HP OpenVMS Systems Documentation

The following sample shows a standard NTP log file that has no extra logging enabled. Each line of the NTP log file begins with the date, the time, the program name, and the process identification (PID). The following samples show the remainder of each log file line.

ntpd version = 4.1.0
precision = 976 usec
frequency initialized -66.795 from SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.DRIFT
time slew 0.148981 s
offset: 0.008022 sec  freq: 1.301 ppm  poll: 128 sec  error:    0.014056
offset: 0.003190 sec  freq: 4.218 ppm  poll: 256 sec  error:    0.007071
offset: -0.000622 sec  freq: 4.575 ppm  poll: 512 sec  error:    0.005358
offset: -0.003216 sec  freq: 3.749 ppm  poll: 1024 sec  error:   0.005610
offset: -0.000899 sec  freq: 2.823 ppm  poll: 1024 sec  error:   0.005710
offset: -0.000299 sec  freq: 2.510 ppm  poll: 1024 sec  error:   0.005468
time slew -0.156010 s
offset: 0.002615 sec  freq: 4.022 ppm  poll: 1024 sec  error:    0.005297
offset: -0.002466 sec  freq: 3.237 ppm  poll: 1024 sec  error:   0.005626
offset: 0.000100 sec  freq: 1.737 ppm  poll: 1024 sec  error:    0.006343
offset: 0.002842 sec  freq: 2.393 ppm  poll: 1024 sec  error:    0.006023
offset: 0.000089 sec  freq: 3.204 ppm  poll: 1024 sec  error:    0.006199
offset: 0.001094 sec  freq: 3.576 ppm  poll: 1024 sec  error:    0.005628

The next sample shows an NTP log file with all categories of logging enabled.

ntpd version = 4.1.0
precision = 976 usec
frequency initialized 3.157 from SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.DRIFT
system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010)
peer 204.123.2.70 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
peer 204.123.2.71 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
peer 16.140.0.12 event 'event_reach' (0x84) status 'unreach, conf, 1 event, event_reach' (0x8014)
system event 'event_peer/strat_chg' (0x04) status 'sync_alarm,sync_ntp, 2 events, event_restart'
(0xc621)
system event 'event_sync_chg' (0x03) status 'leap_none, sync_ntp, 3 events, event_peer/strat_chg'
(0x634)
system event 'event_peer/strat_chg' (0x04) status 'leap_none, sync_ntp, 4 events, event_sync_chg'
(0x643)
peer 16.141.40.135 event 'event_reach' (0x84) status 'unreach,conf, 1 event, event_reach' (0x8014)
peer 16.141.40.135 event 'event_unreach' (0x83) status 'unreach, conf, 2 events, event_unreach'
(0x8023)
peer 16.141.40.135 event 'event_reach' (0x84) status 'unreach,conf, 3 events, event_reach' (0x8034)
offset: 0.015558 sec  freq: 4.407 ppm  poll: 128 sec  error: 0.008575
peer 16.141.40.135 event 'event_unreach' (0x83) status 'unreach, conf, 4 events, event_unreach'
(0x8043)
offset: 0.021501 sec  freq: 8.734 ppm  poll: 512 sec  error: 0.015413
peer 16.141.40.135 event 'event_reach' (0x84) status 'unreach,conf, 5 events, event_reach' (0x8054)
offset: 0.016173 sec  freq: 25.014 ppm  poll: 1024 sec  error:0.011453
offset: -0.043169 sec  freq: 13.291 ppm  poll: 1024 sec  error: 0.024752
offset: -0.017786 sec  freq: 6.005 ppm  poll: 1024 sec  error:0.025309

Authentication support is implemented using the MD5 algorithm to compute a message digest. The servers involved in an association must agree on the key and key identifier used to authenticate their messages.

Keys and related information are specified in a key file. Keys are used for:

• Ordinary NTP associations
• The NTPQ utility program
• The NTPDC utility program

13.6.1 NTP Authentication Commands

Keys are defined in a keys file, as described in Section 13.6.2.

13.6.2 Authentication Key Format

The NTP service reads keys from a keys file that is specified using the keys command in the configuration file. You can supply one or more keys from 1 to 15 in the keys file.

Key entries use the following format:

key-ID key-type key-value

Each entry contains the following:

• key-ID, which is an arbitrary, unsigned 32-bit number (in decimal). The range of possible values is 1 to 15. Key IDs are specified by the requestkey and controlkey statements in the configuration file. The key ID number 0 (56 zero bits) is reserved; it is used to indicate an invalid key ID or key value.
• key-type, which identifies the type of key value. Only one key format, M, is currently supported. This indicates that the MD5 authentication scheme is being used.
• key-value, which is an ASCII string up to 8 characters long. The following characters are not allowed:

  space
  pound sign (#)
  \t
  \n
  \0

Because this file contains authorization data, HP recommends that you limit read access to this file. In particular, you should disable world read access.

