[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Need trusted NTP Sources

Subject: Need trusted NTP Sources
From: cma at cmadams.net (Chris Adams)
Date: Thu, 6 Feb 2014 08:35:03 -0600
In-reply-to: <[email protected]>
References: <CACK8u8JroK3aXP3Pq=PcRvnEwzjT=jiQtJifmoKyk6D5WuRhDg@mail.gmail.com> <[email protected]>

Once upon a time, Nick Hilliard <nick at foobar.org> said:
> So presuming that your company is using RH or Fedora or CentOS something,
> the auditors are claiming that Red Hat, Inc is trusted enough to provide a
> precompiled based operating system with no feasible means of proving its
> reliability, but that they're not trustworthy enough to provide a clock
> synchronisation service?

Red Hat does not provide an NTP service themselves.  The default NTP
config on a Red Hat Enterprise Linux system uses rhel.pool.ntp.org.

I suppose some auditor could dislike the "openness" of pool.ntp.org
(basically anybody can join).  If that is the case, your best bet is to
do some combination of the following:

- As others have suggested, set up your own stratum-1 clock (can be done
  for around $100).  Ideally you'd set up more than one.

- Set up several servers with a static set of NTP servers rather than
  the general pool servers.  See the lists on www.pool.ntp.org; look
  under the docs for setting up a server to join the pool.  You don't
  have to actually join the pool, but following those docs is a good way
  to set up a stable server.

After that, point the rest of your servers at your "master" servers,
rather than the public pool.

-- 
Chris Adams <cma at cmadams.net>

References:
- Need trusted NTP Sources
  - From: notify.sina at gmail.com (Notify Me)
- Need trusted NTP Sources
  - From: nick at foobar.org (Nick Hilliard)

Prev by Date: Need trusted NTP Sources
Next by Date: SIP on FTTH systems
Previous by thread: Need trusted NTP Sources
Next by thread: Need trusted NTP Sources
Index(es):
- Date
- Thread