| blob | f7eefde08314ad1b03a97a67a90113a4e4349c55 |
1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21 # Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
23 # If you do not want to configure your client to listen for multicast, comment
24 # this line out. This should only be used for casual time keeping, like keeping
25 # a desktop system in sync.
27 #multicastclient 224.0.1.1
29 # You can also use broadcast mode. Again, only use for casual timekeeping.
31 #broadcastclient
33 # The default is to require authentication. Without authentication you do not
34 # have any control over what servers your system is getting its time from.
35 # It is possible for another system to target your system to change the time.
36 # However for casual time keeping and ease of administration authentication
37 # may not be necessary. Using authentication is recommended.
39 disable auth
41 # To configure NTP servers, replace the server_name with either the IP address
42 # or hostname of the server you wish to use. If you just want to keep the time
43 # in a causual way, one server may be enough for you. If you wish to keep it
44 # to a more accurate level, 3 or more is recommended. Do not choose 2, because
45 # 2 servers is an unstable configuration. By the same token 3 is only acceptable
46 # if all are always available, since when a single one reboots or otherwise
47 # becomes unavailable, you have just 2. The iburst keyword specifies that
48 # multiple packets be sent at start-up to allow the system to more quickly
49 # get the correct time at boot.
50 #
51 # For a list of Internet NTP servers see
52 # http://support.ntp.org/bin/view/Servers/WebHome
53 # If you use this list, be sure to read, understand and abide by the rules
54 # each server has published for accessing themselves.
55 #
56 # There is also a DNS round-robin pool of public access NTP servers. The
57 # instructions for accessing these are at http://www.pool.ntp.org
58 # Please consider adding your own servers to the pool if possible.
59 #
60 # Many ISP's also provide NTP servers for use by their customers.
62 server 0.openindiana.pool.ntp.org iburst
63 server 1.openindiana.pool.ntp.org iburst
64 server 2.openindiana.pool.ntp.org iburst
65 server 3.openindiana.pool.ntp.org iburst
67 # Always configure the drift file. It can take days for ntpd to completely
68 # stabilize and without the drift file, it has to start over on a reboot
69 # of if ntpd restarts.
71 driftfile /var/ntp/ntp.drift
73 # Permit time synchronization with our time source, but do not
74 # permit the source to query or modify the service on this system.
75 restrict default nomodify notrap nopeer noquery
77 # Permit all access over the loopback interface. This could
78 # be tightened as well, but to do so would effect some of
79 # the administrative functions.
80 restrict 127.0.0.1
81 restrict ::1
83 # It is always wise to configure at least the loopstats and peerstats files.
84 # Otherwise when ntpd does something you don't expect there is no way to
85 # find out why.
87 statsdir /var/ntp/ntpstats/
88 filegen peerstats file peerstats type day enable
89 filegen loopstats file loopstats type day enable
91 # To track the events regarding the system clock, the protostats file can be useful
92 # as well.
94 # Disable the monitoring facility to prevent amplification attacks using ntpdc
95 # monlist command when default restrict does not include the noquery flag. See
96 # CVE-2013-5211 for more details.
97 # Note: Monitoring will not be disabled with the limited restriction flag.
98 disable monitor
100 #filegen protostats file protostats type day enable
102 # To see the current state of the crypto authentication protocols, enable the
103 # cryptostats file.
105 #filegen cryptostats file cryptostats type day enable
107 # The clockstats files are only useful if a hardware reference clock is
108 # configured. See the /etc/inet/ntp.server file for more information about
109 # that.
111 #filegen clockstats file clockstats type day enable
113 # The sysstats and rawstats output might be useful in debugging, but are
114 # not important otherwise.
116 #filegen sysstats file sysstats type day enable
117 #filegen rawstats file rawstats type day enable
119 # There are several types on authentication supported by NTP. The easiest
120 # to use is a set of passwords, called "keys". They should be stored
121 # the /etc/inet/ntp.keys file. Each key in the ntp.keys file can be
122 # assigned to certain types of trust levels. See ntpd(1m) for more
123 # information on setting up key.
125 #keys /etc/inet/ntp.keys
126 #trustedkey 1
127 #requestkey 1
128 #controlkey 1
130 #
131 # To configure leap seconds processing, download the latest NIST leap seconds
132 # file to /etc/inet, and then create a symbolic link to it from the ntp.leap
133 # file. Without this file, NTP will still be able to accept leap announcements
134 # from its upstream sources. If this file exists and is less than 6 months old
135 # then the contents of this file will take precedence over the upstream servers.
136 # The latest leap seconds file is always available at ftp://time.nist.gov/pub
138 #leapfile /etc/inet/ntp.leap