diff -up ntp-4.2.6p5/html/accopt.html.htmldoc ntp-4.2.6p5/html/accopt.html

--- ntp-4.2.6p5/html/accopt.html.htmldoc	2009-12-09 08:36:36.000000000 +0100

+++ ntp-4.2.6p5/html/accopt.html	2015-02-10 14:55:24.467289637 +0100

@@ -94,8 +94,10 @@ time) in log<sub>2</sub> s with default

 
<tt>restrict address [mask mask] [flag][...]</tt>

 
The <tt>address</tt> argument expressed in dotted-quad form is the

-	address of a host or network. Alternatively, the <tt>address</tt> argument

-	can be a valid host DNS name. The <tt>mask</tt> argument expressed in

+	address of a host or network. Alternatively, the <tt>address</tt> argument can be a

+	valid host DNS name, but it must be resolvable at the time when <tt>ntpd</tt> is started and

+	if it's resolved to multiple addresses, only the first address will be added to the list.

+	The <tt>mask</tt> argument expressed in

 	dotted-quad form defaults to 255.255.255.255, meaning that the <tt>address</tt> is

 	treated as the address of an individual host. A default entry (address 0.0.0.0,

 	mask 0.0.0.0) is always included and is always the first entry in the list.

diff -up ntp-4.2.6p5/html/authopt.html.htmldoc ntp-4.2.6p5/html/authopt.html

--- ntp-4.2.6p5/html/authopt.html.htmldoc	2011-07-11 04:18:25.000000000 +0200

+++ ntp-4.2.6p5/html/authopt.html	2013-03-28 18:04:38.581260191 +0100

@@ -364,7 +364,7 @@ UTC

 	are left unspecified, the default names are used as described below. Unless

 	the complete path and name of the file are specified, the location of a file

 	is relative to the keys directory specified in the <tt>keysdir</tt> configuration

-	command or default <tt>/usr/local/etc</tt>. Following are the options.

+	command or default <tt>/etc/ntp/crypto</tt>. Following are the options.

@@ -396,7 +396,7 @@ UTC

 
Specifies the complete path to the MD5 key file containing the keys and key IDs used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option. Note that the directory path for Autokey media is specified by the <tt>keysdir</tt> command.

 
<tt>keysdir path</tt>K

-
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.

+
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.

 
<tt>requestkey keyid</tt>

 
Specifies the key ID to use with the

diff -up ntp-4.2.6p5/html/keygen.html.htmldoc ntp-4.2.6p5/html/keygen.html

--- ntp-4.2.6p5/html/keygen.html.htmldoc	2011-07-11 04:18:26.000000000 +0200

+++ ntp-4.2.6p5/html/keygen.html	2013-03-28 18:04:38.581260191 +0100

@@ -206,7 +206,6 @@

 
All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports <tt>ssh</tt>, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the <tt>ntp-keygen</tt> program or <tt>ntpd</tt> daemon.

 
The OpenSSL library looks for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library looks for the <tt>.rnd</tt> file in the user home directory. Since both the <tt>ntp-keygen</tt> program and <tt>ntpd</tt> daemon must run as root, the logical place to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the file is not available or cannot be written, the program exits with a message to the system log.

-
On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.

 
Cryptographic Data Files

diff -up ntp-4.2.6p5/html/ntpd.html.htmldoc ntp-4.2.6p5/html/ntpd.html

--- ntp-4.2.6p5/html/ntpd.html.htmldoc	2011-07-11 04:18:26.000000000 +0200

+++ ntp-4.2.6p5/html/ntpd.html	2015-02-23 12:11:24.719093119 +0100

@@ -35,11 +35,11 @@

 		<tt>ntpd [ -46aAbdDgLnNqx ] [ -c conffile ] [ -f driftfile ] [ -i jaildir ] [ -I iface ] [ -k keyfile ] [ -l logfile ] [ -p pidfile ] [ -P priority ] [ -r broadcastdelay ] [ -s statsdir ] [ -t key ] [ -u user[:group] ] [ -U interface_update_interval ] [ -v variable ] [ -V variable ]</tt>

 		
Description

 		
The <tt>ntpd</tt> program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the Association Management page, and with both symmetric key and public key cryptography, as described on the Authentication Options page.

