On 05/04/2015 07:53 AM, Petr Spacek wrote:
On 30.4.2015 14:39, Christopher Lamb wrote:
Hi Petr

Thanks, we solved this issue and reported that back on this thread. The
troubleshooting guide has even been updated as a result.

https://www.redhat.com/archives/freeipa-users/2015-April/msg00605.html

Your suggestion has however hit the nail on the head - the problem was
clock skew between the Server hosting freeIPA and the workstations.

Petr, could we detect this situation in initial Javascript?

I can imagine that server sends its current UTC time to the browser while
login page is loading and then client could compare (local UTC) - (server UTC)
and scream if time difference is greater than ... 5 minutes or so?


I think it's possible.

Server sends HTTP response date header[1] with format [2].

In browser:

   var date = new Date(xhr.getResponseHeader('Date'));
   var diff = Date.now() - date.getTime();
   var minutes = diff / 1000 / 60;

new ticket: https://fedorahosted.org/freeipa/ticket/5015

[1] https://tools.ietf.org/html/rfc2616#section-14.18
[2] https://tools.ietf.org/html/rfc2616#section-3.3.1
--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to