The GQ parameter generation process produces a key file that is shared between all members of an NTP Trust Group.

Perform the following steps to use the GQ scheme:

1. On both Alice and Bob, add two lines to TCPIP$NTP.CONF :

   keysdir SYS$SPECIFIC:[TCPIP$NTP] crypto pw littlesecret

2. On Bob, add the server line for Alice to Bob's TCPIP$NTP.CONF :

   server alice autokey

3. On Alice, generate the GQ parameters:

   ALICE>ntp_keygen -"T" -"G" -p littlesecret

4. On Bob, generate the client parameters using the server password:

   BOB>ntp_keygen -"H" -p littlesecret

5. Copy the GQ group key tcpip$ntpkey_gqpar_alice.timestamp from Alice to Bob's keysdir.
6. On Bob, create a symbolic link to the file, using the -r option to specify the server name:

   BOB>ntp_keygen -"G" -r alice -l tcpip$ntpkey_gqpar_alice.timestamp

7. Start NTP on Alice and Bob:

   ALICE>@sys$startup:tcpip$ntp_startup BOB>@sys$startup:tcpip$ntp_startup

The MV parameter generation process produces a server key which must not be distributed to other members of the NTP Trust Group, and a number of client keys.

Perform the following steps to use the MV scheme:

1. On both Alice and Bob, add two lines to TCPIP$NTP.CONF :

   keysdir SYS$SPECIFIC:[TCPIP$NTP] crypto pw littlesecret

2. On Bob, add the server line for Alice to Bob's TCPIP$NTP.CONF :

   server alice autokey

3. On Alice, generate the MV parameters. The MV parameter generation process produces a server key and a number of client keys. When choosing the number of client keys avoid factors of 512 and do not exceed 30. The following command generates four keys (N-1, where N is 5):

   ALICE>ntp_keygen -"T" -"V" 5 -p littlesecret

4. On Bob, generate the client parameters using the server password:

   BOB>ntp_keygen -"H" -p littlesecret

5. Copy any one of the MV client keys tcpip$ntpkey_mvkeyN_alice.timestamp from Alice to Bob's keysdir.
6. On Bob, create a symbolic link to the file. Specify 1 after the -"V" option so it does not complain that the -"V" option requires a value. The 1 will be ignored.

   BOB>ntp_keygen -"V" 1 -l tcpip$ntpkey_mvkeyN_alice.timestamp

7. Start NTP on Alice and Bob:

   ALICE>@sys$startup:tcpip$ntp_startup BOB>@sys$startup:tcpip$ntp_startup

Append autokey to the broadcast line in tcpip$ntp.conf for the broadcast/multicast address that you want to authenticate with Autokey:

broadcast my.broadcast.or.multicast.address autokey

The assigned NTP Multicast address is 224.0.1.1, but other valid multicast addresses may be used.

13.7.9.1.9 Monitoring Authentication Status

Use ntpq -c assoc to check the authentication status of ntp associations.

Authenticated associations display ok in the auth column:

ind assID status conf reach auth condition last_event cnt =========================================================== 1 60 9614 yes yes ok sys.peer reachable 1

Use ntpq -c readvar to view the Autokey certificates help by the NTP Server.

13.7.9.2 Updating the Client and Server Parameters

The client and server key and certificate are valid for only one year and should be updated periodically (e.g., monthly).

Update the server(s) with the following command:

$ntp_keygen -"T" -q serverpassword

Update the client(s) with the following command:

$ntp_keygen -q clientpassword

13.8 NTP Utilities

NTP provides several utility programs that help you manage and make changes to the NTP server. These utilities include:

• NTPDATE, the date and time utility that sets the local date and time by polling the specified server. Run NTPDATE manually or from the host startup script to set the clock at boot time before NTP starts.
  NTPDATE does not set the date if NTP is already running on the same host.
  For information about using NTPDATE, see Section 13.8.1.
• NTPTRACE, the trace utility that follows the chain of NTP servers back to their master time source. For information about using NTPTRACE, see Section 13.8.2.
• NTPDC, the special query program that provides extensive state and statistics information and allows you to set configuration options at run time. Run this program in interactive mode or with command-line arguments.
  For information about using NTPDC, see Section 13.8.3.
• NTPQ, the standard query program that queries NTP servers about their current state and requests changes to that state.
  For information about using NTPQ, see Section 13.8.4.
• NTP_GENKEYS, the random key generator program that generates random keys that are used by the NTP Version 3 and NTP Version 4 symmetric key authentication scheme.
  To define the commands described in the following sections, run the following procedure:

  $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM

The NTPDATE program sets the local date and time by polling a specified server or servers to determine the correct time. A number of samples are obtained from each of the servers specified, and a subset of the NTP clock filter and selection algorithms are applied to select the best samples. The accuracy and reliability of NTPDATE depends on the number of servers it polls, the number of polls it makes each time it runs, and the interval length between runs.

Run NTPDATE manually to set the host clock or from the host startup file to set the clock at boot time. In some cases, it is useful to set the clock manually before you start NTP. The NTPDATE program makes time adjustments (called "stepping the time") by calling the OpenVMS routine SYS$SETIME.

