Problem with kreberos auth to linux machine (user/pass from AD)

Russ Allbery rra at stanford.edu
Mon Aug 13 20:57:35 EDT 2012


George <george.m at wp.pl> writes:

> Aug 14 01:58:15 ubuntu32 sshd[15831]: pam_krb5(sshd:auth): (user 
> testuser) krb5_get_init_creds_password: Clock skew too great

Check the client system clock?  Kerberos uses timestamps fairly heavily as
part of its protocol, and if the time on the server and the client differs
by too much, everything stops working.

In general, you probably want to be running ntpd or some equivalent on any
host that's involved in Kerberos.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list