kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]
Nicolas Williams
Nicolas.Williams at sun.com
Mon Jul 9 08:41:54 PDT 2007
On Mon, Jul 09, 2007 at 01:05:55AM -0700, Michael Hunter wrote:
> On Mon, 09 Jul 2007 09:35:41 +0200
> Roland Mainz <roland.mainz at nrubsig.org> wrote:
>
> [...]
> > ... or "kclient" could check whether the "ntp" client service is running
> [...]
>
> But this seems in conflict with the security concern.
>
> And define "working". Has it found a server? Did it find the right
> [...]
And it's unfriendly. Kerberos V requires synchronized time.
It would technically be possible for systems with host principals and
keys to use the Kerberos V KDC protocols securly to obtain a timestamp
from the KDC with 1 second resolution. But we do not have a tool that
implements this at this point.
Nico
--
More information about the opensolaris-arc
mailing list