commit 5f0708bbe7d2edd6fb23d9e61731b80e39323e69
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Tue Nov 12 09:56:36 2013 +0100
Updating section IDs to be title case to match the titles
en-US/Configuring_NTP_Using_ntpd.xml
en-US/Configuring_NTP_Using_ntpd.xml | 36 +++++++++++++++++-----------------
1 files changed, 18 insertions(+), 18 deletions(-)
---
diff --git a/en-US/Configuring_NTP_Using_ntpd.xml b/en-US/Configuring_NTP_Using_ntpd.xml
index 457a9bc..3783a66 100644
--- a/en-US/Configuring_NTP_Using_ntpd.xml
+++ b/en-US/Configuring_NTP_Using_ntpd.xml
@@ -138,7 +138,7 @@
Some software may fail or produce an error if the time is changed backwards. For
systems that are sensitive to step changes in the time, the threshold can be changed to
600s instead of 128ms using the <option>-x</option> option (unrelated to the
<option>-g</option> option). Using the <option>-x</option> option
to increase the stepping limit from 0.128s to 600s has a drawback because a different
method of controlling the clock has to be used. It disables the kernel clock discipline
and may have a negative impact on the clock accuracy. The <option>-x</option>
option can be added to the <filename>/etc/sysconfig/ntpd</filename>
configuration file.</para>
</section>
-<section id="s1-Understanding_the_drift_file">
+<section id="s1-Understanding_the_Drift_File">
<title>Understanding the Drift File</title>
<para>
The drift file is used to store the frequency offset between the system clock running
at its nominal frequency and the frequency required to remain in synchronization with UTC.
If present, the value contained in the drift file is read at system start and used to
correct the clock source. Use of the drift file reduces the time required to achieve a
stable and accurate time. The value is calculated, and the drift file replaced, once per
hour by <systemitem class="daemon">ntpd</systemitem>. The drift file
is replaced, rather than just updated, and for this reason the drift file must be in a
directory for which the <systemitem class="daemon">ntpd</systemitem>
has write permissions.
@@ -158,7 +158,7 @@
</section>
-<section id="s1-Authentication_options_for_NTP">
+<section id="s1-Authentication_Options_for_NTP">
<title>Authentication Options for NTP</title>
<para>
<systemitem class="protocol">NTPv4</systemitem> added support
for the Autokey Security Architecture, which is based on public asymmetric cryptography
while retaining support for symmetric key cryptography. The Autokey Security Architecture
is described in <ulink
url="http://www.rfc-editor.org/info/rfc5906"><citetitle
pubwork="webpage">RFC5906 Network Time Protocol Version 4: Autokey
Specification</citetitle></ulink>. The man page
<filename>ntp_auth(5)</filename> describes the authentication options and
commands for <systemitem class="daemon">ntpd</systemitem>.
@@ -167,11 +167,11 @@
An attacker on the network can attempt to disrupt a service by sending <systemitem
class="protocol">NTP</systemitem> packets with incorrect time
information. On systems using the public pool of <systemitem
class="protocol">NTP</systemitem> servers, this risk is mitigated by
having more than three <systemitem class="protocol">NTP</systemitem>
servers in the list of public <systemitem
class="protocol">NTP</systemitem> servers in
<filename>/etc/ntp.conf</filename>. If only one time source is compromised or
spoofed, <systemitem class="daemon">ntpd</systemitem> will ignore
that source. You should conduct a risk assessment and consider the impact of incorrect
time on your applications and organization. If you have internal time sources you should
consider steps to protect the network over which the <systemitem
class="protocol">NTP</systemitem> packets are distributed. If you
conduct a risk assessment and conclude that the risk is acceptable, and the impact to your
applications
minimal, then you can choose not to use authentication.
</para>
<para>
- The broadcast and multicast modes require authentication by default. If you have
decided to trust the network then you can disable authentication by using
<command>disable auth</command> directive in the
<filename>ntp.conf</filename> file. Alternatively, authentication needs to be
configured by using SHA1 or MD5 symmetric keys, or by public (asymmetric) key cryptography
using the Autokey scheme. The Autokey scheme for asymmetric cryptography is explained in
the <filename>ntp_auth(8)</filename> man page and the generation of keys is
explained in <filename>ntp-keygen(8</filename>). To implement symmetric key
cryptography, see <xref
linkend="s2_Configuring_symmetric_authentication_using_a_key" /> for an
explanation of the <option>key</option> option.
