Configuring A Kerberos Client With Yast - Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
46.5.3 Adjusting the Clock Skew
The clock skew is the tolerance for accepting tickets with time stamps that do not exactly
match the host's system clock. Usually, the clock skew is set to 300 seconds (five min-
utes). This means a ticket can have a time stamp somewhere between five minutes ago
and five minutes in the future from the server's point of view.
When using NTP to synchronize all hosts, you can reduce this value to about one minute.
The clock skew value can be set in /etc/krb5.conf like this:
[libdefaults]
clockskew = 120
46.6 Configuring a Kerberos Client
with YaST
As an alternative to the manual configuration described above, use YaST to configure
a Kerberos client. Proceed as follows:
1 Log in as root and select Network Services > Kerberos Client.
2 Select Use Kerberos.
3 To configure a DNS-based Kerberos client, proceed as follows:
3a Confirm the Basic Kerberos Settings that are displayed.
3b Click Advanced Settings to configure details on ticket-related issues,
OpenSSH support, and time synchronization.
4 To configure a static Kerberos client, proceed as follows:
4a Set Default Domain, Default Realm, and KDC Server Address to the values
that match your setup.
4b Click Advanced Settings to configure details on ticket-related issues,
OpenSSH support, and time synchronization.
Installing and Administering Kerberos
857
Advertisement
Table of Contents
Troubleshooting