Enter specific commands using the following format:

NTPDATE [option...] host [host...]

For example, the following command sets the clock based on the time provided from one of the specified hosts (BIRDY, OWL, or FRED):

$ NTPDATE BIRDY OWL FRED

NTP sets the date and time by polling the servers you specify as arguments to the command. Samples are obtained from each of the specified servers. NTP then analyzes the results to select the best server to use as a time source. Table 13-4 describes the NTPDATE command options.

Table 13-4 NTPDATE Options

Option	Description
-d	Prints information useful for debugging. Does not change the time.
-o version	Specifies the NTP version (1, 2, or 3) for outgoing packets (for compatibility with older versions of NTP). Version 4 is the default.
-p n	Specifies the number of samples NTPDATE acquires from each server. The default is 4. You can specify from 1 to 8.
-q	Specifies a query only; does not set the clock.

13.8.2 Tracing a Time Source with NTPTRACE

Use the NTPTRACE utility to determine the source from which an NTP server obtains its time. NTPTRACE follows the chain of time servers back to the master time source.

Use the following syntax when entering commands:

NTPTRACE [option...]

The following example shows output from an NTPTRACE command. In the following example, the chain of servers is from the local host to the stratum 1 server FRED, which is synchronizing to a GPS reference clock:

$ NTPTRACE LOCALHOST: stratum 3, offset -0.000000, synch distance1.50948 parrot.birds.com: stratum 2, offset -0.126774, synch distance 0.00909 fred.birds.com: stratum 1, offset -0.129567, synch distance 0.00168, refid 'GPS'

All times are in seconds. The output fields on each line are as follows:

• Host name
• Host stratum
• Time offset between the host and the local host (not always zero for LOCALHOST).
• Synchronization distance
• Reference clock ID (only for stratum 1 servers)

Table 13-5 describes the NTPTRACE command options.

Table 13-5 NTPTRACE Options

Option	Description
-d	Enables debugging output.
-n	Displays IP addresses instead of host names. This may be necessary if a name server is down.
-r retries	Sets the number of retransmission attempts for each host. The default is 5.
-t timeout	Sets the retransmission timeout (in seconds). The default is 2.
-v	Displays additional information about the NTP servers.

13.8.3 Making Run-Time Requests with NTPDC

You can make run-time changes to NTP with query commands by running the NTPDC utility. NTPDC displays time values in seconds.

Run-time requests are always authenticated requests. Authentication not only provides verification that the requester has permission to make such changes, but also gives an extra degree of protection against transmission errors.

The reconfiguration facility works well with a server on the local host and between time-synchronized hosts on the same LAN. The facility works poorly for more distant hosts. Authenticated requests include a timestamp. The server compares the timestamp to its receive timestamp. If they differ by more than a small amount, the request is rejected for the following reasons:

• To make it more difficult for an intruder to overhear traffic on your LAN.
• To make it more difficult for topologically remote hosts to request configuration changes to your server.

To run NTPDC, enter the following command:

$ NTPDC NTPDC>

At the NTPDC> prompt, enter the appropriate type of command from the following list:

• Interactive commands
• Control commands
• Run-time configuration request commands

The following sections describe the NTPDC commands.

13.8.3.1 NTPDC Interactive Commands

Interactive commands consist of a command name followed by one or more keywords. The interactive commands include:

• help [command-keyword]
  Enter a question mark (?) to display a list of all the command keywords known to this version of NTPDC. Enter a question mark followed by a command keyword to display information about the function and use of the command.
• host hostname
  Sets the host to which future queries will be sent. The hostname can be either a host name or a numeric address.
• hostnames [ yes | no ]
  If you specify yes , host names are displayed. If you specify no , numeric addresses are displayed. The default is yes unless you include the -n option on the command line, as described in Table 13-5.
• keyid key-ID
  Specifies the key number to be used to authenticate configuration requests. This must correspond to a key number the server has been configured to use for this purpose.
• quit
  Exits NTPDC.
• passwd
  Prompts you to enter a password (not echoed) to be used to authenticate configuration requests. The password must correspond to the key configured for use by the NTP server for this purpose.
• timeout milliseconds
  Specify a timeout period for responses to server queries. The default is about 8000 milliseconds (8 seconds). Because NTPDC retries each query once after a timeout, the total waiting time for a timeout is twice the timeout value set.

Control message commands request information about the server. These are read-only commands in that they make no modification of the server configuration state.

The NTPDC control message commands include:

• listpeers
  Displays a brief list of the peers for which the server is maintaining state. These include all configured peer associations as well as peers whose stratum is such that the server considers them to be possible future synchronization candidates.
• peers
  Obtains a list of peers for which the server is maintaining state, along with a summary of that state. The summary information includes:
  • The address of the remote peer
  • The local interface address (0.0.0.0 if a local address has not been determined)
  • The stratum of the remote peer (a stratum of 16 indicates the remote peer is unsynchronized)
  • The polling interval (in seconds)
  • The reachability register (in octal)
  • The current estimated delay, offset, and dispersion of the peer (in seconds)
  
  In addition, the character in the left margin indicates the operating mode of this peer entry, as follows:

  Plus sign (+) denotes symmetric active.
  Minus sign (-) indicates symmetric passive.
  Equals sign (=) means the remote server is being polled in client mode.
  Up arrow (^) indicates that the server is broadcasting to this address.
  Tilde (~) denotes that the remote peer is sending broadcasts.
  Asterisk (*) marks the peer to which the server is currently synchronizing.

