-f option with kinit
Ken Raeburn
raeburn at MIT.EDU
Wed Oct 8 08:46:45 EDT 2008
On Oct 8, 2008, at 03:18, Xu, Qiang (FXSGSC) wrote:
> Just want to know if there is any way to avoid the error of
> KRB5KRB_AP_ERR_SKEW? It seems a time synchronization problem. Must I
> enable NTP to make the time in accordance with the counter part in
> Kerberos server?
The KDC will send this back if your client uses a preauth scheme which
carries as part of its protocol a timestamp; you could change the
client not to use these preauth schemes I suppose. Or alter the KDC
either not to implement the check, or to allow a much larger maximum
clock skew.
More information about the krbdev
mailing list