Provided by:
ntp_4.2.4p4+dfsg-3ubuntu2_i386 
NAME
ntp.conf - NTP server configuration file
DESCRIPTION
The ntpd configuration file is read at initial startup in order to
specify the synchronization sources, modes and other related
information. Usually, it is installed in the /etc directory, but could
be installed elsewhere (see the -c conffile command line option). The
file format is similar to other Unix configuration files - comments
begin with a # character and extend to the end of the line; blank lines
are ignored. Configuration commands consist of an initial keyword
followed by a list of arguments, some of which may be optionally
separated by whitespace. Commands may not be continued over multiple
lines. Arguments may be host names, host addresses written in numeric
dotted-quad form, integers, floating point numbers (when specifying
times in seconds) and text strings. Optional arguments are delimited
by [ ] in the following descriptions, while alternatives are separated
by |. The notation [ ... ] means an optional, indefinite repetition
of the last item before the [ ... ].
While there is a rich set of options available, the only required
option is one or more of the server, peer, broadcast or manycastclient
commands.
Following is a description of the NTPv4 configuration commands. These
commands have the same basic functions as in NTPv3 and in some cases
new functions and new operands. The various modes are determined by
the command keyword and the type of the required IP address. Addresses
are classed by type as (s) a remote server or peer (IP class A, B and
C), (b) the broadcast address of a local interface, (m) a multicast
address (IP class D), or (r) a reference clock address (127.127.x.x).
Note that, while autokey and burst modes are supported by these
commands, their effect in some weird mode combinations can be
meaningless or even destructive.
peer address
[autokey | key key] [burst] [version version] [prefer] [minpoll
minpoll] [maxpoll maxpoll]
For type s addresses (only), this operates as the current peer command
which mobilizes a persistent symmetric-active mode association, except
that additional modes are available. This command should NOT be used
for type b, m or r addresses.
The peer command specifies that the local server is to operate in
symmetric active mode with the remote server. In this mode, the local
server can be synchronized to the remote server and, in addition, the
remote server can be synchronized by the local server. This is useful
in a network of servers where, depending on various failure scenarios
either the local or remote server may be the better source of time.
server address
[autokey | key key] [burst] [version version] [prefer] [minpoll
minpoll] [maxpoll maxpoll]
For type s and r addresses, this operates as the NTPv3 server command
which mobilizes a persistent client mode association. The server
command specifies that the local server is to operate in client mode
with the specified remote server. In this mode, the local server can
be synchronized to the remote server, but the remote server can never
be synchronized to the local server.
broadcast address
[autokey | key key] [burst] [version version] [minpoll minpoll]
[maxpoll maxpoll] [ttl ttl]
For type b and m addresses (only), this operates as the current NTPv3
broadcast command, which mobilizes a persistent broadcast mode
association, except that additional modes are available. Multiple
commands can be used to specify multiple local broadcast interface
(subnets) and/or multiple multicast groups. Note that local broadcast
messages go only to the interface associated with the subnet specified
but multicast messages go to all interfaces. In the current
implementation, the source address used for these messages is the Unix
host default address.
In broadcast mode, the local server sends periodic broadcast messages
to a client population at the address specified, which is usually the
broadcast address on (one of) the local network(s) or a multicast
address assigned to NTP. The IANA has assigned the multicast group
address 224.0.1.1 exclusively to NTP, but other nonconflicting
addresses can be used to contain the messages within administrative
boundaries. Ordinarily, this specification applies only to the local
server operating as a sender; for operation as a broadcast client, see
the broadcastclient or multicastclient commands below.
manycastclient address
[autokey | key key] [burst] [version version] [minpoll minpoll]
[maxpoll maxpoll] [ttl ttl]
For type m addresses (only), this mobilizes a manycast client-mode
association for the multicast address specified. In this case specific
address must be supplied which matches the address used on the
manycastserver command for the designated manycast servers. The NTP
multicast address 224.0.1.1 assigned by the IANA should NOT be used
unless specific means are taken to avoid spraying large areas of the
Internet with these messages and causing a possibly massive implosion
of replies at the sender
The manycast command specifies that the local server is to operate in
client mode with the remote server that are discovered as the result of
broadcast/multicast messages. The client broadcasts a request message
to the group address associated with the specified address an
specifically enabled servers respond to these messages. The client
selects the servers providing the best time and continues as with the
server command. The remaining servers are discarded as if never heard
These four commands specify the time server name or address to be used
and the mode in which to operate. The address can be either a DNS name
or a IP address in dotted-quad notation. Additional information on
association behaviour can be found in the Association Management page.
autokey
All packets sent to the address are to include authentication
field encrypted using the autokey scheme.
burst At each poll interval, send a burst of eight packets spaced,
instead of the usual one.
key key
All packets sent to the address are to include authentication
field encrypted using the specified key identifier, which is an
unsigned 32-bit integer less than 65536. The default is to
include no encryption field.
