Discussion:
Linux To ADS: correct time, but "Clock skew too great .."
(too old to reply)
Sonja Benz
2007-07-20 06:23:41 UTC
Permalink
Hello,

I try to set ab Kerberos authentication for a Linux client to ADS. The
behavior is strange: Obviously the client communicates with the ADS
server, e.g. I get an "Preauthentication failed while getting initial
credentials" if entering a wrong password and the password is locked after
entering repeatedly a wrong password. However, "kinit" never successes,
but when entering the correct password says "Clock skew too great while
getting initial credentials". Surely we did check the time at client and
server. It is correct!

Any ideas, what else could be wrong and give this error message?

Sonja
Sonja Benz
2007-07-20 07:20:36 UTC
Permalink
Yes, I did check the timezone.




"Enrico M. V. Fasanelli" <***@le.infn.it>
20.07.2007 08:55

To
Sonja Benz/Germany/***@IBMDE
cc
***@mit.edu
Subject
Re: Linux To ADS: correct time, but "Clock skew too great .."






Hi,

Did you check also the timezone?

Ciao,

Enrico
---
Promise me no promises,
So I will not promise you ...
(Christina Rossetti)
Post by Sonja Benz
Hello,
I try to set ab Kerberos authentication for a Linux client to ADS. The
behavior is strange: Obviously the client communicates with the ADS
server, e.g. I get an "Preauthentication failed while getting initial
credentials" if entering a wrong password and the password is locked
after
Post by Sonja Benz
entering repeatedly a wrong password. However, "kinit" never successes,
but when entering the correct password says "Clock skew too great while
getting initial credentials". Surely we did check the time at client and
server. It is correct!
Any ideas, what else could be wrong and give this error message?
Sonja
________________________________________________
https://mailman.mit.edu/mailman/listinfo/kerberos
Scott Lowe
2007-07-20 13:22:21 UTC
Permalink
Post by Sonja Benz
Hello,
I try to set ab Kerberos authentication for a Linux client to ADS.
The behavior is strange: Obviously the client communicates with the
ADS server, e.g. I get an "Preauthentication failed while getting
initial credentials" if entering a wrong password and the password is
locked after entering repeatedly a wrong password. However, "kinit"
never successes, but when entering the correct password says "Clock
skew too great while getting initial credentials". Surely we did
check the time at client and server. It is correct!
Any ideas, what else could be wrong and give this error message?
Stupid question, I know, but did you verify AM/PM on both
ends?Sometimes that's easy to overlook.

Regards,
Scott Lowe
ePlus Technology, Inc.

--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo
Douglas E. Engert
2007-07-20 14:19:42 UTC
Permalink
In addition to timezone on both KDC and client , does the krb5.conf
have a clockskew parameter? The default is 300 seconds, or 5 minutes.
Post by Sonja Benz
Hello,
I try to set ab Kerberos authentication for a Linux client to ADS. The
behavior is strange: Obviously the client communicates with the ADS
server, e.g. I get an "Preauthentication failed while getting initial
credentials" if entering a wrong password and the password is locked after
entering repeatedly a wrong password. However, "kinit" never successes,
but when entering the correct password says "Clock skew too great while
getting initial credentials". Surely we did check the time at client and
server. It is correct!
Any ideas, what else could be wrong and give this error message?
Sonja
________________________________________________
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <***@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Loading...