RES: maximum clock tolerance
Danilo Pessoa Cardoso
danilo.cardoso at levelup.com.br
Mon Jul 22 09:00:03 EDT 2013
Thanks guys, i just solve the problem.
I added the line "clockskew = 86000" in [libdefaults] on krb5.conf (
thanks for the tip Mauricio).
Thanks to all.
De: Mauricio Tavares [mailto:raubvogel at gmail.com]
Enviada em: sexta-feira, 19 de julho de 2013 22:22
Para: Danilo Pessoa Cardoso
Cc: kerberos at mit.edu
Assunto: Re: maximum clock tolerance
On Fri, Jul 19, 2013 at 5:57 PM, Danilo Pessoa Cardoso
<danilo.cardoso at levelup.com.br> wrote:
> Hello guys, thanks for the reply.
>
> Responding the questions:
> " Care to elaborate? How different? Time zone different or
> arbitrarily-set different (say, testing code)? Are they different
> amongst the linux servers or only different between linux and the
other
> boxes?"
> Here I have arbitrary-set different. There are machines that I need to
> delay by 3 hours.
> Is there a setting on kdc.conf that I can configure the time screw?
>
I take the link I gave you was not helpful.
>
> Att,
> Danilo P. Cardoso
> IT Security
> Level Up! Interactive S.A.
> Mail: danilo.cardoso at levelup.com.br
>
>
>
>
>
> -----Mensagem original-----
> De: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] Em nome
> de Mauricio Tavares
> Enviada em: sexta-feira, 19 de julho de 2013 16:43
> Para: kerberos at mit.edu
> Assunto: Re: maximum clock tolerance
>
> On Fri, Jul 19, 2013 at 2:54 PM, Danilo Pessoa Cardoso
> <danilo.cardoso at levelup.com.br> wrote:
>> Hello guys,
>>
>> I have one doubt about Kerberos configuration: is it possible to
>> configure the maximum clock tolerance ( default is 5 min) on a linux
>> system?
>>
> You mean
>
http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Clock-Ske
> w.html?
>>
>>
>> Just for your guys know, I need to do this because I currently have
>> the following environment:
>>
>> * Windows servers authenticating on AD using NTLM.
>>
>> * Linux servers with local authentication that has to be in
>> different clock times ( so I can't use ntp here)
>
> Care to elaborate? How different? Time zone different or
> arbitrarily-set different (say, testing code)? Are they different
> amongst the linux servers or only different between linux and the
other
> boxes?
>
>>
>> * Macs workstations that need to authenticate on AD
>>
>> * Windows 7 workstations currently authenticating on AD using
>> NTLM.
>>
>>
>>
>> What I wanna do:
>>
>> * Create a Kerberos server that will handle all authentication
> (
>> linux + windows + macs) and manage the credentials on AD ( through
>> LDAP)
>>
>>
>>
>> Problems I have encounter
>>
>> * I can't synchronize the time on various servers ( I really
>> can't), so, this machines wont log onto Kerberos
>>
>>
>>
>> In the AD exists a authentication option named "Maximum tolerance for
>> computer clock synchronization" that just "ignore" the time
> variation.
>> So is there a way to do this kinda configuration on Kerberos Server
(a
>
>> debian )?
>>
>> Based on my environment, can you guys suggest me a "better" way to
>> accomplish what I want to do!?
>>
>>
>>
>> Thanks all,
>>
>> Danilo P. Cardoso
>>
>> IT Security
>>
>> Level Up! Interactive S.A.
>> Skype: danilopc.security
>> Mail: danilo.cardoso at levelup.com.br
>> <mailto:danilo.cardoso at levelup.com.br>
>>
>>
>>
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list