[6885] in Kerberos
Re: OpenV*Secure NX Setup problems
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu Mar 14 10:51:27 1996
Date: Thu, 14 Mar 96 10:32:01 EST
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: "Victor C.M. Lai" <vilai@PROBLEM_WITH_INEWS_GATEWAY_FILE.MIT.EDU>
Cc: kerberos@MIT.EDU
In-Reply-To: [6883]
Victor,
We have typed the correct password , but the systems response
"OpenV*SecureAdmin : Clock Skew too great in KDC reply"
"Clock Skew too great" means either that the clock on the client host
from which you are running secure_admin and the clock on the Primary
Server are not synchronized, or that you do not have the updated
version which contains a fix for a "leap year" bug that was recently
discovered in most versions of Kerberos. If your clocks are
synchronized, then you must be seeing the bug; a fix is available,
contact OpenVision for details.
Instead of using "secure_admin" tool, we have tried use "kdb5_edit"
command to add principles.
The OpenV*Secure documentation very explicitly states that you cannot
use kdb5_edit to add principals to the database. Please read the
section in the Administrator's Manual that talks about this topic.
If you want to use a command-line tool to add principals, use the
program secure_admin_cli (it was in the "unsupported" directory when I
left OV, but it works and there is a man page). secure_admin_cli is a
remote client application, like secure_admin, and it will require you
to enter an admin password. If you want to use a command-line tool
directly on the Primary Server without typing a password (ie: like
using kdb5_edit), you can use secure_admin_cli.local, also in the
"unsupported" directory.
$ kinit viclai
password for viclai@ASL.COM.HK:
the reponse error message below :
"kinit: KDC reply did not match expectations while getting initial
credentials"
This error again reflects the clock synchronization or leap year
problems, if I recall correctly. It has nothing to do with the fact
that you added the principal with kdb5_edit.
Would you mind to help us solve the above problems ??
OpenVision's techical support number is (800) 223-OPEN.
Barry
