to decrypt files previously encrypted by the
ntp-keygen program.
randfile file
Specifies the location of the random seed file used by the OpenSSL
library. The defaults are described on the ntp-keygen(1m) man page.
keys keyfile
Specifies the complete path to the MD5 key file containing the keys
and key identifiers used by ntpd, ntpq and ntpdc when operating
with symmetric key cryptography. This is the same operation as the
-k command line option.
keysdir path
This command specifies the default directory path for cryptographic
keys, parameters and certificates. The default is /etc/inet/.
requestkey key
Specifies the key identifier to use with the ntpdc utility program,
which uses a proprietary protocol specific to this implementation
of ntpd. The key argument is a key identifier for the trusted key,
where the value can be in the range 1 to 65,534, inclusive.
revoke [logsec]
Specifies the interval between re-randomization of certain crypto‐
graphic values used by the Autokey scheme, as a power of 2 in sec‐
onds. These values need to be updated frequently in order to
deflect brute-force attacks on the algorithms; however, updating
some values is a relatively expensive operation. The default inter‐
val is 16 (65,536 s or about 18 hours). For poll intervals above
the specified interval, the values will be updated for every mes‐
sage sent.
trustedkey key [...]
Specifies the key identifiers which are trusted for the purposes of
authenticating peers with symmetric key cryptography, as well as
keys used by the ntpq and ntpdc programs. The authentication proce‐
dures require that both the local and remote servers share the same
key and key identifier for this purpose, although different keys
can be used with different servers. The key arguments are 32-bit
unsigned integers with values from 1 to 65,534.
Access Control Commands
discard [ average avg ][ minimum min ] [ monitor prob ]
Set the parameters of the limited facility which protects the
server from client abuse. The average subcommand specifies the min‐
imum average packet spacing, while the minimum subcommand specifies
the minimum packet spacing. Packets that violate these minima are
discarded and a kiss-o'-death packet returned if enabled. The
default minimum average and minimum are 5 and 2, respectively. The
monitor subcommand specifies the probability of discard for packets
that overflow the rate-control window.
restrict address [mask mask] [flag][...]
The address argument expressed in dotted-quad form is the address
of a host or network. Alternatively, the address argument can be a
valid host DNS name. The mask argument expressed in dotted-
quad form defaults to 255.255.255.255, meaning that the address is
treated as the address of an individual host. A default entry
(address 0.0.0.0, mask 0.0.0.0) is always included and is always
the first entry in the list. Note that text string default, with no
mask option, may be used to indicate the default entry.
In the current implementation, flag always restricts access, i.e.,
an entry with no flags indicates that free access to the server is
to be given. The flags are not orthogonal, in that more restrictive
flags will often make less restrictive ones redundant. The flags
can generally be classed into two catagories, those which restrict
time service and those which restrict informational queries and
attempts to do run-time reconfiguration of the server. One or more
of the following flags may be specified:
ignore
Deny packets of all kinds, including ntpq and ntpdc queries.
kod
If this flag is set when an access violation occurs, a kiss-
o'-death (KoD) packet is sent. KoD packets are rate limited to no
more than one per second. If another KoD packet occurs within one
second after the last one, the packet is dropped
limited
Deny service if the packet spacing violates the lower limits speci‐
fied in the discard command. A history of clients is kept using the
monitoring capability of ntpd. Thus, monitoring is always active as
long as there is a restriction entry with the limited flag.
lowpriotrap
Declare traps set by matching hosts to be low priority. The number
of traps a server can maintain is limited (the current limit is 3).
Traps are usually assigned on a first come, first served basis,
with later trap requestors being denied service. This flag modifies
the assignment algorithm by allowing low priority traps to be over‐
ridden by later requests for normal priority traps.
nomodify
Deny ntpq and ntpdc queries which attempt to modify the state of
the server (i.e., run time reconfiguration). Queries which return
information are permitted.
noquery
Deny ntpq and ntpdc queries. Time service is not affected.
nopeer
Deny packets which would result in mobilizing a new association.
