java, kerberos, telnet authentication

[Brett K.]

Hello,

I'm attempting to use http://www.stonesoup.org/javak to build an
application that can use kerberos v4 telnet authentication.  However,
despite a week of reading documents and source, I'm still new to all
of this and having difficulties.  My general procedure:

1.  Create and send an AS request to the KDC server with client of
user at REALM and server using the same REALM.
2.  Receive reply and obtain initial credentials using password as
key.
3.  Create and send a TGS request to the same KDC server with the
initial credentials, client user at REALM and server rcmd.addr at REALM
4.  Receive reply and obtain credentials (krbtgt.REALM at REALM)
5.  Use credentials with telnet authentication.

First, am I using the correct client name (username), instance (empty)
and realm (DOMAIN.EXT capitalized) and server name ("rcmd"), instance
(sub-domain), and realm (DOMAIN.EXT capitalized, same as client
realm)?

Second, I am receiving an error 'clockskew too big' (RD_AP_TIME) from
the reply from the TGS.  When I look at the timestamp on the initial
credentials obtained from the AS, they are within seconds of my own
clock.  Any ideas why I might be receiving this error, how I can debug
it further (anyone running a test server that I can try to communicate
with?), or any other advice?

Thanks,
-Brett