Why use krb5_set_real_time() instead of NTP ?

Luke Howard lukeh at padl.com
Wed May 10 05:23:26 GMT 2006

>I think though that an XP box joining an AD domain performs
>a negprot request to get the current time before issuing
>the AS_REQ to be able to compensate for clock skew.
>I'll admit that's clever.  That might be a little hard
>to hook into our client code right now though.  I can
>live with the the currentTime attribute from the rootDSE
>for the moment.

But in neither case is the timestamp protected, right? So
you don't really (securely) know what the KDC time is.

-- Luke


More information about the samba-technical mailing list