kdc_timesync
Danny Mayer
mayer at ntp.isc.org
Wed Aug 16 08:13:49 EDT 2006
preetam R wrote:
> Hi,
>
> As I under from the kerberos admin guide, the
> option, kdc_timesync enables the kerberos client to
> make up for the time difference between its system
> time and kdc's time.
>
> But, then does this mean that even the application
> server must also be in sync with kdc's time. Since,
> the timestamp used in the Service Ticket is based on
> kdc's time.
>
> Thanks,
> Preetam
Install NTP on all systems. That way you avoid the problem in the first
place. The limit between two systems using Kerberos is 5 minutes which
is hardly an onerous requirement.
Danny
More information about the Kerberos
mailing list