preetam R wrote: > Hi, > > As I under from the kerberos admin guide, the > option, kdc_timesync enables the kerberos client to > make up for the time difference between its system > time and kdc's time. > > But, then does this mean that even the application > server must also be in sync with kdc's time. Since, > the timestamp used in the Service Ticket is based on > kdc's time. > > Thanks, > Preetam
Install NTP on all systems. That way you avoid the problem in the first place. The limit between two systems using Kerberos is 5 minutes which is hardly an onerous requirement. Danny ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
