-f option with kinit

Ken Raeburn raeburn at MIT.EDU
Wed Oct 8 08:46:45 EDT 2008

On Oct 8, 2008, at 03:18, Xu, Qiang (FXSGSC) wrote:
> Just want to know if there is any way to avoid the error of  
> KRB5KRB_AP_ERR_SKEW? It seems a time synchronization problem. Must I  
> enable NTP to make the time in accordance with the counter part in  
> Kerberos server?

The KDC will send this back if your client uses a preauth scheme which  
carries as part of its protocol a timestamp; you could change the  
client not to use these preauth schemes I suppose.  Or alter the KDC  
either not to implement the check, or to allow a much larger maximum  
clock skew.

More information about the krbdev mailing list