[128] in Kerberos
re: Time synchronization
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:31:45 1987
From Saltzer@ATHENA.MIT.EDU Thu Oct 23 17:50:34 1986
Date: Thu, 23 Oct 86 17:47:32 EDT
To: miller%erlang.DEC@decwrl.DEC.COM (Steve Miller)
Subject: re: Time synchronization
Cc: kerberos@athena.mit.edu (Distribution list @KERB)
In-Reply-To: miller%erlang.DEC@decwrl.DEC.COM (Steve Miller)'s message of 23-Oct-1986 0948
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Originating-Client: <E40-391A-1.MIT.EDU>
A quick strategy that would help improve the situation would be to
have crontab on the Kerberos server run a program once a day to
invoke the network standard time server, compare it with the Kerberos
clock, and if they are different by more than 15 seconds, send a mail
message to the Kerberos administrator. The Kerberos administrator
would be the only one who would actually modify the Kerberos clock.
With this approach, the only bad effect of a spoofed, inaccurate, or
unauthenticated timeservice response is a message to the
administrator.
Jerry
