ntpd4 Daemon
Purpose
Network Time Protocol (NTP) Daemon.
Syntax
ntpd4 [ -4 ] [ -6 ] [ -a ] [ -A ] [ -b ] [ -c conffile ] [ -d ] [ -D level ] [-f driftfile] [ -g] [-i jaildir] [ -k keyfile] [-l logfile] [-L] [ -n ] [ -N ] [ -p pidfile] [ -P priority ] [-q] [-r broadcastdelay] [ -s statsdir] [-t key] [ -u user[:group]] [ -U interface update interval] [ -v variable] [-V variable] [-x]
Description
The ntpd program is an operating system daemon, that sets and maintains the system time-of-day in synchrony with the Internet Standard Time servers. The ntpd program is a complete implementation of the Network Time Protocol (NTP) version 4, and also retains compatibility with version 3, as defined by the RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The ntpd program generally computes in 64-bit floating point arithmetic mode. If a precision of 232 picoseconds need to be maintained, then ntpd computes in 64-bit fixed point mode. The ultimate precision of 232 picoseconds is not achievable with existing workstations and networks, however, this precision may be required with future Gigahertz CPU clocks and Gigabit LANs.
Frequency Discipline
The ntpd behavior at startup depends on the frequency file, usually ntp.drift. This file contains the latest estimate of clock frequency error. When the ntpd daemon is started and the file does not exist, the ntpd enters a special mode designed to quickly adapt to the particular system clock oscillator time and frequency error. This takes approximately 15 minutes, after which the time and frequency are set to nominal values and the ntpd enters normal mode of operation, where the time and frequency are continuously tracked relative to the server. After one hour the frequency file is created and the current frequency offset is written to this file. When the ntpd is started and the file does exist, the ntpd frequency is initialized from the file and ntpd enters the normal mode of operation. After that the current frequency offset is written to the file at hourly intervals.
Operating Modes
The ntpd program can operate in any of the several modes, including symmetric active/passive, client/server, and broadcast/multicast. The ntpd normally operates continuously while monitoring for small changes in frequency and trimming the clock for the ultimate precision. The ntpd can operate in a one-time mode where the time is set from an external server and frequency is set from a previously recorded frequency file. A broadcast or multicast client can discover remote servers, compute server-client propagation delay correction factors and configure itself automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment.
By default, ntpd runs in continuous mode where each of the possibly several external servers are polled at intervals determined by an intricate state machine. The state machine measures the incidental roundtrip delay jitter and the oscillator frequency wander and determines the best poll interval using a heuristic algorithm. Ordinarily, and in most operating environments, the state machine starts with 64 seconds intervals and eventually increases in steps to 1024 seconds. A small amount of random variation is introduced in order to avoid bunching at the servers. In addition, should a server become unreachable for some time, the poll interval is increased in steps to 1024 seconds in order to reduce network overhead.
In some cases it may not be practical for ntpd to run continuously. A common workaround has been to run the ntpdate program from a cron job at designated times. However, this program does not have the crafted signal processing, error checking and mitigation algorithms of ntpd. The -q option is intended for this purpose. Setting this option will cause ntpd to exit just after setting the clock for the first time. The procedure for initially setting the clock is the same as in continuous mode; most applications specify the iburst command with the server configuration command. With this command a volley of messages are exchanged to groom the data and the clock is set in to about 10 second. If no response is received, after a couple of minutes, the daemon times out and exits. After a certain period if no response is received, the ntpdate program is stopped.
Flags
| Item | Description |
|---|---|
| -4 | Forces DNS resolution of host names to the IP version 4 namespace. |
| -6 | Force DNS resolution of host names to the IP version 6 namespace. |
| -a | Requires cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default value. |
| -A | Does not require cryptographic authentication for broadcast client, multicast client, and symmetric passive associations. |
| -b | Enables the client to synchronize to broadcast servers. |
| -c conffile | Specifies the name and path of the configuration file, default /etc/ntp.conf. |
| -d | Specifies debugging mode. This option may occur more than once, with each occurrence indicating greater detail of display. |
| -D level | Specifies the debugging level directly. |
| -f driftfile | Specifies the name and path of the frequency file, default /etc/ntp.drift. This is the same operation as the driftfile driftfile configuration command. |
| -g | Allows the time to be set to any value without restriction; this can happen only once. The ntpd command exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 seconds by default. If the threshold is exceeded after that, ntpd will exit with a message to the system log. This option can be used with the -q and -x options. |
| -i jaildir | The chroot command directs the server to the directory jaildir. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the operating system supports to run the server without full root privileges. You must specify a -u option. |
| -k keyfile | Specifies the name and path of the symmetric key file, default /etc/ntp.keys.
This is the same operation as the keys keyfile configuration command. |
| -l logfile | Specifies the name and path of the log file. The default is the system log file. This is the same operation as the logfile configuration command. |
| -L | Does not listen to virtual IPs. The default is to listen. |
| -n | Does not fork. |
| -N | Runs the ntpd at the highest priority level to the extent permitted by the operating system. |
| -p pidfile | Specifies the name and path of the file used to record the ntpd process ID. This is the same operation as the pidfile pidfile configuration command. |
| -P priority | Runs the ntpd at the specified priority to the extent permitted by the operating system. |
| -q | Exits the ntpd just after the first time
the clock is set. This behavior mimics that of the ntpdate program,
which is to be retired. The -g and -x options can be
used with this option. Note: The kernel time discipline is disabled
with this option.
|
| -r broadcastdelay | Specifies the default propagation delay from the broadcast/multicast server to the client. This is necessary only if the delay cannot be computed automatically by the protocol. |
| -s statsdir | Specifies the directory path for files created by the statistics facility. This is the same operation as the statsdir configuration command. |
| -t key | Adds a key number to the trusted key list. This option can occur more than once. |
| -u user[:group] | Specifies an user, and optionally a group, to switch. This option is only available if the operating system supports running the server without complete root privileges. |
| -U interface update interval | Specifies the number of seconds to wait between the interface list scans to pick up new and deleted network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes. |
| -v variable -V variable |
Adds a system variable listed by default. |
| -x | Slews the time if the offset is less than the step threshold, which is 128 milliseconds by default, and steps up if above the threshold. This option sets the threshold to 600 seconds, which is well within the accuracy window to set the clock manually. |
Exit Status
- 0
- Successful completion.
- > 0
- An error occurred.
Security
Access Control : You must have root authority to run this command.
Auditing Events : N/A
Examples
The symbolic link /usr/sbin/xntpd by default points to NTP v3 daemon (/usr/sbin/ntp3/xntpd ). To run NTP v4 daemon ( /usr/sbin/ntp4/ntpd4), modify the symbolic link so that it points to the v4 daemon
/usr/sbin/xntpd-->
/usr/sbin/ntp4/ntpd4- To start the xntpd daemon, enter:
startsrc -s xntpd - To stop the xntpd daemon, enter:
stopsrc -s xntpd
Files
| Item | Description |
|---|---|
/usr/sbin/ntp4/ntpd4 |
Contains the ntpd4 daemon. Default Symbolic link
to NTP version 3 binary from
/usr/sbin directory. |
/etc/ntp.conf |
Contains the default configuration file. |
/etc/ntp.drift |
Contains the default drift file. |