regarding clock skew difference between client and KDC
eswars
eswars at huawei.com
Wed Sep 5 04:38:56 EDT 2007
I have one server it has always sync with KDC. So I will get that system
time from server for my client machine and use it in Kerberos Protocol
exchange. I think it is possible where ever Kerberos Client Protocol
referring local machine time (Client machine) I can use this time to
generate tkt's instead of updating client system time.
I will do NTP client work but I will not update System.
So when ever client sends KRB_AP_REQ plain message it can will contain
Timestamp this may be client machine current time in this place I can use my
Server machine time.
Regards,
Eswar S
****************************************************************************
****************************
This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
More information about the Kerberos
mailing list