sumit-bose commented on a pull request """ On Tue, Sep 06, 2016 at 05:37:14AM -0700, Pavel Březina wrote: > On 09/06/2016 02:21 PM, Jakub Hrozek wrote: > > On Tue, Sep 06, 2016 at 05:10:07AM -0700, Pavel Březina wrote: > > > On 09/06/2016 01:51 PM, Jakub Hrozek wrote: > > > > Thanks for the ack, I would also like to ask @sumit-bose > > > > <https://github.com/sumit-bose> if he agrees with the change. > > > > > > Btw since clock skew is not fatal anymore, is it possible for us to > > > actually perform online authentication? > > > > The TGT times are generated on the server and the error usually happens > > only when the client attempts to use the TGT for something like FAST > > tunnel establishment or TGT validation. See Sumit's reply here: > > https://bugzilla.redhat.com/show_bug.cgi?id=1373427#c4 > > > > (that's why I wanted him to confirm this is a good idea) > > AFAIK kinit's magic applies clock skew to the timestamp in the ticket > and compares times within the client's range. I'm just asking if there > is something similar we can do in SSSD:
iirc this magic is applied to the timestamps used in the "default" pre-authentication method where encrypted timestamps are send around. This does not related to the timestamps in the tickets. > > > > -- > You are receiving this because you were mentioned. > Reply to this email directly or view it on GitHub: > https://github.com/SSSD/sssd/pull/15#issuecomment-244936798 """ See the full comment at https://github.com/SSSD/sssd/pull/15#issuecomment-244943023
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org