maximum clock tolerance
Danilo Pessoa Cardoso
danilo.cardoso at levelup.com.br
Fri Jul 19 14:54:58 EDT 2013
Hello guys,
I have one doubt about Kerberos configuration: is it possible to
configure the maximum clock tolerance ( default is 5 min) on a linux
system?
Just for your guys know, I need to do this because I currently have the
following environment:
* Windows servers authenticating on AD using NTLM.
* Linux servers with local authentication that has to be in
different clock times ( so I can't use ntp here)
* Macs workstations that need to authenticate on AD
* Windows 7 workstations currently authenticating on AD using
NTLM.
What I wanna do:
* Create a Kerberos server that will handle all authentication (
linux + windows + macs) and manage the credentials on AD ( through LDAP)
Problems I have encounter
* I can't synchronize the time on various servers ( I really
can't), so, this machines wont log onto Kerberos
In the AD exists a authentication option named "Maximum tolerance for
computer clock synchronization" that just "ignore" the time variation.
So is there a way to do this kinda configuration on Kerberos Server (a
debian )?
Based on my environment, can you guys suggest me a "better" way to
accomplish what I want to do!?
Thanks all,
Danilo P. Cardoso
IT Security
Level Up! Interactive S.A.
Skype: danilopc.security
Mail: danilo.cardoso at levelup.com.br
<mailto:danilo.cardoso at levelup.com.br>
More information about the Kerberos
mailing list