RES: maximum clock tolerance

Danilo Pessoa Cardoso danilo.cardoso at levelup.com.br
Fri Jul 19 17:57:59 EDT 2013 

Hello guys, thanks for the reply.

Responding the questions:
     " Care to elaborate? How different? Time zone different or
arbitrarily-set different (say, testing code)? Are they different
amongst the linux servers or only different between linux and the other
boxes?"
Here I have arbitrary-set different. There are machines that I need to
delay by 3 hours.
Is there a setting on kdc.conf that I can configure the time screw?


Att,
Danilo P. Cardoso
IT Security
Level Up! Interactive S.A.
Mail: danilo.cardoso at levelup.com.br





-----Mensagem original-----
De: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] Em nome
de Mauricio Tavares
Enviada em: sexta-feira, 19 de julho de 2013 16:43
Para: kerberos at mit.edu
Assunto: Re: maximum clock tolerance

On Fri, Jul 19, 2013 at 2:54 PM, Danilo Pessoa Cardoso
<danilo.cardoso at levelup.com.br> wrote:
> Hello guys,
>
> I have one doubt about Kerberos configuration: is it possible to 
> configure the maximum clock tolerance ( default is 5 min) on a linux 
> system?
>
      You mean
http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Clock-Ske
w.html?
>
>
> Just for your guys know, I need to do this because I currently have 
> the following environment:
>
> *         Windows servers authenticating on AD using NTLM.
>
> *         Linux servers with local authentication that has to be in
> different clock times ( so I can't use ntp here)

      Care to elaborate? How different? Time zone different or
arbitrarily-set different (say, testing code)? Are they different
amongst the linux servers or only different between linux and the other
boxes?

>
> *         Macs workstations that need to authenticate on AD
>
> *         Windows 7 workstations currently authenticating on AD using
> NTLM.
>
>
>
> What I wanna do:
>
> *         Create a Kerberos server that will handle all authentication
(
> linux + windows + macs) and manage the credentials on AD ( through 
> LDAP)
>
>
>
> Problems I have encounter
>
> *         I can't synchronize the time on various servers ( I really
> can't), so, this machines wont log onto Kerberos
>
>
>
> In the AD exists a authentication option named "Maximum tolerance for 
> computer clock synchronization" that  just "ignore" the time
variation.
> So is there a way to do this kinda configuration on Kerberos Server (a

> debian )?
>
> Based on my environment, can you guys suggest me a "better" way to 
> accomplish what I want to do!?
>
>
>
> Thanks all,
>
> Danilo P. Cardoso
>
> IT Security
>
> Level Up! Interactive S.A.
> Skype: danilopc.security
> Mail: danilo.cardoso at levelup.com.br
> <mailto:danilo.cardoso at levelup.com.br>
>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list