|
|
|
@ -1,4 +1,4 @@ |
|
|
|
.\" $OpenBSD: ntpd.conf.5,v 1.25 2015/02/10 06:40:08 reyk Exp $ |
|
|
|
.\" $OpenBSD: ntpd.conf.5,v 1.26 2015/02/10 07:19:52 reyk Exp $ |
|
|
|
.\" |
|
|
|
.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> |
|
|
|
.\" |
|
|
|
@ -33,42 +33,8 @@ Empty lines and lines beginning with the |
|
|
|
character are ignored. |
|
|
|
.Pp |
|
|
|
Keywords may be specified multiple times within the configuration file. |
|
|
|
They are as follows: |
|
|
|
The basic configuration options are as follows: |
|
|
|
.Bl -tag -width Ds |
|
|
|
.It Ic constraint from Ar url |
|
|
|
Specify the URL, IP address or the hostname of a HTTPS server to |
|
|
|
provide a constraint. |
|
|
|
.Xr ntpd 8 |
|
|
|
will connect to the server and retrieve the remote time from the |
|
|
|
.Eq Date |
|
|
|
header. |
|
|
|
This time will be used as a constraint on time synchronization; |
|
|
|
received NTP packets with time information that is more than a few |
|
|
|
minutes off will be discarded and the NTP |
|
|
|
.Ic server |
|
|
|
will be marked as invalid. |
|
|
|
If multiple |
|
|
|
.Ic constraint |
|
|
|
keywords are used, |
|
|
|
.Xr ntpd 8 |
|
|
|
will calculate a median constraint from all the servers specified. |
|
|
|
.Bd -literal -offset indent |
|
|
|
server ntp.example.org |
|
|
|
constraint www.example.com |
|
|
|
.Ed |
|
|
|
.It Ic constraints from Ar url |
|
|
|
As with |
|
|
|
.Ic constraint , |
|
|
|
specify the URL, IP address or the hostname of a HTTPS server to |
|
|
|
provide a constraint. |
|
|
|
Should the hostname resolve to multiple IP addresses, |
|
|
|
.Xr ntpd 8 |
|
|
|
will calculate a median constraint from all of them. |
|
|
|
For example: |
|
|
|
.Bd -literal -offset indent |
|
|
|
servers pool.ntp.org |
|
|
|
constraints from "https://www.google.com/search?q=openntpd" |
|
|
|
.Ed |
|
|
|
.It Xo Ic listen on Ar address |
|
|
|
.Op Ic rtable Ar table-id |
|
|
|
.Xc |
|
|
|
@ -210,6 +176,47 @@ servers pool.ntp.org |
|
|
|
servers pool.ntp.org rtable 5 |
|
|
|
.Ed |
|
|
|
.El |
|
|
|
.Sh CONSTRAINTS |
|
|
|
.Xr ntpd 8 |
|
|
|
can be configured to query the |
|
|
|
.Sq Date |
|
|
|
from trusted HTTPS servers via TLS. |
|
|
|
This time information is not used for precision but acts as an |
|
|
|
authenticated constraint, |
|
|
|
thereby reducing the impact of unauthenticated NTP |
|
|
|
.Sq Man-In-The-Middle |
|
|
|
attacks. |
|
|
|
Received NTP packets with time information falling outside of a range |
|
|
|
near the constraint will be discarded and such NTP |
|
|
|
.Ic servers |
|
|
|
will be marked as invalid. |
|
|
|
.Bl -tag -width Ds |
|
|
|
.It Ic constraint from Ar url |
|
|
|
Specify the URL, IP address or the hostname of a HTTPS server to |
|
|
|
provide a constraint. |
|
|
|
If multiple |
|
|
|
.Ic constraint |
|
|
|
keywords are used, |
|
|
|
.Xr ntpd 8 |
|
|
|
will calculate a median constraint from all the servers specified. |
|
|
|
.Bd -literal -offset indent |
|
|
|
server ntp.example.org |
|
|
|
constraint www.example.com |
|
|
|
.Ed |
|
|
|
.It Ic constraints from Ar url |
|
|
|
As with |
|
|
|
.Ic constraint , |
|
|
|
specify the URL, IP address or the hostname of a HTTPS server to |
|
|
|
provide a constraint. |
|
|
|
Should the hostname resolve to multiple IP addresses, |
|
|
|
.Xr ntpd 8 |
|
|
|
will calculate a median constraint from all of them. |
|
|
|
For example: |
|
|
|
.Bd -literal -offset indent |
|
|
|
servers pool.ntp.org |
|
|
|
constraints from "https://www.google.com/search?q=openntpd" |
|
|
|
.Ed |
|
|
|
.El |
|
|
|
.Sh FILES |
|
|
|
.Bl -tag -width "/etc/ntpd.confXXX" -compact |
|
|
|
.It Pa /etc/ntpd.conf |
|
|
|
|
reyk
9 years ago