This includes broadcast, symmetric-active and manycast client
packets when a configured association does not exist.
noserve
Deny all packets except ntpq and ntpdc queries.
notrap
Decline to provide mode 6 control message trap service to matching
hosts. The trap service is a subsystem of the ntpdq control message
protocol which is intended for use by remote event logging pro‐
grams.
notrust
Deny packets unless the packet is cryptographically authenticated.
ntpport
This is actually a match algorithm modifier, rather than a restric‐
tion flag. Its presence causes the restriction entry to be matched
only if the source port in the packet is the standard NTP UDP port
(123). Both ntpport and non-ntpport may be specified. The ntpport
is considered more specific and is sorted later in the list.
version
Deny packets that do not match the current NTP version.
Monitoring Commands
statistics name [...]
Enables writing of statistics records. Currently, six kinds of
namestatistics are supported.
clockstats
Enables recording of clock driver statistics information. Each
update received from a clock driver appends a line of the following
form to the file generation set named clockstats:
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next field shows the
clock address in dotted-quad notation, The final field shows the
last timecode received from the clock in decoded ASCII format,
where meaningful. In some clock drivers a good deal of additional
information can be gathered and displayed as well. See information
specific to each clock for further details.
cryptostats
This option requires the OpenSSL cryptographic software library. It
enables recording of cryptographic public key protocol information.
Each message received by the protocol module appends a line of the
following form to the file generation set named cryptostats:
49213 525.624 127.127.4.1 message
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next field shows the
peer address in dotted-quad notation, The final message field
includes the message type and certain ancillary information. See
the Authentication Options page at
file:///usr/share/doc/ntp/authopt.html for further information.
loopstats
Enables recording of loop filter statistics information. Each
update of the local clock outputs a line of the following form to
the file generation set named loopstats:
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 6
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next five fields show
time offset (seconds), frequency offset (parts per million - PPM),
RMS jitter (seconds), Allan deviation (PPM) and clock discipline
time constant.
peerstats
Enables recording of peer statistics information. This includes
statistics records of all peers of a NTP server and of special sig‐
nals, where present and configured. Each valid update appends a
line of the following form to the current element of a file genera‐
tion set named peerstats:
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000
0.001424877 0.000958674
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next two fields show
the peer address in dotted-quad notation and status, respectively.
The status field is encoded in hex in the format described in Ap‐
pendix B of the NTP specification RFC 1305. The final four fields
show the offset, delay, dispersion and RMS jitter, all in seconds.
rawstats
Enables recording of raw-timestamp statistics information. This
includes statistics records of all peers of a NTP server and of
special signals, where present and configured. Each NTP message
received from a peer or clock driver appends a line of the follow‐
ing form to the file generation set named rawstats:
50928 2132.2543 128.4.1.1 128.4.1.20 3102453281.2584327000
3102453281.258622800031 02453332.2540806000 3102453332.2541458000
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The next two fields show
the remote peer or clock address followed by the local address in
dotted-quad notation, The final four fields show the originate,
receive, transmit and final NTP timestamps in order. The timestamp
values are as received and before processing by the various data
smoothing and mitigation algorithms.
sysstats
Enables recording of ntpd statistics counters on a periodic basis.
Each hour a line of the following form is appended to the file gen‐
eration set named sysstats:
50928 2132.2543 36000 81965 0 9546 56 71793 512 540 10 147
The first two fields show the date (Modified Julian Day) and time
(seconds and fraction past UTC midnight). The remaining ten fields
show the statistics counter values accumulated since the last gen‐
erated line.
Time since restart 36000: Time in hours since the system was last
rebooted.
Packets received 81965: Total number of packets received.
Packets processed 0: Number of packets received in response to pre‐
vious packets sent
Current version 9546: Number of packets matching the current NTP
version.
Previous version 56: Number of packets matching the previous NTP
version.
Bad version 71793: Number of packets matching neither NTP version.
