kerberos and time zone

Andrea Cirulli acirulli at gmail.com
Fri Apr 17 04:36:56 EDT 2009


Hi all,

I have the following problem:

We are managing the authentication of several servers with Kerberos. The
issue lies in the fact that the servers are in different time-zone, so we
have problem with clock skew errors. Are there any solution or workaround
that accomplish this requirement using different ntp in different time zone
in a way that the KDC server knows which is the real clock skew between two
different time zone?

Let's say i have a server located in Rome and its time is synch with an
italian ntp and we have a server located in New York with time synch with an
American NTP. Considering the time zone the two times are synch, however for
kerberos are desynch.

Is there any workaround or solution to this issue?

We are planning to use a bigger clock skew which will cover the difference
between the two time zones ( this is the worst solution).

Any hint would be helpful.

Thanks in advance.

-- 
Andrea Cirulli



More information about the Kerberos mailing list