total round trip time and by subtracting the processing time derive the actual traveling time. By assuming
the outgoing and return trips take equal time, the single-trip delay in receiving the NTP data is calculated.
The full NTP algorithm is much more complex than presented here.
When a packet containing time information is received it is not immediately responded to, but is first
subject to validation checks and then processed together with several other time samples to arrive at an
estimate of the time. This is then compared to the system clock to determine the time offset, the
difference between the system clock’s time and what ntpd has determined the time should be. The
system clock is adjusted slowly, at most at a rate of 0.5 ms per second, to reduce this offset by changing
the frequency of the counter being used. It will take at least 2000 seconds to adjust the clock by 1 second
using this method. This slow change is referred to as slewing and cannot go backwards. If the time offset
of the clock is more than 128 ms (the default setting), ntpd can "step" the clock forwards or backwards. If
the time offset at system start is greater than 1000 seconds then the user, or an installation script, should
make a manual adjustment. See Chapter 3, Configuring the Date and Time . With the -g option to the
ntpd command (used by default), any offset at system start will be corrected, but during normal operation
only offsets of up to 1000 seconds will be corrected.
Some software may fail or produce an error if the time is changed backwards. For systems that are
sensitive to step changes in the time, the threshold can be changed to 600 s instead of 128 ms using the -
x option (unrelated to the -g option). Using the -x option to increase the stepping limit from 0.128 s to
600 s has a drawback because a different method of controlling the clock has to be used. It disables the
kernel clock discipline and may have a negative impact on the clock accuracy. The -x option can be added
to the /etc/sysconfig/ntpd configuration file.
19.4. UNDERSTANDING THE DRIFT FILE
The drift file is used to store the frequency offset between the system clock running at its nominal
frequency and the frequency required to remain in synchronization with UTC. If present, the value
contained in the drift file is read at system start and used to correct the clock source. Use of the drift file
reduces the time required to achieve a stable and accurate time. The value is calculated, and the drift file
replaced, once per hour by ntpd. The drift file is replaced, rather than just updated, and for this reason the
drift file must be in a directory for which the ntpd has write permissions.
19.5. UTC, TIMEZONES, AND DST
As NTP is entirely in UTC (Universal Time, Coordinated), Timezones and DST (Daylight Saving Time) are
applied locally by the system. The file /etc/localtime is a copy of, or symlink to, a zone information file
from /usr/share/zoneinfo. The RTC may be in localtime or in UTC, as specified by the 3rd line of
/etc/adjtime, which will be one of LOCAL or UTC to indicate how the RTC clock has been set. Users can
easily change this setting using the checkbox System Clock Uses UTC in the Date and Time graphical
configuration tool. See Chapter 3, Configuring the Date and Time for information on how to use that tool.
Running the RTC in UTC is recommended to avoid various problems when daylight saving time is changed.
The operation of ntpd is explained in more detail in the man page ntpd(8). The resources section lists
useful sources of information. See Section 19.20, “Additional Resources”.
19.6. AUTHENTICATION OPTIONS FOR NTP
NTPv4 NTPv4 added support for the Autokey Security Architecture, which is based on public asymmetric
cryptography while retaining support for symmetric key cryptography. The Autokey protocol is described
in RFC 5906 Network Time Protocol Version 4: Autokey Specification. Unfortunately, it was found later
that the protocol has serious security issues, and thus Red Hat strongly recommends to use symmetric
keys instead. The man page ntp_auth(5) describes the authentication options and commands for ntpd.
An attacker on the network can attempt to disrupt a service by sending NTP packets with incorrect time