Access denied 512: Number of packets denied access for any reason.
Bad length or format 540: Number of packets with invalid length,
format or port number.
Bad authentication 10: Number of packets not verified as authentic.
Rate exceeded 147: Number of packets discarded due to rate limita‐
tion.
statsdir directory_path
Indicates the full path of a directory where statistics files
should be created (see below). This keyword allows the (otherwise
constant) filegen filename prefix to be modified for file genera‐
tion sets, which is useful for handling statistics logs.
filegen name [file filename] [type typename] [link | nolink] [enable |
disable]
Configures setting of generation file set name. Generation file
sets provide a means for handling files that are continuously grow‐
ing during the lifetime of a server. Server statistics are a typi‐
cal example for such files. Generation file sets provide access to
a set of files used to store the actual data. At any time at most
one element of the set is being written to. The type given speci‐
fies when and how data will be directed to a new element of the
set. This way, information stored in elements of a file set that
are currently unused are available for administrational operations
without the risk of disturbing the operation of ntpd. (Most impor‐
tant: they can be removed to free space for new data produced.)
Note that this command can be sent from the ntpdc program running
at a remote location.
name This is the type of the statistics records, as shown in the
statistics command.
file filename
This is the file name for the statistics records. Filenames
of set members are built from three concatenated elements
prefix, filename and suffix:
prefix This is a constant filename path. It is not subject to modi‐
fications via the filegen option. It is defined by the
server, usually specified as a compile-time constant. It
may, however, be configurable for individual file generation
sets via other commands. For example, the prefix used with
loopstats and peerstats generation can be configured using
the statsdir option explained above.
filename
This string is directly concatenated to the prefix mentioned
above (no intervening / (slash)). This can be modified using
the file argument to the filegen statement. No .. elements
are allowed in this component to prevent filenames referring
to parts outside the filesystem hierarchy denoted by prefix.
suffix This part is reflects individual elements of a file set. It
is generated according to the type of a file set.
type typename
A file generation set is characterized by its type. The fol‐
lowing types are supported:
none The file set is actually a single plain file.
pid One element of file set is used per incarnation of a
ntpd server. This type does not perform any changes to
file set members during runtime, however it provides
an easy way of separating files belonging to different
ntpd server incarnations. The set member filename is
built by appending a . (dot) to concatenated prefix
and filename strings, and appending the decimal repre‐
sentation of the process ID of the ntpd server
process.
day One file generation set element is created per day. A
day is defined as the period between 00:00 and 24:00
UTC. The file set member suffix consists of a . (dot)
and a day specification in the form YYYYMMdd. YYYY is
a 4-digit year number (e.g., 1992). MM is a two digit
month number. dd is a two digit day number. Thus, all
information written at 10 December 1992 would end up
in a file named prefix filename.19921210.
week Any file set member contains data related to a certain
week of a year. The term week is defined by computing
day-of-year modulo 7. Elements of such a file genera‐
tion set are distinguished by appending the following
suffix to the file set filename base: A dot, a 4-digit
year number, the letter W, and a 2-digit week number.
For example, information from January, 10th 1992 would
end up in a file with suffix .1992W1.
month One generation file set element is generated per
month. The file name suffix consists of a dot, a
4-digit year number, and a 2-digit month.
year One generation file element is generated per year. The
filename suffix consists of a dot and a 4 digit year
number.
age This type of file generation sets changes to a new
element of the file set every 24 hours of server oper‐
ation. The filename suffix consists of a dot, the let‐
ter a, and an 8-digit number. This number is taken to
be the number of seconds the server is running at the
start of the corresponding 24-hour period. Information
is only written to a file generation by specifying
enable; output is prevented by specifying disable.
link | nolink
It is convenient to be able to access the current element of
a file generation set by a fixed name. This feature is
enabled by specifying link and disabled using nolink. If
link is specified, a hard link from the current file set
element to a file without suffix is created. When there is
already a file with this name and the number of links of
this file is one, it is renamed appending a dot, the letter
C, and the pid of the ntpd server process. When the number
of links is greater than one, the file is unlinked. This
allows the current file to be accessed by a constant name.
enable | disable
Enables or disables the recording function.
broadcastdelay seconds
The broadcast and multicast modes require a special calibration to
determine the network delay between the local and remote servers.
