ntpd(8) - phpMan

ntpd(8) System Manager's Manual ntpd(8)

NAME
ntpd - Network Time Protocol (NTP) daemon

SYNOPSIS
ntpd [ -46aAbdDgLmnNqx ] [ -c conffile ] [ -f driftfile ] [ -i jaildir ] [ -I iface ] [ -k
keyfile ] [ -l logfile ] [ -p pidfile ] [ -P priority ] [ -r broadcastdelay ] [ -s stats-
dir ] [ -t key ] [ -u user[:group] ] [ -U interface_update_interval ] [ -v variable ] [ -V
variable ]

DESCRIPTION
The ntpd program is an operating system daemon that synchronises the system clock with
remote NTP time servers or local reference clocks. It is a complete implementation of the
Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as
defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respec-
tively. The program can operate in any of several modes, as described on the Association
Management page, and with both symmetric key and public key cryptography, as described on
the Authentication Options page.

The ntpd program ordinarily requires a configuration file as described on the Configura-
tion Commands and Options collection above. However a client can discover remote servers
and configure them automatically. This makes it possible to deploy a fleet of workstations
without specifying configuration details specific to the local environment. Further
details are on the Automatic Server Discovery page.

Once the NTP software distribution has been compiled and installed and the configuration
file constructed, the next step is to verify correct operation and fix any bugs that may
result. Usually, the command line that starts the daemon is included in the system startup
file, so it is executed only at system boot time; however, the daemon can be stopped and
restarted from root at any time. Once started, the daemon will begin sending and receiving
messages, as specified in the configuration file.

SETTING THE TIME AND FREQUENCY
The ntpd program operates by exchanging messages with one or more servers at designated
intervals ranging from about one minute to about 17 minutes. When started, the program
requires several exchanges while the algorithms accumulate and groom the data before set-
ting the clock. The initial delay to set the clock can be reduced using options on the
Server Options page.

Most computers today incorporate a time-of-year (TOY) chip to maintain the time during
periods when the power is off. When the machine is booted, the chip is used to initialize
the operating system time. In case there is no TOY chip or the TOY time is more than 1000
s from the server time, ntpd assumes something must be terribly wrong and exits with a
panic message to the system operator. With the -g option the clock will be initially set
to the server time regardless of the chip time. However, once the clock has been set, an
error greater than 1000 s will cause ntpd to exit anyway.

Under ordinary conditions, ntpd slews the clock so that the time is effectively continuous
and never runs backwards. If due to extreme network congestion an error spike exceeds the
step threshold, by default 128 ms, the spike is discarded. However, if the error persists
for more than the stepout threshold, by default 900 s, the system clock is stepped to the
correct value. In practice the need for a step is extremely rare and is almost always the
result of a hardware failure. With the -x option the step threshold is increased to 600 s.
Other options are available using the tinker command on the Miscellaneous Options page.

The issues should be carefully considered before using these options. The maximum slew
rate possible is limited to 500 parts-per-million (PPM) by the Unix kernel. As a result,
the clock can take 2000 s for each second the clock is outside the acceptable range. Dur-
ing this interval the clock will not be consistent with any other network clock and the
system cannot be used for distributed applications that require correctly synchronized
network time.

The frequency file, usually called ntp.drift, contains the latest estimate of clock fre-
quency. If this file does not exist when ntpd is started, it enters a special mode
designed to measure the particular frequency directly. The measurement takes 15 minutes,
after which the frequency is set and ntpd resumes normal mode where the time and frequency
are continuously adjusted. The frequency file is updated at intervals of an hour or more
depending on the measured clock stability.

OPERATING MODES
The ntpd program normally operates continuously while adjusting the time and frequency,
but in some cases it may not be practical to run it continuously. With the -q option ntpd
operates as in continous mode, but exits just after setting the clock for the first time
with the configured servers. Most applications will probably want to specify the iburst
option with the server command. With this option a volley of messages is exchanged to
groom the data and set the clock in about 10 s. If nothing is heard after a few minutes,
the daemon times out and exits.

POLL INTERVAL CONTROL
NTP uses an intricate heuristic algorithm to automatically control the poll interval for
maximum accuracy consistent with minimum network overhead. The algorithm measures the
incidental offset and jitter to determine the best poll interval. When ntpd starts, the
interval is the default minimum 64 s. Under normal conditions when the clock discipline
has stabilized, the interval increases in steps to the default maximum 1024 s. In addi-
tion, should a server become unreachable after some time, the interval increases in steps
to the maximum in order to reduce network overhead.

