Timezones (Was: Win logon to a MIT Kerberos V KDC?)

Turbo Fredriksson turbo at bayour.com
Tue Oct 1 03:11:48 EDT 2002


>>>>> "Actually" == Actually davidchr <davespam at microsoft.com> writes:

    Actually> The Kerberos protocol uses GMT, so as long as your
    Actually> timezones are correct (including daylight savings)
    Actually> within the 5-minute defaults, clock skew should have no
    Actually> impact on preauthentication.

I just discovered that the time zone(s?) have no bearing on the matter
what so ever. As long as the time is syncronized regularly this is not
a problem.

I disovered that (and later verified by changing timezone back and fourth)
when the time was almost noon (11.55) on my workstation at home, but
the KDC and the wrist watch was 8.55 (which is/was the correct time).

I then discovered that my timezone was set to Pacific Time (I'd installed
a English version of Win2k but I'm Swedish). Changing it to GMT +1 (Stockholm)
got the time right, and AFS/Kerberos still worked.

Also, at least the MIT Kerberos win softwares is using UTC (seconds from
Jan 1, 1970) so timezone is no issue. That I discovered by running Leash32
(on a previous installation of the client) in debug mode.


On w2k (and NT/XP I guess) there's the service 'Windows Time' (or w32time)
which takes care of syncronizing time. I use these commands to set this up:

----- s n i p -----
net stop w32time
net time /setsntp:fartein.ifi.uio.no
net start w32time
----- s n i p -----

Might want to replace the SNTP server...



More information about the Kerberos mailing list