version version
Specifies the version number to be used for outgoing NTP
packets. Versions 1-4 are the choices, with version 4 the
default.
prefer Marks the server as preferred. All other things being equal,
this host will be chosen for synchronization among a set of
correctly operating hosts. See the Mitigation Rules and the
prefer Keyword page for further information
ttl ttl
This option is used only with broadcast mode. It specifies the
time-to-live ttl to use on multicast packets. Selection of the
proper value, which defaults to 127, is something of a black art
and must be coordinated with the network administrator.
minpoll minpoll maxpoll maxpoll
These options specify the minimum and maximum polling intervals
for NTP messages. The values are interpreted as dual logarithms
(2 ^ x). The default range is 6 (2^6 = 64 s) to 10 (2^10 = 1024
s). The allowable range is 4 (16 s) to 17 (36.4 h).
broadcastclient
This command directs the local server to listen for and respond
to broadcast messages received on any local interface. Upon
hearing a broadcast message for the first time, the local server
measures the nominal network delay using a brief client/server
exchange with the remote server, then enters the broadcastclient
mode, in which it listens for and synchronizes to succeeding
broadcast messages. Note that, in order to avoid accidental or
malicious disruption in this mode, both the local and remote
servers should operate using authentication and the same trusted
key and key identifiers.
multicastclient
[address] [...] This command directs the local server to listen
for multicast messages at the group address(es) of these global
network. The default address is that assigned by the Number
Czar to NTP (224.0.1.1). This command operates in the same way
as the broadcastclient command, but uses IP multicasting.
Support for this command requires a multicast kernel.
driftfile driftfile
This command specifies the name of the file use to record the
frequency offset of the local clock oscillator. If the file
exists, it is read at startup in order to set the initial
frequency offset and then updated once per hour with the current
frequency offset computed by the daemon. If the file does not
exist or this command is not given, the initial frequency offset
is assumed to be zero. In this case, it may take some hours for
the frequency to stabilize and the residual timing errors to
subside.
The file format consists of a single line containing a single floating
point number, which records the frequency offset measured in parts-per-
million (PPM). The file is updated by first writing the current drift
value into a temporary file and then renaming this file to replace the
old version. This implies that ntpd must have write permission for the
directory the drift file is located in, and that file system links,
symbolic or otherwise, should be avoided.
manycastserver address [...]
This command directs the local server to listen for and respond
to broadcast messages received on any local interface, and in
addition enables the server to respond to client mode messages
to the multicast group address(es) (type m) specified. At least
one address is required, but the NTP multicast address 224.0.1.1
assigned by the IANA should NOT be used, unless specific means
are taken to limit the span of the reply and avoid a possible
massive implosion at the original sender.
revoke [logsec]
Specifies the interval between recomputations of the private
value used with the autokey feature, which ordinarily requires
an expensive public- key computation. The default value is 12
(65,536 s or about 18 hours). For poll intervals above the
specified interval, a new private value will be recomputed for
every message sent.
autokey [logsec]
Specifies the interval between regenerations of the session key
list used with the autokey feature. Note that the size of the
key list for each association depends on this interval and the
current poll interval. The default value is 12 (4096 s or about
1.1 hours). For poll intervals above the specified interval, a
session key list with a single entry will be regenerated for
every message sent.
enable [auth | bclient | kernel | monitor | ntp | stats]
disable [auth | bclient | kernel | monitor | ntp | stats]
Provides a way to enable or disable various server options.
Flags not mentioned are unaffected. Note that all of these
flags can be controlled remotely using the ntpdc utility
program.
auth Enables the server to synchronize with unconfigured peers only
if the peer has been correctly authenticated using a trusted key
and key identifier. The default for this flag is enable.
bclient
When enabled, this is identical to the broadcastclient command.
The default for this flag is disable.
kernel Enables the precision-time kernel support for the ntp_adjtime()
system call, if implemented. Ordinarily, support for this
routine is detected automatically when the NTP daemon is
compiled, so it is not necessary for the user to worry about
this flag. This flag is provided primarily so that this support
can be disabled during kernel development.
monitor
Enables the monitoring facility. See the ntpdc program and the
monlist command or further information. The default for this
flag is enable.
ntp Enables the server to adjust its local clock by means of NTP.
If disabled, the local clock free-runs at its intrinsic time and
frequency offset. This flag is useful in case the local clock
is controlled by some other device or protocol and NTP is used
only to provide synchronization to other clients. In this case,
the local clock driver can be used to provide this function and
also certain time variables for error estimates and leap-
indicators. The default for this flag is enable.
stats Enables the statistics facility. The default for this flag is
enable.
SEE ALSO
ntpd(8)
The complete documentation can be found at
/usr/share/doc/ntp-doc/html/ntpd.html#cfg in the package ntp-doc.