Clock Synchronization

All hosts participating in the Kerberos authentication system must have their internal clocks synchronized within a specified maximum amount of time (known as clock skew), which provides another Kerberos security check. If the clock skew is exceeded between any of the participating hosts, requests are rejected.

One way to synchronize all of the clocks is to use the Network Time Protocol (NTP) software (see "Synchronizing Clocks between KDCs and SEAM Clients" for more information). Other ways of synchronizing the clocks are available, so using NTP is not required. Some form of synchronization should be used to prevent access failures due to clock skew.

Previous: Database Propagation
Next: SEAM Preconfiguration Procedure