client's system clock is ahead of KDC system clock
Marcus Watts
mdw at umich.edu
Tue Jan 29 18:09:13 EST 2013
> Date: Tue, 29 Jan 2013 14:43:17 PST
> To: "kerberos at mit.edu" <kerberos at mit.edu>
> From: Jim Shi <hanmao_shi at apple.com>
> Subject: client's system clock is ahead of KDC system clock
>
> Hi, if a client's system clock is one hour ahead of KDC system clock, should I
> get a valid TGT?, or
> should I get clock skewed error?
>
> We have clients that are able to get TGT when system clock is ahead of server c
> lock. Any idea if this is client issue? a KDC server issue?
> Thanks
>
> Jim
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
Actually it's a perfectly valid case (so far as the kdc is concerned);
you're just getting postdated tickets that will be valid in one hour.
So if you're patient...
The more interesting case is if the clock is only a fraction
of a second fast. This isn't a problem for users, but it
is a problem for scripts that get a ticket and immediately use
it: the result is sometimes the ticket will work, and
sometimes it won't.
-Marcus Watts
More information about the Kerberos
mailing list