The default poll interval range is suitable for most conditions, but can be changed using
options on the Server Options and Miscellaneous Options pages. However, when using maximum
intervals much larger than the default, the residual clock frequency error must be small
enough for the discipline loop to capture and correct. The capture range is 500 PPM with a
64-s interval decreasing by a factor of two for each interval doubling. At a 36-hr inter-
val, for example, the capture range is only 0.24 PPM.

THE HUFF-N'-PUFF FILTER
In scenarios where a considerable amount of data are to be downloaded or uploaded over
telephone modems, timekeeping quality can be seriously degraded. This occurs because the
differential delays on the two directions of transmission can be quite large. In many
cases the apparent time errors are so large as to exceed the step threshold and a step
correction can occur during and after the data transfer.

The huff-n'-puff filter is designed to correct the apparent time offset in these cases. It
depends on knowledge of the propagation delay when no other traffic is present, such as
during other than work hours. The filter remembers the minimum delay over the most recent
interval measured usually in hours. Under conditions of severe delay, the filter corrects
the apparent offset using the sign of the offset and the difference between the apparent
delay and minimum delay. The name of the filter reflects the negative (huff) and positive
(puff) correction, which depends on the sign of the offset. The filter is activated by the
tinker huffpuff command, as described in the Miscellaneous Options page.

LEAP SECOND PROCESSING
As provided by international agreement, an extra second is sometimes inserted in Coordi-
nated Universal Time (UTC) at the end of a selected month, usually June or December. The
National Institutes of Standards and Technology (NIST) provides an historic leapseconds
file at time.nist.gov for retrieval via FTP. When this file, usually called ntp-leapsec-
onds.list, is copied and installed in a directory. The leapfile configuration command
specifies the path to this file. At startup, ntpd reads it and initializes three leapsec-
ond values: the NTP seconds at the next leap event, the offset of UTC relative to Interna-
tional Atomic Time (TAI) after the leap and the NTP seconds when the leapseconds file
expires and should be retrieved again.

If a host does not have the leapsecond values, they can be obtained over the net using the
Autokey security protocol. Ordinarily, the leapseconds file is installed on the primary
servers and the values flow from them via secondary servers to the clients. When multiple
servers are involved, the values with the latest expiration time are used.

If the latest leap is in the past, nothing further is done other than to install the TAI
offset. If the leap is in the future less than 28 days, the leap warning bits are set. If
in the future less than 23 hours, the kernel is armed to insert one second at the end of
the current day. If the kernel is enabled, the leap is done automatically at that time;
otherwise, the clock is effectively stopped for one second at the leap. Additional details
are in the The NTP Timescale and Leap Seconds white paper

If none of the above provisions are available, dsependent servers and clients tally the
leap warning bits of surviving servers and reference clocks. When a majority of the sur-
vivors show warning, a leap is programmed at the end of the current month. During the
month and day of insertion, they operate as above. In this way the leap is propagated at
all dependent servers and clients.

ADDITIONAL FEATURES
A new experimental feature called interleaved modes can be used in NTP symmetric or broad-
cast modes. It is designed to improve accuracy by avoiding kernel latency and queueing
delay, as described on the NTP Interleaved Modes page. It is activated by the xleave
option with the peer or broadcast configuration commands. The NTP protocol automatically
reconfigures in normal or interleaved mode as required. Ordinary broadcast clients can use
the same servers as interleaved clients at the same time. Further details are in the white
paper NTP Interleaved On-Wire Protocol and the briefing Interleaved Synchronization Proto-
cols for LANs and Space Data Links.

If ntpd, is configured with NetInfo support, it will attempt to read its configuration
from the NetInfo service if the default ntp.conf file cannot be read and no file is speci-
fied by the -c option.

In contexts where a host name is expected, a -4 qualifier preceding the host name forces
DNS resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to the
IPv6 namespace.

Various internal ntpd variables can be displayed and configuration options altered while
the ntpd is running using the ntpq and ntpdc utility programs.

When ntpd starts it looks at the value of umask, and if zero ntpd will set the umask to
022.

Unless the -n, -d or -D option is used, ntpd changes the current working directory to the
root directory, so any options or commands specifying paths need to use an absolute path
or a path relative to the root.

COMMAND LINE OPTIONS
-4 Force DNS resolution of host names to the IPv4 namespace.

-6 Force DNS resolution of host names to the IPv6 namespace.

-a Require cryptographic authentication for broadcast client, multicast client and
symmetric passive associations. This is the same operation as the enable auth com-
mand and is the default.

-A Do not require cryptographic authentication for broadcast client, multicast client
and symmetric passive associations. This is the same operation as the disable auth
command and almost never a good idea.

-b Enable the client to synchronize to broadcast servers.

-c conffile
Specify the name and path of the configuration file, default /etc/ntp.conf.