Ordinarily, this is done automatically by the initial protocol
exchanges between the client and server. In some cases, the cali‐
bration procedure may fail due to network or server access con‐
trols, for example. This command specifies the default delay to be
used under these circumstances. Typically (for Ethernet), a number
between 0.003 and 0.007 seconds is appropriate. The default when
this command is not used is 0.004 seconds.
calldelay delay
This option controls the delay in seconds between the first and
second packets sent in burst or iburst mode to allow additional
time for a modem or ISDN call to complete.
driftfile driftfile { tolerance ]
This command specifies the complete path and name of the file used
to record the frequency of the local clock oscillator. This is the
same operation as the -f command linke option. If the file exists,
it is read at startup in order to set the initial frequency and
then updated once per hour with the current frequency computed by
the daemon. If the file name is specified, but the file itself does
not exist, the starts with an initial frequency of zero and creates
the file when writing it for the first time. If this command is not
given, the daemon will always start with an initial frequency of
zero.
The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM). The file is updated by first writing
the current drift value into a temporary file and then renaming
this file to replace the old version. This implies that ntpd must
have write permission for the directory the drift file is located
in, and that file system links, symbolic or otherwise, should be
avoided.
The parameter tolerance is the wander threshold to skip writing the
new value. If the value of wander computed from recent frequency
changes is greater than this threshold the file will be updated
once per hour. If below the threshold, the file will not be writ‐
ten.
enable [ auth | bclient | calibrate | kernel | monitor | ntp | pps |
stats]
disable [ auth | bclient | calibrate | kernel | monitor | ntp | pps |
stats ]
Provides a way to enable or disable various system options. Flags
not mentioned are unaffected. Note that all of these flags can be
controlled remotely using the ntpdc utility program.
auth
Enables the server to synchronize with unconfigured peers only if
the peer has been correctly authenticated using either public key
or private key cryptography. The default for this flag is enable.
bclient
Enables the server to listen for a message from a broadcast or mul‐
ticast server, as in the multicastclient command with default
address. The default for this flag is disable.
calibrate
Enables the calibrate feature for reference clocks. The default for
this flag is disable.
kernel
Enables the kernel time discipline, if available. The default for
this flag is enable if support is available, otherwise disable.
monitor
Enables the monitoring facility. See the ntpdc program and the mon‐
list command or further information. The default for this flag is
enable.
ntp
Enables time and frequency discipline. In effect, this switch opens
and closes the feedback loop, which is useful for testing. The
default for this flag is enable.
pps
Enables the pulse-per-second (PPS) signal when frequency and time
is disciplined by the precision time kernel modifications. See the
Kernel Model for Precision Timekeeping page at
file:///usr/share/doc/ntp/kern.html for further information. The
default for this flag is disable.
stats
Enables the statistics facility. The default for this flag is dis‐
able
includefile includefile
This command allows additional configuration commands to be
included from a separate file. Include files may be nested to a
depth of five; upon reaching the end of any include file, command
processing resumes in the previous configuration file. This option
is useful for sites that run ntpd on multiple hosts, with (mostly)
common options (e.g., a restriction list).
logconfig configkeyword
This command controls the amount and type of output written to the
system syslog facility or the alternate logfile log file. All con‐
figkeyword keywords can be prefixed with =, + and -, where = sets
the syslogmask, + adds and - removes messages. syslog messages can
be controlled in four classes (clock, peer, sys and sync). Within
these classes four types of messages can be controlled: informa‐
tional messages (info), event messages (events), statistics mes‐
sages (statistics) and status messages (status).
