regarding clock skew difference between client and KDC

Danny Mayer mayer at ntp.isc.org
Thu Aug 23 22:53:05 EDT 2007


eswars wrote:
> Hi,
> 
>  
> 
>        I am using MIT Kerberos 2.6.5 libraries in windows machine. I am
> using Active Directory win 2003.
> 
> I wanted to authenticate user even when clock skew difference more then 5
> min.
> 

That violates the RFC requirements. No server will or should allow you
to do that. Why are you not synchronizing your clocks? NTP is available
on just about all platforms so there's no reason not to use it.

> 
> Please give me some suggestion how I can do this.
> 

You can't.

Danny



More information about the Kerberos mailing list