In addition to timezone on both KDC and client , does the krb5.conf
have a clockskew parameter? The default is 300 seconds, or 5 minutes.

Sonja Benz wrote:
> Hello,
>
> I try to set ab Kerberos authentication for a Linux client to ADS. The
> behavior is strange: Obviously the client communicates with the ADS
> server, e.g. I get an "Preauthentication failed while getting initial
> credentials" if entering a wrong password and the password is locked after
> entering repeatedly a wrong password. However, "kinit" never successes,
> but when entering the correct password says "Clock skew too great while
> getting initial credentials". Surely we did check the time at client and
> server. It is correct!
>
> Any ideas, what else could be wrong and give this error message?
>
> Sonja
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>


--

Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444