Questions on openldap and kerberos....
John Tobin
jtobin at po-box.esu.edu
Mon Jan 7 13:04:54 EST 2013
The kdc, and this client [the ldapsearch] are both on the same machine.
I assume both of these processes get their clock reading from a 'date' type
function off of the [same] machine... How can one skew from the other? It's
the same clock....
tob
On 1/7/13 12:45 PM, "Russ Allbery" <rra at stanford.edu> wrote:
> John Tobin <jtobin at po-box.esu.edu> writes:
>
>> On the other hand the test put forward with the ldapsearch is running as
>> a client on the server machine..... It's just one machine, so how does
>> that work? How can I get different times when the client and server are
>> on the same machine? I would be assuming that the local clock is used
>> for both....did I miss something?
>
> The clock of the Kerberos KDC also matters here. I'm guessing that's the
> one that you're skewed from.
More information about the Kerberos
mailing list