regarding clock skew difference between client and KDC

eswars eswars at huawei.com
Wed Aug 22 02:12:43 EDT 2007


Hi,

 

       I am using MIT Kerberos 2.6.5 libraries in windows machine. I am
using Active Directory win 2003.

I wanted to authenticate user even when clock skew difference more then 5
min.

So I used Krb5.ini file. I have updated kdc_timesync =1 and ccache_type = 4
but still I am not able to get TGT (failed to get credentials because clock
skew difference is too great).

And I tried with clockskew   with max value also. 

I know there is a configuration at Active directory KDC (Maximum tolerance
for computer clock synchronization Kerberos policy by using Active Directory
Users and Computers) to increase clock skew difference.

If machine time is synchronized I am able to authenticate and generate
service tickets also. 

 

Please give me some suggestion how I can do this.

 

Regards,

Eswar S

****************************************************************************
****************************
 This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!

 




More information about the Kerberos mailing list