ESWAR wrote: > On Aug 24, 7:53 am, Danny Mayer <[EMAIL PROTECTED]> wrote: > >> That violates the RFC requirements. No server will or should allow you >> to do that. Why are you not synchronizing your clocks? NTP is available >> on just about all platforms so there's no reason not to use it. >> >>> Please give me some suggestion how I can do this. >> You can't. >> >> Danny > > I wanted to use Kerberos authentication from machine which is not > joined to domain. so Time should effect my authentication process. > Even Client has different time then KDC time it should authenticate.
Please understand the answer that I gave you above. You cannot authenticate a client who's UTC time is different by more than 5 minutes from the KDC's UTC time. Anything else would be a protocol and a security violation. > Where can i change in MIT source code. You can't. > so i wanted to use KDC System time and use the same all the places > where it is refering get local system time. Install NTP everywhere and point them to 3-4 good NTP sources. > > what are all problems i will get if do this. > You will fail to authenticate. See RFC 1510 Section 3.2.3. Danny P.S. All questions should go to the mailing list and not to me personally. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