Configuration keywords are formed by concatenating the message
class with the event class. The all prefix can be used instead of a
message class. A message class may also be followed by the all key‐
word to enable/disable all messages of the respective message
class. By default, logconfig output is set to allsync.
Thus, a minimal log configuration could look like this:
logconfig=syncstatus +sysevents
This would just list the synchronizations state of ntpd and the
major system events. For a simple reference server, the following
minimum message configuration could be useful:
logconfig=allsync +allclock
This configuration will list all clock information and synchroniza‐
tion information. All other events and messages about peers, system
events and so on is suppressed.
logfile logfile
This command specifies the location of an alternate log file to be
used instead of the default system syslog facility. This is the
same operation as the -l command line option.
phone dial1 dial2 ...
This command is used in conjunction with the ACTS modem driver
(type 18). The arguments consist of a maximum of 10 telephone num‐
bers used to dial USNO, NIST or European time services. The Hayes
command ATDT is normally prepended to the number, which can
contain other modem control codes as well.
setvar variable [default]
This command adds an additional system variable. These variables
can be used to distribute additional information such as the access
policy. If the variable of the form name = value is followed by the
default keyword, the variable will be listed as part of the default
system variables (ntpq rv command). These additional variables
serve informational purposes only. They are not related to the pro‐
tocol other that they can be listed. The known protocol variables
will always override any variables defined via the setvar mecha‐
nism. There are three special variables that contain the names of
all variable of the same group. The sys_var_list holds the names of
all system variables. The peer_var_list holds the names of all peer
variables and the clock_var_list holds the names of the reference
clock variables.
tinker [ allan allan | dispersion dispersion | freq freq | huffpuff
huffpuff | panic panic | step step | stepout stepout ]
This command can be used to alter several system variables in very
exceptional circumstances. It should occur in the configuration
file before any other configuration options. The default values of
these variables have been carefully optimized for a wide range of
network speeds and reliability expectations. In general, they
interact in intricate ways that are hard to predict and some combi‐
nations can result in some very nasty behavior. Very rarely is it
necessary to change the default values; but, some folks can't
resist twisting the knobs anyway and this command is for them.
Emphasis added: twisters are on their own and can expect no help
from the support group.
The variables operate as follows:
allan allan
The argument becomes the new value for the Allan intercept,
which is a parameter of the PLL/FLL clock discipline algo‐
rithm. The value is in seconds with default 1500 s, which is
appropriate for most computer clocks.
dispersion dispersion
The argument becomes the new value for the dispersion
increase rate, normally .000015 s/s.
freq freq
The argument becomes the initial value of the frequency off‐
set in parts-per-million. This overrides the value in the
frequency file, if present, and avoids the initial training
state if it is not.
huffpuff huffpuff
The argument becomes the new value for the experimental huff-
n'-puff filter span, which determines the most recent inter‐
val the algorithm will search for a minimum delay. The lower
limit is 900 s (15 m), but a more reasonable value is 7200 (2
hours). There is no default, since the filter is not enabled
unless this command is given.
panic panic
The argument is the panic threshold, by default 1000 s. If
set to zero, the panic sanity check is disabled and a clock
offset of any value will be accepted.
step step
The argument is the step threshold, by default 0.128 s. It
can be set to any positive number in seconds. If set to zero,
step adjustments will never occur. Note: The kernel time
discipline is disabled if the step threshold is set to zero
or greater than the default.
stepout stepout
The argument is the stepout timeout, by default 900 s. It can
be set to any positive number in seconds. If set to zero, the
stepout pulses will not be suppressed.
tos [ beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor |
orphan orphan | maxdistance maxdistance | minclock minclock | minsane
minsane ]
This command affects the clock selection and clustering algorithms.
It can be used to select the quality and quantity of peers used to
synchronize the system clock and is most useful in manycast mode.
