timezone changes

tameemahmed.khan@wipro.com tameemahmed.khan at wipro.com
Fri Feb 4 07:50:59 EST 2005

Hello Again,

The exact change is I'm unable to get the timezone from my OS hence I
have changed the os_ctx->time_offset in krb5_timeofday to one function
"Ker_GetTimeZone" which returns me the same offset time that I have to
add to get the GMT time from my IST one.

Now that I'm able to see the ethereal log that AS-REQ's start-time and
end-time are in sync with the KRB-ERROR's stime, but this still gives
KRB5KRB_AP_ERR_SKEW. Should I change it elsewhere?

Tameem Ahmed Khan

-----Original Message-----
From: Ezra Peisach [mailto:epeisach at MIT.EDU]
Sent: Friday, February 04, 2005 5:21 PM
Cc: kerberos at MIT.EDU
Subject: Re: timezone changes

>I wanted to change the timezone according to some input parameter and
>hence have changed the time with which the AS-REQ is sent.
>server is returning a KRB5KRB_AP_ERR_SKEW

Well - of course it is...

The time that is sent over the network in ther kerberos requests is in
UTC (similar to GMT). Timezones are just a convenience to the end user -
but all computers are operating off the same timebase...

When you started mucking with the krb5_timeofday on a client - the
request that was sent to the server is totally out of wack with regards
to what it considers reality... 

There are two possibilities - either the kdc is complaining because you
are using the timestamp preauth - and your time is completly out of
wack, or the server is handling your request - and you think the server
has send you back bad data - with the time being off by more than 5

Now you mentioned AS-REQ... What time are you using for your TGS?
Essentially - you are making a mess of things when you start playing
with timezones...

Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin at wipro.com immediately
and destroy all copies of this message and any attachments.

More information about the Kerberos mailing list