[5716] in Kerberos
Re: delta_t (time) error on secondary server
daemon@ATHENA.MIT.EDU (Shawn Mamros)
Wed Aug 16 09:36:27 1995
To: kerberos@MIT.EDU
Date: Wed, 16 Aug 1995 09:28:30
From: mamros@ftp.com (Shawn Mamros)
Reply-To: mamros@ftp.com
Steve Birnbaum <sbirn@jer1.co.il> writes:
>I'm running a primary Kerberos 4 server on FreeBSD and the secondary
>server on UnixWare2. The primary works great for authenticating Xyplex
>users (currently what we are using it for). However, if I try to run
>kinit on a unixware machine, including the secondary, and if I disconnect
>the primary and the xyplex has to use the secondary, I'm getting delta_t
>(time diff) errors. The date command shows that the two computers
>are less then a minute appart. The primary is configured to set the
>clock by gatekeeper.dec.com, while the uw2 machines are not using a network
>time server. Any ideas?
You don't say which two machines are less than a minute apart - the two
servers, or the client and one of the servers? If it's the two servers,
it might still be possible for the client to be less than five minutes
off from the master (the FreeBSD machine) but more than five minutes off
from the slave. Check the Xyplex's clock as well as the servers'.
One other possibility would be that, while "date" shows two machines less
than a minute apart, that might actually only be in terms of local clock
time; if one or the other machine's timezone isn't set properly, the
actual timestamps will be much further off. (I've been bitten by this one
more times than I care to remember...) Check your timezone settings on
all three machines. You might want to consider writing a small program
that just prints out the output of the time() or gettimeofday() functions;
this will tell you right away if your machines are synchronized closely
enough or not. (Although, if the two servers weren't time-synched, kprop
or any other form of Kerberos-authenticated KDC database transfer from
master to slave wouldn't work...)
Hope this helps...
-Shawn Mamros
E-mail to: mamros@ftp.com