The variables operate as follows:
beacon beacon
The manycast server sends packets at intervals of 64 s if
less than maxclock servers are available. Otherwise, it
sends packets at the beacon interval in seconds. The default
is 3600 s.
ceiling ceiling
Servers with stratum at or above ceiling will be discarded if
there are at least minclock peers remaining. This value
defaults to 15, but can be changed to any number from 1 to
15.
cohort { 0 | 1 }
This is a binary flag which enables (0) or disables (1) many‐
cast server replies to manycast clients with the same stratum
level. This is useful to reduce implosions where large num‐
bers of clients with the same stratum level are present. The
default is to enable these replies.
floor floor
Peers with strata below floor will be discarded if there are
at least minclock peers remaining. This value defaults to 1,
but can be changed to any number from 1 to 15.
orphan stratum
If stratum is set at some value less than 16 a special orphan
mode is enterred when no outside source of synchronization is
available. To use orphan mode a number of participants are
identically configured both as broadcast client and as broad‐
cast server. One or more participants are configured to use
an outside source, either a reference clock or another Inter‐
net server. When the source or sources fail, the system stra‐
tum is set at stratum and a leader is elected to serve as the
reference source. When an outside source of synchronization
is again available, the orphan mode is disabled.
mindist mindistance
The slection algorithm normally pads each intersection a min‐
imum of one millisecond to avoid needless classification. In
some cases, such as reference clocks with high jitter and a
PPS signal, it is useful to increase the padding. This com‐
mand can be used for that purpose. As a general rule, set the
mindistance to the maximum expected offset plus the maxiumum
expected jitter, in seconds.
maxdist maxdistance
The selection algorithm accumulates a number of packets
before setting the clock in order to use the best data avail‐
able. The number is determined by the synchronization dis‐
tance for each association and a limit called the distance
threshold. The synchronization distance starts at 16, then
drops by a factor of about two as each packet is received.
The default distance threshold is 1.0, which usually results
in four packets. Setting maxdistance to some value between 1
and 16 can be used to change the number of packets required.
For instance, setting it to 16 will set the clock on the
first packet received; howver, setting it to this value
essentially disables the mitigation and grooming algorithms.
minclock minclock
The clustering algorithm repeatedly casts out outlyer associ‐
ations until no more than minclock associations remain. This
value defaults to 3, but can be changed to any number from 1
to the number of configured sources.
minsane minsane
This is the minimum number of candidates available to the
clock selection algorithm in order to produce one or more
truechimers for the clustering algorithm. If fewer than this
number are available, the clock is undisciplined and allowed
to run free. The default is 1 for legacy purposes. However,
according to principles of Byzantine agreement, minsane
should be at least 4 in order to detect and discard a single
falseticker.
ttl hop ...
This command specifies a list of TTL values in increasing order. up
to 8 values can be specified. In manycast mode these values are
used in turn in an expanding-ring search. The default is eight mul‐
tiples of 32 starting at 31.
trap host_address [port port_number] [interface interface_address]
This command configures a trap receiver at the given host address
and port number for sending messages with the specified local
interface address. If the port number is unspecified, a value of
18447 is used. If the interface address is not specified, the mes‐
sage is sent with a source address of the local interface the mes‐
sage is sent through. Note that on a multihomed host the interface
used may vary from time to time with routing changes.
The trap receiver will generally log event messages and other
information from the server in a log file. While such monitor pro‐
grams may also request their own trap dynamically, configuring a
trap receiver will ensure that no messages are lost when the server
is started.
ttl hop ...
This command specifies a list of TTL values in increasing order. up
to 8 values can be specified. In manycast mode these values are
used in turn in an expanding-ring search. The default is eight mul‐
tiples of 32 starting at 31.
FILES
/etc/inet/ntp.conf
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWntp4u │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Uncommitted │
└─────────────────────────────┴─────────────────────────────┘
NOTES
The documentation available at /usr/share/doc/ntp is provided as is
from the NTP distribution and may contain information that is not
applicable to the software as provided in this partIcular distribution.
The package nameassociated with this file will be changed in the next
release and should not be relied on.
SEE ALSOntpd(1M)ntp.conf(4)
