Need trusted NTP Sources

Notify Me at
Thu Feb 6 11:46:06 UTC 2014

We're a redhat shop, and we  use redhat auth which by default uses redhat
NTP sources. Sounds odd to me too. They claim this is what PCI DSS demands.
On Feb 6, 2014 11:43 AM, "Nick Hilliard" <nick at> wrote:

> On 06/02/2014 10:03, Notify Me wrote:
> > I'm trying to help a company I work for to pass an audit, and we've
> > been told we need trusted NTP sources (RedHat doesn't cut it).
> So presuming that your company is using RH or Fedora or CentOS something,
> the auditors are claiming that Red Hat, Inc is trusted enough to provide a
> precompiled based operating system with no feasible means of proving its
> reliability, but that they're not trustworthy enough to provide a clock
> synchronisation service?
> My head spins.
> Get new auditors.  Your current ones are stupid.
> Nick

More information about the NANOG mailing list