HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

461

462

463

464

465

466

467

468

469

470

xntpdc(1M) xntpdc(1M)

clkbug clock_peer_address

[ ... ]

Obtain debugging information for a reference clock driver. This information is provided only

by some clock drivers and is mostly undecodable without a copy of the driver source.

RUNTIME CONFIGURATION REQUESTS

All requests which cause state changes in the server are authenticated by the server using a conﬁgured

NTP key. This facility is disabled if the NTP key is not conﬁgured. The key number and the correspond-

ing key must also be made known to

xtnpdc. This can be done using the keyid and passwd commands,

the latter of which will prompt at the terminal for a password to use as the encryption key. You will also

be prompted automatically for both the key number and password the ﬁrst time a command which would

result in an authenticated request to the server is given. Authentication not only provides veriﬁcation

that the requester has permission to make such changes, but also gives an extra degree of protection

against transmission errors.

Authenticated requests always include a timestamp in the packet data, which is included in the computa-

tion of the authentication code. This timestamp is compared by the server to its receive time stamp. If

they differ by more than a small amount the request is rejected. This is done for two reasons. First, it

makes simple replay attacks on the server, by someone who might be able to overhear trafﬁc on your

LAN, much more difﬁcult. Second, it makes it more difﬁcult to request conﬁguration changes to your

server from topologically remote hosts. While the reconﬁguration facility will work well with a server on

the local host, and may work adequately between time-synchronized hosts on the same LAN, it will work

very poorly for more distant hosts. As such, if reasonable passwords are chosen, care is taken in the dis-

tribution and protection of keys and appropriate source address restrictions are applied, the run time

reconﬁguration facility should provide an adequate level of security.

The following commands all make authenticated requests.

addpeer peer_address

[ keyid ][ version ][ prefer ]

Add a conﬁgured peer association at the given address and operating in symmetric active

mode. Note that an existing association with the same peer may be deleted when this com-

mand is executed, or may simply be converted to conform to the new conﬁguration, as

appropriate. If the optional

keyid is a nonzero integer, all outgoing packets to the remote

server will have an authentication ﬁeld (encrypted) attached with this key. If the value is 0

(or not given) no authentication will be done. The

version # can be 1, 2 or 3 and defaults

to 3. The

prefer keyword indicates a preferred peer (and thus will be used primarily for

clock synchronization if possible). The preferred peer also determines the validity of the

PPS signal - if the preferred peer is suitable for synchronization so is the PPS signal.

addserver peer_address

[ keyid ][ version ][ prefer ]

Identical to the addpeer command, except that the operating mode is client.

broadcast peer_address

[ keyid ][ version ][ prefer ]

Identical to the

addpeer command, except that the operating mode is broadcast. In this

case a valid key identiﬁer and key are required. The peer_address parameter can be

the broadcast address of the local network or a multicast group address assigned to NTP. If

using a multicast address, a multicast-capable kernel is required.

unconfig peer_address [ ... ]

This command causes the conﬁgured bit to be removed from the speciﬁed peer(s). In many

cases this will cause the peer association to be deleted. When appropriate, however, the

association may persist in an unconﬁgured mode if the remote peer is willing to continue on

in this fashion.

fudge peer_address [ time1][ time2 ][ stratum ][ refid ]

This command provides a way to set certain data for a reference clock. See the source list-

ing for further information.

enable [ flag ][ ... ]

disable [ flag ][ ... ]

These commands operate in the same way as the enable and disable conﬁguration ﬁle

commands of xntpd. Described below are the ﬂags supported.

auth Enables the server to synchronize with unconﬁgured peers only if the peer has

been correctly authenticated using a trusted key and key identiﬁer. The default for

this ﬂag is enable.

Section 1M−−928 Hewlett-Packard Company − 4 − HP-UX 11i Version 2: August 2003