  
  The contents of the host field can be one of the following four forms:
  • Host name
  • IP address
  • Reference clock implementation name with its parameter
  • REFCLK (implementation numberparameter)
  
  If you specify hostnames no , only IP addresses are displayed.
• dmpeers
  Displays a slightly different peer summary list, identical to the output of the peers command except for the character in the leftmost column. Characters appear only beside peers that were included in the final stage of the clock selection algorithm:

  Dot (.) indicates that this peer was rejected in the "falseticker" detection.
  Plus sign (+) indicates that the peer was accepted.
  Asterisk (*) denotes the peer to which the server is currently synchronizing.

• showpeer peer-address [...]
  Shows a detailed display of the current peer variables for one or more peers.
• pstats peer-address [...]
  Shows per-peer statistics counters associated with the specified peers.
• loopinfo [ oneline | multiline ]
  Displays the values of selected loop-filter variables. The loop filter is the part of NTP that adjusts the local system clock. These options include:
  • offset --- the last offset given to the loop filter by the packet processing code.
  • frequency --- the frequency error of the local clock (in parts per million).
  • time_const --- controls the stiffness of the phase-lock loop and, therefore, the speed at which it can adapt to oscillator drift.
  • watchdog timer --- the number of seconds that have elapsed since the last sample offset was given to the loop filter.
  
  The oneline and multiline options specify the format in which this information is to be displayed; multiline is the default.
• sysinfo
  Displays a variety of system state variables, such as the state related to the local server. These variables include:
  • system flags --- shows various system flags, some of which can be set and cleared by the enable and disable configuration commands, respectively. These are the auth , bclient , monitor , ntp , and stats flags.
  • stability --- the residual frequency error remaining after the system frequency correction is applied. It is intended for maintenance and debugging.
  • broadcastdelay --- shows the default broadcast delay as set by the broadcastdelay configuration command.
  • authdelay --- shows the default authentication delay as set by the authdelay configuration command.
• sysstats
  Displays statistics counters maintained in the protocol module.
• memstats
  Displays statistics counters related to memory allocation code.
• iostats
  Displays statistics counters maintained in the input/output module.
• timerstats
  Displays statistics counters maintained in the timer/event queue support code.
• reslist
  Displays the server's restriction list. This list is displayed in the order in which the restrictions are applied.
• monlist [ version]
  Displays traffic counts collected. This information is maintained by the monitor facility. Normally you do not need to specify the version number.

The following commands make authenticated requests:

• addpeer peer-address key-ID[version] [prefer]
  Adds a configured peer association at the given address and operates in symmetric active mode. The existing association with the same peer can be deleted when this command is executed or can be converted to conform to the new configuration.
  The key-ID is the key identifier for requestkey , as described in Table 13-3. All outgoing packets to the remote server have an authentication field attached that is encrypted with this key.
  The value for version can be 1, 2, 3 or 4. The default is Version 4.
  The prefer keyword indicates a preferred peer that will be used for clock synchronization, if possible.
• addserver peer-address key-ID [version] [prefer]
  This command is the same as addpeer except that the operating mode is client.
• broadcast peer-address key-ID[version] [prefer]
  This command is the same as addpeer except that the operating mode is broadcast. In this case, a valid key identifier and key value are required. The peer-address parameter can be either the broadcast address of the local network or a multicast group address assigned to NTP.
• unconfig peer-address [...]
  Causes the configured bit to be removed from the specified remote peer. This command deletes the peer association. When appropriate, however, the association may persist in an unconfigured mode if the remote pee continues in this fashion.
• enable [flag] [...]
  disable [flag] [...]
  These commands operate in the same way as the enable and disable configuration commands. For details, see Section 13.4.2.
• fudge peer-address [time1] [time2] [stratum stratum] [refID]
  Provides a way to set time, stratum, and identification data for a reference clock. (The TCP/IP Services product supports only the local reference clock.)

Use the following syntax to enter the NTPDC foreign command:

NTPDC [-i] [-l] [-n] [-p] [-s] [-c command][host1,host2,...]

Table 13-6 describes the NTPDC options.

Table 13-6 NTPDC Options

Option	Description
-c command	The command argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified hosts. You can specify multiple -c options.
-i	Forces NTPDC to operate in interactive mode.
-l	Obtains a list of peers that are known to the servers.
-n	Displays all host addresses in numeric format rather than converting them to host names.
-p	Displays a list of the peers known to the server as well as a summary of their state.
-s	Displays a list of the peers known to the server as well as a summary of their state. Uses a slightly different format than the -p option.