NTP
The Network Time Protocol (NTP) Distribution
https://www.eecis.udel.edu/~mills/ntp/html/ntpd.html
https://www.eecis.udel.edu/~mills/ntp/html/warp.html
概要
NTPD [-46aAbdDgLmnNqx] [-c的ConfFile ] [-f driftfile ] [-i jaildir ] [-I InterfaceOrAddress ] [-k密钥文件] [-l日志文件] [-p pidfile进程文件] [-P优先] [-r broadcastdelay ] [ -s statsdir ] [ -t键] [ -u用户[:组] ] [ -U interface_update_interval ] [ -v变量] [ -V变量]
描述
该NTPD程序是操作系统守护程序,同步系统时钟到远程NTP时间服务器或本地参考时钟。它是 RFC-5905 定义的 NTP 版本 4 的完整实现,但也保持与 RFC-1305 定义的版本 3 以及分别由 RFC-1059 和 RFC-1119 定义的版本 1 和 2 兼容。该程序可以在多种模式中的任何一种下运行,包括客户端/服务器、对称和广播模式,以及对称密钥和公钥加密
该NTPD程序通常需要在此页上描述的配置文件。它包含上面列出的页面中描述的配置命令。然而,客户端可以发现远程服务器并自动配置它们。这使得部署一组工作站成为可能,而无需指定特定于本地环境的配置细节。更多详情请见
该NTPD程序正常连续运行,同时调整系统时间和频率,但在某些情况下,这不太现实。使用-q选项ntpd以连续模式运行,但在第一次设置时钟后立即退出。大多数应用程序可能希望使用服务器命令指定iburst选项。使用此选项,将交换大量消息以整理数据并将时钟设置为大约 10 秒。如果几分钟后没有任何声音,守护进程就会超时并退出而不设置时钟。
Command Line Options
- -4
- Force DNS resolution of host names to the IPv4 namespace.
- -6
- Force DNS resolution of host names to the IPv6 namespace.
- -a
- Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the same operation as the enable auth command and is the default.
- -A
- Do not require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the same operation as the disable auth command and almost never a good idea.
- -b
- Enable the client to synchronize to broadcast servers.
- -c conffile
- Specify the name and path of the configuration file. Without the option the default is /etc/ntp.conf.
- -d
- Disable switching into daemon mode, so ntpd stays attached to the starting terminal which will get all the debugging printout. Also, ^C will kill it. This option may occur more than once, with each occurrence indicating greater detail of display.
- -D level
- Specify debugging level directly, with level corresponding to the numbe of -d options..
- -f driftfile
- Specify the name and path of the frequency file. This is the same operation as the driftfile driftfile configuration command.
- -g
- Normally, ntpd exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. See the tinker command for other options.
- -i jaildir
- Chroot the server to the directory jaildir. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a -u option.
- -I [address | interface name]
- Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.
- -k keyfile
- Specify the name and path of the symmetric key file. This is the same operation as the keys keyfile command.
- -l logfile
- Specify the name and path of the log file. The default is the system log file. This is the same operation as the logfile logfile command.
- -m
- Once the system clock is synchronized, register with mDNS as an available server.
- -L
- Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.
- -M
- Raise scheduler precision to its maximum (1 ms) using timeBeginPeriod. (Windows only)
- -n
- Don't fork.
- -N
- To the extent permitted by the operating system, run the ntpd at the highest priority.
- -p pidfile
- Specify the name and path of the file used to record the ntpd process ID. This is the same operation as the pidfile pidfile command.
- -P priority
- To the extent permitted by the operating system, run the ntpd at the specified priority.
- -q
- Exit the ntpd just after the first time the clock is set. This behavior mimics that of the ntpdate program, which is to be retired. The -g and -x options can be used with this option. Note: The kernel time discipline is disabled with this option.
- -r broadcastdelay
- Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
- -s statsdir
- Specify the directory path for files created by the statistics facility. This is the same operation as the statsdir statsdir command.
- -t key
- Add a key number to the trusted key list. This option can occur more than once. This is the same operation as the trustedkey key command.
- -u user[:group]
- Specify a user, and optionally a group, to switch to. This option is only available if the OS supports running the server without full root privileges. Currently, this option is supported under NetBSD (configure with --enable-clockctl) and Linux (configure with --enable-linuxcaps).
- -U interface update interval
- Number of seconds to wait between interface list scans to pick up old and delete network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes.
- -v variable
-V variable - Add a system variable listed by default.
- -x
- Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the -g and -q options. See the tinker command for other options. Note: The kernel time discipline is disabled with this option.
- --pccfreq frequency
- Substitute processor cycle counter for QueryPerformanceCounter unconditionally using the given frequency (in Hz). --pccfreq can be used on systems which do not use the PCC to implement QueryPerformanceCounter and have a fixed PCC frequency. The frequency specified must be accurate within 0.5 percent. --usepcc is equivalent on many systems and should be tried first, as it does not require determining the frequency of the processor cycle counter. For x86-compatible processors, the PCC is also referred to as RDTSC, which is the assembly-language instruction to retrieve the current value. (Windows only)
- --usepcc
- Substitute processor cycle counter for QueryPerformanceCounter if they appear equivalent. This option should be used only if the PCC frequency is fixed. Power-saving functionality on many laptops varies the PCC frequency. (Windows only)
配置文件
通常,ntpd在启动时读取ntp.conf配置文件以确定同步源和操作模式。也可以完全在命令行上指定一个有效的配置,虽然有限制,但不需要配置文件。当本地主机被配置为广播客户端时,这可能特别有用,服务器通过在运行时监听广播来确定。
通常,配置文件安装为/etc/ntp.conf,但也可以安装在其他地方(请参阅-c conffile命令行选项)。文件格式与其他 Unix 配置文件类似——注释以#字符开头并延伸到行尾;空行被忽略。
配置命令包含一个初始命令关键字,后跟由空格分隔的选项关键字列表。命令不能在多行中继续。选项可以是主机名、以数字、点分四组形式编写的主机地址、整数、浮点数(当指定时间以秒为单位时)和文本字符串。可选参数在选项页面中由[ ]分隔,而替代参数由|分隔。. 记号[...]指的最后一个项目的前一个可选的,不断重复的[...] 。
Files
| File | Default | Option | Option |
| configuration file | /etc/ntp.conf | -c | conffile |
| frequency file | none | -f | driftfile |
| leapseconds file | none | leapfile | |
| process ID file | none | -p | pidfile |
| log file | system log | -l | logfile |
| include file | none | none | includefile |
| statistics path | /var/NTP | -s | statsdir |
| keys path | /usr/local/etc | none | keysdir |