The following is a sample keys file:

   #
   #
   4       M    DonTTelL
   6       M    hElloWrl
   12      M    ImASecrt

NTP provides several utility programs that help you manage and make changes to the NTP server. These utilities include:

• NTPDATE, the date and time utility that sets the local date and time by polling the specified server. Run NTPDATE manually or from the host startup script to set the clock at boot time before NTP starts.
  NTPDATE does not set the date if NTP is already running on the same host.
  For information about using NTPDATE, see Section 13.7.1.
• NTPTRACE, the trace utility that follows the chain of NTP servers back to their master time source. For information about using NTPTRACE, see Section 13.7.2.
• NTPDC, the special query program that provides extensive state and statistics information and allows you to set configuration options at run time. Run this program in interactive mode or with command-line arguments.
  For information about using NTPDC, see Section 13.7.3.
• NTPQ, the standard query program that queries NTP servers about their current state and requests changes to that state.
  For information about using NTPQ, see Section 13.7.4.
• NTP_GENKEYS, the random key generator program that generates random keys that are used by the NTP Version 3 and NTP Version 4 symmetric key authentication scheme.
  For information about using NTP_GENKEYS, see Section 13.7.5.
  To define the commands described in the following sections, run the following procedure:

  $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM

The NTPDATE program sets the local date and time by polling a specified server or servers to determine the correct time. A number of samples are obtained from each of the servers specified, and a subset of the NTP clock filter and selection algorithms are applied to select the best samples. The accuracy and reliability of NTPDATE depends on the number of servers it polls, the number of polls it makes each time it runs, and the interval length between runs.

Run NTPDATE manually to set the host clock or from the host startup file to set the clock at boot time. In some cases, it is useful to set the clock manually before you start NTP. The NTPDATE program makes time adjustments (called "stepping the time") by calling the OpenVMS routine SYS$SETIME.

Enter specific commands using the following format:

NTPDATE [option...] host [host...]

For example, the following command sets the clock based on the time provided from one of the specified hosts (BIRDY, OWL, or FRED):

$ NTPDATE BIRDY OWL FRED

NTP sets the date and time by polling the servers you specify as arguments to the command. Samples are obtained from each of the specified servers. NTP then analyzes the results to select the best server to use as a time source. Table 13-4 describes the NTPDATE command options.

Use the NTPTRACE utility to determine the source from which an NTP server obtains its time. NTPTRACE follows the chain of time servers back to the master time source.

Use the following syntax when entering commands:

NTPTRACE [option...]

The following example shows output from an NTPTRACE command. In the following example, the chain of servers is from the local host to the stratum 1 server FRED, which is synchronizing to a GPS reference clock:

$ NTPTRACE

LOCALHOST: stratum 3, offset -0.000000, synch distance1.50948
parrot.birds.com: stratum 2, offset -0.126774, synch distance 0.00909
fred.birds.com: stratum 1, offset -0.129567, synch distance 0.00168,
refid 'GPS'

All times are in seconds. The output fields on each line are as follows:

• Host name
• Host stratum
• Time offset between the host and the local host (not always zero for LOCALHOST).
• Synchronization distance
• Reference clock ID (only for stratum 1 servers)

Table 13-5 describes the NTPTRACE command options.

You can make run-time changes to NTP with query commands by running the NTPDC utility. NTPDC displays time values in seconds.

Run-time requests are always authenticated requests. Authentication not only provides verification that the requester has permission to make such changes, but also gives an extra degree of protection against transmission errors.

The reconfiguration facility works well with a server on the local host and between time-synchronized hosts on the same LAN. The facility works poorly for more distant hosts. Authenticated requests include a timestamp. The server compares the timestamp to its receive timestamp. If they differ by more than a small amount, the request is rejected for the following reasons:

• To make it more difficult for an intruder to overhear traffic on your LAN.
• To make it more difficult for topologically remote hosts to request configuration changes to your server.

To run NTPDC, enter the following command:

$ NTPDC
NTPDC>

At the NTPDC> prompt, enter the appropriate type of command from the following list:

• Interactive commands
• Control commands
• Run-time configuration request commands

The following sections describe the NTPDC commands.

