diff -up ntp-4.2.6p5/html/accopt.html.htmldoc ntp-4.2.6p5/html/accopt.html --- ntp-4.2.6p5/html/accopt.html.htmldoc 2009-12-09 08:36:36.000000000 +0100 +++ ntp-4.2.6p5/html/accopt.html 2015-02-10 14:55:24.467289637 +0100 @@ -94,8 +94,10 @@ time) in log2 s with default
restrict address [mask mask] [flag][...]
The address argument expressed in dotted-quad form is the - address of a host or network. Alternatively, the address argument - can be a valid host DNS name. The mask argument expressed in + address of a host or network. Alternatively, the address argument can be a + valid host DNS name, but it must be resolvable at the time when ntpd is started and + if it's resolved to multiple addresses, only the first address will be added to the list. + The mask argument expressed in dotted-quad form defaults to 255.255.255.255, meaning that the address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0) is always included and is always the first entry in the list. diff -up ntp-4.2.6p5/html/authopt.html.htmldoc ntp-4.2.6p5/html/authopt.html --- ntp-4.2.6p5/html/authopt.html.htmldoc 2011-07-11 04:18:25.000000000 +0200 +++ ntp-4.2.6p5/html/authopt.html 2013-03-28 18:04:38.581260191 +0100 @@ -364,7 +364,7 @@ UTC

are left unspecified, the default names are used as described below. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the keysdir configuration - command or default /usr/local/etc. Following are the options.
+ command or default /etc/ntp/crypto. Following are the options.
@@ -396,7 +396,7 @@ UTC

Specifies the complete path to the MD5 key file containing the keys and key IDs used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. This is the same operation as the -k command line option. Note that the directory path for Autokey media is specified by the keysdir command.
keysdir pathK
-
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is /usr/local/etc/. Note that the path for the symmetric keys file is specified by the keys command.
+
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is /etc/ntp/crypto. Note that the path for the symmetric keys file is specified by the keys command.
requestkey keyid
Specifies the key ID to use with the diff -up ntp-4.2.6p5/html/keygen.html.htmldoc ntp-4.2.6p5/html/keygen.html --- ntp-4.2.6p5/html/keygen.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 +++ ntp-4.2.6p5/html/keygen.html 2013-03-28 18:04:38.581260191 +0100 @@ -206,7 +206,6 @@

All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports ssh, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called .rnd, which must be available when starting the ntp-keygen program or ntpd daemon.

The OpenSSL library looks for the file using the path specified by the RANDFILE environment variable in the user home directory, whether root or some other user. If the RANDFILE environment variable is not present, the library looks for the .rnd file in the user home directory. Since both the ntp-keygen program and ntpd daemon must run as root, the logical place to put this file is in /.rnd or /root/.rnd. If the file is not available or cannot be written, the program exits with a message to the system log.

-

On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the randfile subcommand or the RANDFILE environment variable is ignored.

Cryptographic Data Files

diff -up ntp-4.2.6p5/html/ntpd.html.htmldoc ntp-4.2.6p5/html/ntpd.html --- ntp-4.2.6p5/html/ntpd.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 +++ ntp-4.2.6p5/html/ntpd.html 2015-02-23 12:11:24.719093119 +0100 @@ -35,11 +35,11 @@ ntpd [ -46aAbdDgLnNqx ] [ -c conffile ] [ -f driftfile ] [ -i jaildir ] [ -I iface ] [ -k keyfile ] [ -l logfile ] [ -p pidfile ] [ -P priority ] [ -r broadcastdelay ] [ -s statsdir ] [ -t key ] [ -u user[:group] ] [ -U interface_update_interval ] [ -v variable ] [ -V variable ]

Description

The ntpd program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the Association Management page, and with both symmetric key and public key cryptography, as described on the Authentication Options page.

-

The ntpd program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the Automatic Server Discovery page.

+

The ntpd program ordinarily requires a configuration file as described on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the Automatic Server Discovery page.

Once the NTP software distribution has been compiled and installed and the configuration file constructed, the next step is to verify correct operation and fix any bugs that may result. Usually, the command line that starts the daemon is included in the system startup file, so it is executed only at system boot time; however, the daemon can be stopped and restarted from root at any time. Once started, the daemon will begin sending and receiving messages, as specified in the configuration file.

Setting the Time and Frequency

The ntpd program operates by exchanging messages with one or more servers at designated intervals ranging from about one minute to about 17 minutes. When started, the program requires several exchanges while the algorithms accumulate and groom the data before setting the clock. The initial delay to set the clock can be reduced using options on the Server Options page.

-

Most compters today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. In case there is no TOY chip or the TOY time is more than 1000 s from the server time, ntpd assumes something must be terribly wrong and exits with a panic message to the system operator. With the -g option the clock will be initially set to the server time regardless of the chip time. However, once the clock has been set, an error greater than 1000 s will cause ntpd to exit anyway.

+

Most computers today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. In case there is no TOY chip or the TOY time is more than 1000 s from the server time, ntpd assumes something must be terribly wrong and exits with a panic message to the system operator. With the -g option the clock will be initially set to the server time regardless of the chip time. However, once the clock has been set, an error greater than 1000 s will cause ntpd to exit anyway.

