Why use krb5_set_real_time() instead of NTP ?
lukeh at padl.com
Wed May 10 05:23:26 GMT 2006
>I think though that an XP box joining an AD domain performs
>a negprot request to get the current time before issuing
>the AS_REQ to be able to compensate for clock skew.
>I'll admit that's clever. That might be a little hard
>to hook into our client code right now though. I can
>live with the the currentTime attribute from the rootDSE
>for the moment.
But in neither case is the timestamp protected, right? So
you don't really (securely) know what the KDC time is.
More information about the samba-technical