-		
The <tt>ntpd</tt> program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the Automatic Server Discovery page.

+		
The <tt>ntpd</tt> program ordinarily requires a configuration file as described on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the Automatic Server Discovery page.

 		
Once the NTP software distribution has been compiled and installed and the configuration file constructed, the next step is to verify correct operation and fix any bugs that may result. Usually, the command line that starts the daemon is included in the system startup file, so it is executed only at system boot time; however, the daemon can be stopped and restarted from root at any time. Once started, the daemon will begin sending and receiving messages, as specified in the configuration file.

 		
Setting the Time and Frequency

 		
The <tt>ntpd</tt> program operates by exchanging messages with one or more servers at designated intervals ranging from about one minute to about 17 minutes. When started, the program requires several exchanges while the algorithms accumulate and groom the data before setting the clock. The initial delay to set the clock can be reduced using options on the Server Options page.

-		
Most compters today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. In case there is no TOY chip or the TOY time is more than 1000 s from the server time, <tt>ntpd</tt> assumes something must be terribly wrong and exits with a panic message to the system operator. With the <tt>-g</tt> option the clock will be initially set to the server time regardless of the chip time. However, once the clock has been set, an error greater than 1000 s will cause <tt>ntpd</tt> to exit anyway.

+		
Most computers today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. In case there is no TOY chip or the TOY time is more than 1000 s from the server time, <tt>ntpd</tt> assumes something must be terribly wrong and exits with a panic message to the system operator. With the <tt>-g</tt> option the clock will be initially set to the server time regardless of the chip time. However, once the clock has been set, an error greater than 1000 s will cause <tt>ntpd</tt> to exit anyway.

 		
Under ordinary conditions, <tt>ntpd</tt> slews the clock so that the time is effectively continuous and never runs backwards. If due to extreme network congestion an error spike exceeds the step threshold, by default 128 ms, the spike is discarded. However, if the error persists for more than the stepout threshold, by default 900 s, the system clock is stepped to the correct value. In practice the need for a step has is extremely rare and almost always the result of a hardware failure. With the <tt>-x</tt> option the step threshold is increased to 600 s. Other options are available using the <tt>tinker</tt> command on the Miscellaneous Options page.

 		
The issues should be carefully considered before using these options. The maximum slew rate possible is limited to 500 parts-per-million (PPM) by the Unix kernel. As a result, the clock can take 2000 s for each second the clock is outside the acceptable range. During this interval the clock will not be consistent with any other network clock and the system cannot be used for distributed applications that require correctly synchronized network time.

 		
The frequency file, usually called <tt>ntp.drift</tt>, contains the latest estimate  of clock frequency. If this file does not exist when <tt>ntpd</tt> is started, it enters a special mode designed to measure the particular frequency directly. The measurement takes 15 minutes, after which the frequency is set and <tt>ntpd</tt> resumes normal mode where the time and frequency are continuously adjusted. The frequency file is updated at intervals of an hour or more depending on the measured clock stability.

@@ -70,7 +70,7 @@

 			tally the leap warning bits of surviving servers and reference clocks.

 			When a majority of the survivors show warning, a leap is programmed

 			at the end of the current month. During the month and day of insertion,

-			they operate as above. In this way the leap is is propagated at all

+			they operate as above. In this way the leap is propagated at all

 			dependent servers and clients.

 	
Additional Features

 		
A new experimental feature called interleaved modes can be used  in NTP

@@ -143,26 +143,8 @@

 			
Specify a user, and optionally a group, to switch to. This option is only available if the OS supports running the server without full root privileges. Currently, this option is supported under NetBSD (configure with <tt>--enable-clockctl</tt>) and Linux (configure with --<tt>enable-linuxcaps</tt>).

 			
<tt>-U interface update interval</tt>

 			
Number of seconds to wait between interface list scans to pick up new and delete network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes.

-			
<tt>-v variable</tt>

-			
<tt>-V variable</tt>

-			
Add a system variable listed by default.

 			
<tt>-x</tt>

 			
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the <tt>-g</tt> and <tt>-q</tt> options. See the <tt>tinker</tt> command for other options. Note: The kernel time discipline is disabled with this option.

