[4069] in Kerberos
Re: Kerberos
daemon@ATHENA.MIT.EDU (Kevin P. Neal)
Sat Oct 22 20:20:54 1994
To: kerberos@MIT.EDU
Date: 22 Oct 1994 23:42:28 GMT
From: kpn@thunder.catt.ncsu.edu (Kevin P. Neal)
SysAdmin (kpn@thunder.catt.ncsu.edu) wrote:
: Michael L. VanLoon (michaelv@MindBender.HeadCandy.com) wrote:
: : In article <38aak9$nor@taco.cc.ncsu.edu> kpn@thunder.catt.ncsu.edu (Kevin P. Neal) writes:
: : Thanks. We got the gatekeeper source, and it compiled nicely. However,
: : the problem with the date still exists.
: : A correct password is answered with "Time is out of bounds."
: : I have never experienced this.
: : We set the time to be in sync with time.mit.edu, no luck. We got rid
: : of /etc/localtime, no luck. We then set the time back to near the
: : correct time, in hopes of getting it to work. Alas, no luck.
: : You need to have /etc/localtime symlinked to /usr/share/zoneinfo/US/Eastern.
: : I use ntp to keep my system time-synced to time.iastate.edu (which is
: : synced to the same atomic clock time.mit.edu is synced to, I'm sure).
: : Time.iastate.edu is also kerberos.iastate.edu, so I'm time-synced to
: : the kerberos server that I'm trying to authenticate to.
: I had localtime linked correctly, then got rid of it as a test. It's back
: in place now.
: I don't have ntp (it is a standard thing or do I have to compile it myself),
: but I do do an rdate kerberos.ncsu.edu (which is eos00a.eos.ncsu.edu) and
: my clock is set correctly as far as I can see. Date returns the correct
: date and stuff. It knows the correct timezone.
: : I am told that kerberos expects the system time to be no more than 5 min.
: : away from mit's time. I can use rdate to set the time to mit's time,
: : yet it still will not work.
: : The key is your system needs to be less than five minutes off of the
: : kerberos server YOU are trying to sync to. This has very little to do
: : with time.mit.edu, if your kerberos server is not synced to
: : time.mit.edu. You need to be in sync with your kerberos server. Have
: : you tried running an ntp and syncing it to your kerberos server
: : instead of time.mit.edu?
: Like I said, I rdate the kerberos server and it sets my time.
: Could this be a configuration file problem?
: I do a kinit kpneal@EOS.NCSU.EDU and it seems to recognize a correct password,
: it gives the time error only on a correct password.
: If it helps, this is an Amiga 3000 running NetBSD pre-release 1.0 beta 2.
: The driver for the battclock is not there yet, I lose the date on cold
: reset. No problem, I just rdate on startup. I don't believe this is a
: real problem, IMHO.
: I'm stuck. And I'm getting tired of watching these linux people running
: zephyr and kerberos and all that, and I can't get kerberos to run.
: Is there a way to get kerberos to give me back the time it wants me to
: be set to? In other words, give me the time that I am more than 5 min
: away from. That might help.
: : --
: : - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
: : Michael L. VanLoon michaelv@HeadCandy.com michaelv@iastate.edu
: : Free your mind and your machine -- NetBSD free un*x for PC/Mac/Amiga/etc.
: : Working NetBSD ports: 386+PC, Mac, Amiga, HP300, Sun3, Sun4c, PC532
: : In progress: DEC pmax (MIPS R2k/3k), VAX, Sun4m
: : - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Well, we sort of got it. I have to set my clock 7 hours 9 minutes ahead
of the kerberos server to keep kerberos from complaining. Why?
This won't work. I don't want to keep my machine 7 hours 9 minutes
ahead. Any ideas?
--
// Kevin P. Neal | case@catt.ncsu.edu
// Sophomore, CSC/CPE | kpneal@eos.ncsu.edu
// North Carolina State University | kevinneal@bix.com
// www.catt.ncsu.edu: mosaic page, pgp key through finger
