pbrezina commented on a pull request """ On 09/06/2016 02:21 PM, Jakub Hrozek wrote: > On Tue, Sep 06, 2016 at 05:10:07AM -0700, Pavel Březina wrote: > > On 09/06/2016 01:51 PM, Jakub Hrozek wrote: > > > Thanks for the ack, I would also like to ask @sumit-bose > > > <https://github.com/sumit-bose> if he agrees with the change. > > > > Btw since clock skew is not fatal anymore, is it possible for us to > > actually perform online authentication? > > The TGT times are generated on the server and the error usually happens > only when the client attempts to use the TGT for something like FAST > tunnel establishment or TGT validation. See Sumit's reply here: > https://bugzilla.redhat.com/show_bug.cgi?id=1373427#c4 > > (that's why I wanted him to confirm this is a good idea)
AFAIK kinit's magic applies clock skew to the timestamp in the ticket and compares times within the client's range. I'm just asking if there is something similar we can do in SSSD: """ See the full comment at https://github.com/SSSD/sssd/pull/15#issuecomment-244936798
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
