doc: clarify hostname with nts option

2024-08-20 14:13:38 +02:00 · 2024-08-20 14:13:38 +02:00 · 6d59234995
commit 6d59234995
parent d4a4f89329
1 changed files with 9 additions and 0 deletions
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@ -126,6 +126,15 @@ mechanism. Unlike with the *key* option, the server and client do not need to
 share a key in a key file. NTS has a Key Establishment (NTS-KE) protocol using
 the Transport Layer Security (TLS) protocol to get the keys and cookies
 required by NTS for authentication of NTP packets.
+
+With this option, the hostname specified in the server or pool directive is the
+NTS-KE server or pool of NTS-KE servers respectively. The NTP server usually
+runs on the same host, but it can be separated from the NTS-KE server (the
+hostname or address of the NTP server is provided to the client by the NTS-KE
+server).
+
+The NTS-KE server can be specified by IP address if it is included in the
+server's certificate as a Subject Alternative Name (SAN).
 *certset* _ID_:::
 This option specifies which set of trusted certificates should be used to verify
 the server's certificate when the *nts* option is enabled. Sets of certificates