Under ordinary conditions, ntpd slews the clock so that the time is effectively continuous and never runs backwards. If due to extreme network congestion an error spike exceeds the step threshold, by default 128 ms, the spike is discarded. However, if the error persists for more than the stepout threshold, by default 900 s, the system clock is stepped to the correct value. In practice the need for a step has is extremely rare and almost always the result of a hardware failure. With the -x option the step threshold is increased to 600 s. Other options are available using the tinker command on the Miscellaneous Options page.

The issues should be carefully considered before using these options. The maximum slew rate possible is limited to 500 parts-per-million (PPM) by the Unix kernel. As a result, the clock can take 2000 s for each second the clock is outside the acceptable range. During this interval the clock will not be consistent with any other network clock and the system cannot be used for distributed applications that require correctly synchronized network time.

The frequency file, usually called ntp.drift, contains the latest estimate of clock frequency. If this file does not exist when ntpd is started, it enters a special mode designed to measure the particular frequency directly. The measurement takes 15 minutes, after which the frequency is set and ntpd resumes normal mode where the time and frequency are continuously adjusted. The frequency file is updated at intervals of an hour or more depending on the measured clock stability.

@@ -70,7 +70,7 @@ tally the leap warning bits of surviving servers and reference clocks. When a majority of the survivors show warning, a leap is programmed at the end of the current month. During the month and day of insertion, - they operate as above. In this way the leap is is propagated at all + they operate as above. In this way the leap is propagated at all dependent servers and clients.

Additional Features

A new experimental feature called interleaved modes can be used in NTP @@ -143,26 +143,8 @@

Specify a user, and optionally a group, to switch to. This option is only available if the OS supports running the server without full root privileges. Currently, this option is supported under NetBSD (configure with --enable-clockctl) and Linux (configure with --enable-linuxcaps).
-U interface update interval
Number of seconds to wait between interface list scans to pick up new and delete network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes.
-
-v variable
-
-V variable
-
Add a system variable listed by default.
-x
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the -g and -q options. See the tinker command for other options. Note: The kernel time discipline is disabled with this option.
-
--pccfreq frequency
-
Substitute processor cycle counter for QueryPerformanceCounter unconditionally - using the given frequency (in Hz). --pccfreq can be used on systems - which do not use the PCC to implement QueryPerformanceCounter - and have a fixed PCC frequency. The frequency specified must - be accurate within 0.5 percent. --usepcc is equivalent on many systems and should - be tried first, as it does not require determining the frequency - of the processor cycle counter. For x86-compatible processors, the PCC is - also referred to as RDTSC, which is the assembly-language instruction to retrieve - the current value.  (Windows only)
-
--usepcc
-
Substitute processor cycle counter for QueryPerformanceCounter if they - appear equivalent. This option should be used only if the PCC - frequency is fixed. Power-saving functionality on many laptops varies the - PCC frequency. (Windows only)

The Configuration File

Ordinarily, ntpd reads the ntp.conf configuration file at startup in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast client, with servers determined by listening to broadcasts at run time.

@@ -214,14 +196,14 @@ statistics path - /var/NTP + /var/log/ntpstats/ -s statsdir keys path - /usr/local/etc - -k + /etc/ntp/crypto + none keysdir diff -up ntp-4.2.6p5/html/ntpdate.html.htmldoc ntp-4.2.6p5/html/ntpdate.html --- ntp-4.2.6p5/html/ntpdate.html.htmldoc 2013-03-28 18:04:38.556260210 +0100 +++ ntp-4.2.6p5/html/ntpdate.html 2013-03-28 18:04:38.582260190 +0100 @@ -43,7 +43,7 @@
-e authdelay
Specify the processing delay to perform an authentication function as the value authdelay, in seconds and fraction (see ntpd for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.
-k keyfile -
Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp.keys. This file should be in the format described in ntpd. +
Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp/keys. This file should be in the format described in ntpd.
-o version
Specify the NTP version for outgoing packets as the integer version, which can be 1 or 2. The default is 4. This allows ntpdate to be used with older NTP versions.
-p samples @@ -66,7 +66,7 @@

Diagnostics

ntpdate's exit status is zero if it finds a server and updates the clock, and nonzero otherwise.

Files

- /etc/ntp.keys - encryption keys used by ntpdate. + /etc/ntp/keys - encryption keys used by ntpdate.

Bugs

The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables tick and tickadj
diff -up ntp-4.2.6p5/html/ntptime.html.htmldoc ntp-4.2.6p5/html/ntptime.html --- ntp-4.2.6p5/html/ntptime.html.htmldoc 2009-12-09 08:36:36.000000000 +0100 +++ ntp-4.2.6p5/html/ntptime.html 2013-03-28 18:13:56.921842773 +0100 @@ -17,7 +17,7 @@

Synopsis

- ntptime [ -chr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant] + ntptime [ -MNchr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant] [ -T tai_offset ]

Description

This program is useful only with special kernels described in the A Kernel Model for Precision Timekeeping page. It reads and displays time-related kernel variables using the ntp_gettime() system call. A similar display can be obtained using the ntpdc program and kerninfo command.

Options

@@ -40,9 +40,15 @@
Specify clock status. Better know what you are doing.
-t time_constant
Specify time constant, an integer in the range 0-10. +
-M +
Switch to microsecond mode. +
-N +
Switch to nanosecond mode. +
-T tai_offset +
Set TAI offset.
- \ No newline at end of file +