-			
<tt>--pccfreq frequency</tt>

-			
Substitute processor cycle counter for QueryPerformanceCounter unconditionally

-				using the given frequency (in Hz). <tt>--pccfreq</tt> can be used on systems

-				which do not use the PCC to implement QueryPerformanceCounter

-				and have a fixed PCC frequency. The frequency specified must

-				be accurate within 0.5 percent. <tt>--usepcc</tt> is equivalent on many systems and should

-				be tried first, as it does not require determining the frequency

-				of the processor cycle counter. For x86-compatible processors, the PCC is

-				also referred to as <tt>RDTSC</tt>, which is the assembly-language instruction to retrieve

-				the current value.  (Windows only)

-			
<tt>--usepcc</tt>

-			
Substitute processor cycle counter for QueryPerformanceCounter if they

-				appear equivalent. This option should be used only if the PCC

-				frequency is fixed. Power-saving functionality on many laptops varies the

-			PCC frequency. (Windows only)

 		
The Configuration File

 		
Ordinarily, <tt>ntpd</tt> reads the <tt>ntp.conf</tt> configuration file at startup in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast client, with servers determined by listening to broadcasts at run time.

@@ -214,14 +196,14 @@

 				statistics path

-				<tt>/var/NTP</tt>

+				<tt>/var/log/ntpstats/</tt>

 				<tt>-s</tt>

 				<tt>statsdir</tt>

 				keys path

-				<tt>/usr/local/etc</tt>

-				<tt>-k</tt>

+				<tt>/etc/ntp/crypto</tt>

+				<tt>none</tt>

 				<tt>keysdir</tt>

diff -up ntp-4.2.6p5/html/ntpdate.html.htmldoc ntp-4.2.6p5/html/ntpdate.html

--- ntp-4.2.6p5/html/ntpdate.html.htmldoc	2013-03-28 18:04:38.556260210 +0100

+++ ntp-4.2.6p5/html/ntpdate.html	2013-03-28 18:04:38.582260190 +0100

@@ -43,7 +43,7 @@

 			
<tt>-e authdelay</tt>

 			
Specify the processing delay to perform an authentication function as the value authdelay, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.

 			
<tt>-k keyfile</tt>

-			
Specify the path for the authentication key file as the string keyfile. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.

+			
Specify the path for the authentication key file as the string keyfile. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>.

 			
<tt>-o version</tt>

 			
Specify the NTP version for outgoing packets as the integer version, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.

 			
<tt>-p samples</tt>

@@ -66,7 +66,7 @@

 		
Diagnostics

 		<tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.

 		
Files

-		<tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>.

+		<tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>.

 		
Bugs

 		The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>. 

diff -up ntp-4.2.6p5/html/ntptime.html.htmldoc ntp-4.2.6p5/html/ntptime.html

--- ntp-4.2.6p5/html/ntptime.html.htmldoc	2009-12-09 08:36:36.000000000 +0100

+++ ntp-4.2.6p5/html/ntptime.html	2013-03-28 18:13:56.921842773 +0100

@@ -17,7 +17,7 @@

 		
Synopsis

-		<tt>ntptime [ -chr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant]</tt>

+		<tt>ntptime [ -MNchr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant] [ -T tai_offset ]</tt>

 		
Description

 		
This program is useful only with special kernels described in the A Kernel Model for Precision Timekeeping page. It reads and displays time-related kernel variables using the <tt>ntp_gettime()</tt> system call. A similar display can be obtained using the <tt>ntpdc</tt> program and <tt>kerninfo</tt> command.

 		
Options

@@ -40,9 +40,15 @@

 			
Specify clock status. Better know what you are doing.

 			
<tt>-t time_constant</tt>

 			
Specify time constant, an integer in the range 0-10.

+			
<tt>-M</tt>

+			
Switch to microsecond mode.

+			
<tt>-N</tt>

+			
Switch to nanosecond mode.

+			
<tt>-T tai_offset</tt>

+			
Set TAI offset.

 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>

 	</body>

-</html>

\ No newline at end of file

+</html>