On Wed, May 21, 2008 at 11:08 PM, Marcy Cortes <[EMAIL PROTECTED]> wrote:
> We've been running NTP for every with no ill effects. Our > authentication product requires it be there (to active directory so > presumably Kerberos is the reason). The requirements of Kerberos are moderate and require systems to be reasonably close in time. As I understand you want the time difference small enough that you can not do a brute force decode in that time. I believe they talk about minutes. I expect System z TOD clocks to be ~ 0.1 ppm or so, that would be 3 seconds per year (your average PC does that per day when not corrected). Back then (SLES8) the SuSE code for running ntpd was broken and caused overshoots at boot time. With ntpdate you avoid these issues. But you only notice that when the hardware TOD is seriously off (like a few minutes). When Linux on System z would be designed to take advantage of a correct TOD clock, the savings could be considerable because the clock could be read entirely in user-space. Ideally you'd also want some of the higher semantics of system time in the hardware too... Rob -- Rob van der Heij Velocity Software GmbH http://velocitysoftware.com/