Slightly confused by user-to-user authentication...

Chris Hecker checker at d6.com
Thu Jul 7 19:16:47 EDT 2011


Awesome, I think this is going to work great!  I'm going to write up my 
experiences with Kerberos for multiplayer games once I get it all working.

Do you know if the memory cc will do the right thing with clock skew 
during the duration of the program?  I'm still trying to decide what 
kind of cc to use.

Chris



On 2011/07/07 05:44, Greg Hudson wrote:
> On Thu, 2011-07-07 at 01:59 -0400, Chris Hecker wrote:
>> One more question about user-to-user:  the FAQ says that the "Clocks
>> Adrift" paper's solution for not forcing clients to have synced clocks
>> is implemented in krb5.  How does this relate to user-to-user sessions?
>
> This should work for user-to-user sessions.  When a client gets initial
> credentials, it learns its clock skew relative to the KDC.  (For
> processes which come in later, the clock skew is remembered in
> file-based ccaches.  If you use a different type of ccache, such as a
> Linux keyring cache, this mechanism may not work.)  So both clients
> should be pretending that their time is the KDC's time for the purpose
> of Kerberos operations.
>
>
>



More information about the Kerberos mailing list