> http://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf > > In general, they recommend running a daemon only when absolutely necessary.
Thanks for the reference! The security risk of ntpd listening by default is a good reason for wanting to run it out of cron. >> In general, that's considered bad practice, and unnecessary because of ntpd's >> maturity. A few years ago we were bitten by NTP running out of cron on >> RedHat >> Enterprise Linux 6.0 systems because of the "tickless kernel.” > > That might be from folks using ntpdate from cron instead of "ntpd -q" No, I think there's more to it. In my specific case we experienced problems with large time differences across machines between the cronjobs, but our cronjob didn't run as frequently as every fifteen minutes. Anyways, thanks again for explaining the use case for running ntpd out of cron. I now agree that adding such an option to puppetlabs-ntp template is a good idea. :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