+ The broadcast and multicast modes require authentication by default. If you have
decided to trust the network then you can disable authentication by using
<command>disable auth</command> directive in the
<filename>ntp.conf</filename> file. Alternatively, authentication needs to be
configured by using SHA1 or MD5 symmetric keys, or by public (asymmetric) key cryptography
using the Autokey scheme. The Autokey scheme for asymmetric cryptography is explained in
the <filename>ntp_auth(8)</filename> man page and the generation of keys is
explained in <filename>ntp-keygen(8</filename>). To implement symmetric key
cryptography, see <xref
linkend="s2_Configuring_Symmetric_Authentication_Using_a_Key" /> for an
explanation of the <option>key</option> option.
</para>
</section>
-<section id="s1-Managing_the_time_on_Virtual_Machines">
+<section id="s1-Managing_the_Time_on_Virtual_Machines">
<title>Managing the Time on Virtual Machines</title>
<para>
Virtual machines cannot access a real hardware clock and a virtual clock is not stable
enough as the stability is dependent on the host systems work load. For this reason,
para-virtualized clocks should be provided by the virtualization application in use. On
&MAJOROS; with <application>KVM</application> the default clock source is
<option>kvm-clock</option>. See the <ulink
url="http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualizati...
pubwork="chapter">KVM guest timing management</citetitle></ulink>
chapter of the <citetitle pubwork="book">Virtualization Host Configuration
and Guest Installation Guide</citetitle>.
@@ -202,7 +202,7 @@ Virtual machines cannot access a real hardware clock and a virtual
clock is not
<screen>driftfile /var/lib/ntp/drift</screen>
If you change this be certain that the directory is writable by <systemitem
class="daemon">ntpd</systemitem>.
The file contains one value used to adjust the system clock frequency after every
system or service start.
- See <link linkend="s1-Understanding_the_drift_file">Understanding
the Drift File</link> for more information.
+ See <link linkend="s1-Understanding_the_Drift_File">Understanding
the Drift File</link> for more information.
</para>
</listitem>
</varlistentry>
@@ -272,7 +272,7 @@ server
3.rhel.pool.ntp.org iburst</screen>
</note>
</section>
-<section id="s1-Understanding_the_ntpd_sysconfig_file">
+<section id="s1-Understanding_the_ntpd_Sysconfig_File">
<title>Understanding the ntpd Sysconfig File</title>
<para>
The file will be read by the <systemitem
class="daemon">ntpd</systemitem> init script on service start. The
default contents is as follows:
@@ -302,7 +302,7 @@ To check the status of <systemitem
class="daemon">chronyd</systemitem>, issue th
</section>
- <section id="s1-Checking_if_ntpd_is_installed">
+ <section id="s1-Checking_if_the_NTP_Daemon_is_Installed">
<title>Checking if the NTP Daemon is Installed</title>
<para>
To check if <systemitem class="service">ntpd</systemitem>
is installed, enter the following command as root:
@@ -311,7 +311,7 @@ To check the status of <systemitem
class="daemon">chronyd</systemitem>, issue th
</para>
</section>
- <section id="s1-Installing_the_NTP_daemon_ntpd">
+ <section id="s1-Installing_the_NTP_Daemon_ntpd">
<title>Installing the NTP Daemon (ntpd)</title>
<para>
To install <systemitem class="service">ntpd</systemitem>,
enter the following command as <systemitem
class="username">root</systemitem>:
@@ -344,7 +344,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
</para>
</section>
-<section id="s1-Configure_the_firewall_to_allow_incoming_ntp_packets">
+<section id="s1-Configure_the_Firewall_to_Allow_Incoming_NTP_Packets">
<title>Configure the Firewall to Allow Incoming NTP Packets</title>
<para>
The <systemitem class="protocol">NTP</systemitem> traffic
consists of <systemitem class="protocol">UDP</systemitem> packets on
port <literal>123</literal> and needs to be permitted through network and
host-based firewalls in order for <systemitem
class="protocol">NTP</systemitem> to function.
