Question on Loosely Synchronized Router Clocks

Brandon Galbraith brandon.galbraith at
Thu Sep 20 19:41:16 UTC 2007

On 9/20/07, James R. Cutler <james.cutler at> wrote:
>  Kerberos does not assume clock synchronization.
> Kerberos requires reasonable clock synchronization.
> And, as near as I can tell, clock synchronization is not part of the
> Kerberos protocol.
> Kick me if I err in this.
>         Cutler

"Kerberos requires the clocks of the involved hosts to be synchronized. The
tickets have time availability period and, if the host clock is not
synchronized with the clock of Kerberos server, the authentication will
fail. The default configuration requires that clock times are no more than
10 minutes apart. In practice,
NTP<>daemons are
usually employed to keep the host clocks synchronized."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list