-d Specify debugging mode. This option may occur more than once, with each occurrence
indicating greater detail of display.

-D level
Specify debugging level directly.

-f driftfile
Specify the name and path of the frequency file. This is the same operation as the
driftfile driftfile command.

-g Normally, ntpd exits with a message to the system log if the offset exceeds the
panic threshold, which is 1000 s by default. This option allows the time to be set
to any value without restriction; however, this can happen only once. If the
threshold is exceeded after that, ntpd will exit with a message to the system log.
This option can be used with the -q and -x options. See the tinker command for
other options.

-i jaildir
Chroot the server to the directory jaildir. This option also implies that the
server attempts to drop root privileges at startup (otherwise, chroot gives very
little additional security), and it is only available if the OS supports to run
the server without full root privileges. You may need to also specify a -u option.

-I [address | interface name]
Open the network address given, or all the addresses associated with the given
interface name. This option may appear multiple times. This option also implies
not opening other addresses, except wildcard and localhost. This option is depre-
cated. Please consider using the configuration file interface command, which is
more versatile.

-k keyfile
Specify the name and path of the symmetric key file. This is the same operation as
the keys keyfile command.

-l logfile
Specify the name and path of the log file. The default is the system log file.
This is the same operation as the logfile logfile command.

-L Do not listen to virtual interfaces, defined as those with names containing a
colon. This option is deprecated. Please consider using the configuration file
interface command, which is more versatile.

-M Raise scheduler precision to its maximum (1 msec) using timeBeginPeriod. (Windows
only)

-m Lock memory.

-n Don't fork.

-N To the extent permitted by the operating system, run the ntpd at the highest pri-
ority.

-p pidfile
Specify the name and path of the file used to record the ntpd process ID. This is
the same operation as the pidfile pidfile command.

-P priority
To the extent permitted by the operating system, run the ntpd at the specified
priority.

-q Exit the ntpd just after the first time the clock is set. This behavior mimics
that of the ntpdate program, which is to be retired. The -g and -x options can be
used with this option. Note: The kernel time discipline is disabled with this
option.

-r broadcastdelay
Specify the default propagation delay from the broadcast/multicast server to this
client. This is necessary only if the delay cannot be computed automatically by
the protocol.

-s statsdir
Specify the directory path for files created by the statistics facility. This is
the same operation as the statsdir statsdir command.

-t key Add a key number to the trusted key list. This option can occur more than once.
This is the same operation as the trustedkey key command.

-u user[:group]
Specify a user, and optionally a group, to switch to. This option is only avail-
able if the OS supports running the server without full root privileges. Cur-
rently, this option is supported under NetBSD (configure with --enable-clockctl)
and Linux (configure with --enable-linuxcaps).

-U interface update interval
Number of seconds to wait between interface list scans to pick up new and delete
network interface. Set to 0 to disable dynamic interface list updating. The
default is to scan every 5 minutes.

-x Normally, the time is slewed if the offset is less than the step threshold, which
is 128 ms by default, and stepped if above the threshold. This option sets the
threshold to 600 s, which is well within the accuracy window to set the clock man-
ually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s,
each second of adjustment requires an amortization interval of 2000 s. Thus, an
adjustment as much as 600 s will take almost 14 days to complete. This option can
be used with the -g and -q options. See the tinker command for other options.
Note: The kernel time discipline is disabled with this option and the step thresh-
old is applied also to leap second corrections.

THE CONFIGURATION FILE
Ordinarily, ntpd reads the ntp.conf configuration file at startup in order to determine
the synchronization sources and operating modes. It is also possible to specify a working,
although limited, configuration entirely on the command line, obviating the need for a
configuration file. This may be particularly useful when the local host is to be config-
ured as a broadcast client, with servers determined by listening to broadcasts at run
time.

Usually, the configuration file is installed as/etc/ntp.conf, but could be installed else-
where (see the -c conffile command line option). The file format is similar to other Unix
configuration files - comments begin with a # character and extend to the end of the line;
blank lines are ignored.

Configuration commands consist of an initial command keyword followed by a list of option
keywords separated by whitespace. Commands may not be continued over multiple lines.
Options may be host names, host addresses written in numeric, dotted-quad form, integers,
floating point numbers (when specifying times in seconds) and text strings. Optional argu-
ments are delimited by [ ] in the options pages, while alternatives are separated by |.
The notation [ ... ] means an optional, indefinite repetition of the last item before the
[ ... ].

EXIT CODES
A non-zero exit code indicates an error. Any error messages are logged to the system log
by default.

The exit code is 0 only when ntpd is terminated by a signal, or when the -q option is used
and ntpd successfully sets the system clock.