@@ -465,7 +465,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
</para>
</section>
- <section id="s2_Configure_Rate_Limiting_Access_to_an_NTP_service ">
+ <section id="s2_Configure_Rate_Limiting_Access_to_an_NTP_Service">
<title>Configure Rate Limiting Access to an NTP Service</title>
<para>
To rate limit access to the <systemitem
class="protocol">NTP</systemitem> service running on a system, make use
of the <command>discard</command> command in the
<filename>ntp.conf</filename> file. See the commented out
example:<screen>
@@ -533,7 +533,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
To add a broadcast or multicast address for sending, that is to say, the address to
broadcast or multicast <systemitem class="protocol">NTP</systemitem>
packets to, make use of the <command>broadcast</command> command in the
<filename>ntp.conf</filename> file.
</para>
<para>
- The broadcast and multicast modes require authentication by default. See <xref
linkend="s1-Authentication_options_for_NTP" />.</para>
+ The broadcast and multicast modes require authentication by default. See <xref
linkend="s1-Authentication_Options_for_NTP" />.</para>
<para>
The <command>broadcast</command> command takes the following
form:</para>
<synopsis><command>broadcast</command>
<replaceable>address</replaceable></synopsis>
@@ -573,7 +573,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
The <command>broadcastclient</command> command takes the following
form:</para>
<synopsis><command>broadcastclient</command></synopsis>
<para>
- Enables the receiving of broadcast messages. Requires authentication by default.
See <xref linkend="s1-Authentication_options_for_NTP" />.
+ Enables the receiving of broadcast messages. Requires authentication by default.
See <xref linkend="s1-Authentication_Options_for_NTP" />.
</para>
<para>
This command configures a system to act as an <systemitem
class="protocol">NTP</systemitem> client. Systems can be both client
and server at the same time.
@@ -630,7 +630,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
</para>
</section>
-<section id="s2_Configuring_the_iburst_option">
+<section id="s2_Configuring_the_iburst_Option">
<title>Configuring the iburst Option</title>
<para>
To improve the time taken for initial synchronization, add the following option to
the end of a server command:
@@ -642,7 +642,7 @@ synchronised to NTP server (10.5.26.10) at stratum 2
</para>
</section>
-<section id="s2_Configuring_symmetric_authentication_using_a_key">
+<section id="s2_Configuring_Symmetric_Authentication_Using_a_Key">
<title>Configuring Symmetric Authentication Using a Key</title>
<para>
To configure symmetric authentication using a key, add the following option to the
end of a server or peer command:
@@ -660,12 +660,12 @@ broadcast 192.168.1.255 key 20
manycastclient 239.255.254.254 key 30</screen>
</para>
<para>
- See also <xref linkend="s1-Authentication_options_for_NTP" />.
+ See also <xref linkend="s1-Authentication_Options_for_NTP" />.
</para>
</section>
-<section id="s2_Configuring_the_poll_interval">
+<section id="s2_Configuring_the_Poll_Interval">
<title>Configuring the Poll Interval</title>
<para>
To change the default poll interval, add the following options to the end of a server
or peer command:
@@ -677,7 +677,7 @@ manycastclient 239.255.254.254 key 30</screen>
</section>
-<section id="s2_Configuring_server_preference">
+<section id="s2_Configuring_Server_Preference">
<title>Configuring Server Preference</title>
<para>
To specify that a particular server should be preferred above others of similar
statistical quality, add the following option to the end of a server or peer command:
@@ -711,7 +711,7 @@ manycastclient 239.255.254.254 key 30</screen>
</section>
</section>
-<section id="s1-Configuring_the_hardware_clock_update">
+<section id="s1-Configuring_the_Hardware_Clock_update">
<title>Configuring the Hardware Clock Update</title>
<para>
To configure the system clock to update the hardware clock once after executing
<application>ntpdate</application>, add the following line to
<filename>/etc/sysconfig/ntpdate</filename>: