faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: clarify hostname with nts option

Browse source
This commit is contained in:
Miroslav Lichvar 2024-08-20 14:13:38 +02:00
parent d4a4f89329
commit 6d59234995
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
doc/chrony.conf.adoc
View file

@ -126,6 +126,15 @@ mechanism. Unlike with the *key* option, the server and client do not need to
share a key in a key file. NTS has a Key Establishment (NTS-KE) protocol using share a key in a key file. NTS has a Key Establishment (NTS-KE) protocol using
the Transport Layer Security (TLS) protocol to get the keys and cookies the Transport Layer Security (TLS) protocol to get the keys and cookies
required by NTS for authentication of NTP packets. required by NTS for authentication of NTP packets.
+
With this option, the hostname specified in the server or pool directive is the
NTS-KE server or pool of NTS-KE servers respectively. The NTP server usually
runs on the same host, but it can be separated from the NTS-KE server (the
hostname or address of the NTP server is provided to the client by the NTS-KE
server).
+
The NTS-KE server can be specified by IP address if it is included in the
server's certificate as a Subject Alternative Name (SAN).
*certset* _ID_::: *certset* _ID_:::
This option specifies which set of trusted certificates should be used to verify This option specifies which set of trusted certificates should be used to verify
the server's certificate when the *nts* option is enabled. Sets of certificates the server's certificate when the *nts* option is enabled. Sets of certificates