One normally runs ntpd on every machine and configures it to fetch time from one of the atomic clocks. That should keep your machines in sync enough for Kerb not to whine. - Ben On Mon, 22 Jul 2002, kumar wrote:> Hi all, > > I want to configure Kerberos as the authenticating service for Secure > Shell.I am using a Linux machine as the KDC. > I have successfully configured the server (Linux machine) as KDC. > My client machine is HP-UX Version 11.11. > Now when i initialize the client for kerberos by running "kinit" in the > HP-UX machine(client), it displays > "kinit: Time is out of bounds (krb_rd_req)". > Documents educated me to use NTP to synchronize the time of the server and > the client.I could run service "ntpd" in server(Linux machine). > So anybody please educate me how to synchronize the two machine's time so > that i can use the kerberos service. > > Thanks in advance. > -Kumaresh. > > > > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >
Hi all, I want to configure Kerberos as the authenticating service for Secure Shell.I am using a Linux machine as the KDC. I have successfully configured the server (Linux machine) as KDC. My client machine is HP-UX Version 11.11. Now when i initialize the client for kerberos by running "kinit" in the HP-UX machine(client), it displays "kinit: Time is out of bounds (krb_rd_req)". Documents educated me to use NTP to synchronize the time of the server and the client.I could run service "ntpd" in server(Linux machine). So anybody please educate me how to synchronize the two machine's time so that i can use the kerberos service. Thanks in advance. -Kumaresh.
Circa 2002-Jul-22 10:45:19 -0500 dixit Ben Lindstrom: : One normally runs ntpd on every machine and configures it to fetch time : from one of the atomic clocks. (Or preferably from one of the publically available Stratum 2 servers, to be polite: http://www.eecis.udel.edu/~mills/ntp/servers.htm ). -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 262 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020722/621c8ce8/attachment.bin