13.7.3.1 NTPDC Interactive Commands

Interactive commands consist of a command name followed by one or more keywords. The interactive commands include:

• help [command-keyword]
  Enter a question mark (?) to display a list of all the command keywords known to this version of NTPDC. Enter a question mark followed by a command keyword to display information about the function and use of the command.
• host hostname
  Sets the host to which future queries will be sent. The hostname can be either a host name or a numeric address.
• hostnames [ yes | no ]
  If you specify yes , host names are displayed. If you specify no , numeric addresses are displayed. The default is yes unless you include the -n option on the command line, as described in Table 13-5.
• keyid key-ID
  Specifies the key number to be used to authenticate configuration requests. This must correspond to a key number the server has been configured to use for this purpose.
• quit
  Exits NTPDC.
• passwd
  Prompts you to enter a password (not echoed) to be used to authenticate configuration requests. The password must correspond to the key configured for use by the NTP server for this purpose.
• timeout milliseconds
  Specify a timeout period for responses to server queries. The default is about 8000 milliseconds (8 seconds). Because NTPDC retries each query once after a timeout, the total waiting time for a timeout is twice the timeout value set.

Control message commands request information about the server. These are read-only commands in that they make no modification of the server configuration state.

The NTPDC control message commands include:

• listpeers
  Displays a brief list of the peers for which the server is maintaining state. These include all configured peer associations as well as peers whose stratum is such that the server considers them to be possible future synchronization candidates.
• peers
  Obtains a list of peers for which the server is maintaining state, along with a summary of that state. The summary information includes:
  • The address of the remote peer
  • The local interface address (0.0.0.0 if a local address has not been determined)
  • The stratum of the remote peer (a stratum of 16 indicates the remote peer is unsynchronized)
  • The polling interval (in seconds)
  • The reachability register (in octal)
  • The current estimated delay, offset, and dispersion of the peer (in seconds)
  
  In addition, the character in the left margin indicates the operating mode of this peer entry, as follows:

  Plus sign (+) denotes symmetric active.
  Minus sign (-) indicates symmetric passive.
  Equals sign (=) means the remote server is being polled in client mode.
  Up arrow (^) indicates that the server is broadcasting to this address.
  Tilde (~) denotes that the remote peer is sending broadcasts.
  Asterisk (*) marks the peer to which the server is currently synchronizing.

  
  The contents of the host field can be one of the following four forms:
  • Host name
  • IP address
  • Reference clock implementation name with its parameter
  • REFCLK (implementation number parameter)
  
  If you specify hostnames no , only IP addresses are displayed.
• dmpeers
  Displays a slightly different peer summary list, identical to the output of the peers command except for the character in the leftmost column. Characters appear only beside peers that were included in the final stage of the clock selection algorithm:

  Dot (.) indicates that this peer was rejected in the "falseticker" detection.
  Plus sign (+) indicates that the peer was accepted.
  Asterisk (*) denotes the peer to which the server is currently synchronizing.

• showpeer peer-address [...]
  Shows a detailed display of the current peer variables for one or more peers.
• pstats peer-address [...]
  Shows per-peer statistics counters associated with the specified peers.
• loopinfo [ oneline | multiline ]
  Displays the values of selected loop-filter variables. The loop filter is the part of NTP that adjusts the local system clock. These options include:
  • offset --- the last offset given to the loop filter by the packet processing code.
  • frequency --- the frequency error of the local clock (in parts per million).
  • time_const --- controls the stiffness of the phase-lock loop and, therefore, the speed at which it can adapt to oscillator drift.
  • watchdog timer --- the number of seconds that have elapsed since the last sample offset was given to the loop filter.
  
  The oneline and multiline options specify the format in which this information is to be displayed; multiline is the default.
• sysinfo
  Displays a variety of system state variables, such as the state related to the local server. These variables include:
  • system flags --- shows various system flags, some of which can be set and cleared by the enable and disable configuration commands, respectively. These are the auth , bclient , monitor , ntp , and stats flags.
  • stability --- the residual frequency error remaining after the system frequency correction is applied. It is intended for maintenance and debugging.
  • broadcastdelay --- shows the default broadcast delay as set by the broadcastdelay configuration command.
  • authdelay --- shows the default authentication delay as set by the authdelay configuration command.
• sysstats
  Displays statistics counters maintained in the protocol module.
• memstats
  Displays statistics counters related to memory allocation code.
• iostats
  Displays statistics counters maintained in the input/output module.
• timerstats
  Displays statistics counters maintained in the timer/event queue support code.
• reslist
  Displays the server's restriction list. This list is displayed in the order in which the restrictions are applied.
• monlist [ version]
  Displays traffic counts collected. This information is maintained by the monitor facility. Normally you do not need to specify the version number.