diff options
| -rw-r--r-- | usr.sbin/ntpd/ntpd.conf.5 | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.sbin/ntpd/ntpd.conf.5 b/usr.sbin/ntpd/ntpd.conf.5 index 38ce229b6e4..69ee4ee649f 100644 --- a/usr.sbin/ntpd/ntpd.conf.5 +++ b/usr.sbin/ntpd/ntpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ntpd.conf.5,v 1.39 2019/11/10 18:46:53 deraadt Exp $ +.\" $OpenBSD: ntpd.conf.5,v 1.40 2019/11/10 19:28:34 deraadt Exp $ .\" .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> .\" @@ -146,6 +146,7 @@ A server with a weight of 5, for example, will have five times more influence on time offset calculation than a server with a weight of 1. .It Xo Ic server Ar address +.Op Ic trusted .Op Ic weight Ar weight-value .Xc Specify the IP address or the hostname of an NTP @@ -169,7 +170,19 @@ server ntp.example.org weight 1 To provide redundancy, it is good practice to configure multiple servers. In general, best accuracy is obtained by using servers that have a low network latency. +.Pp +The +.Ic trusted +keyword indicates the server is connected closely on a secure network such that +NTP packets cannot be injected as man-in-the-middle attacks. +NTP packets from these servers are considered truthful without validation +by +.Ic constraints . +This is useful for boot-time correction in environments where +.Ic constraints +cannot be used. .It Xo Ic servers Ar address +.Op Ic trusted .Op Ic weight Ar weight-value .Xc As with |