Synchronizing Time on the Server (UNIX)

Kerberos assumes a universal idea of time, and uses timestamps and expiration dates in messages. So it is essential that all computers participating in Kerberos have reasonably synchronized time. ISC Networking runs Internet time servers synced via radio clock which you may use to ensure accurate time on your server.

Using an NTP Daemon

Most UNIX platforms will work well running the Network Time Protocol (NTP) for time synchronization. Here are steps to using it.

  1. Installation. An NTP daemon comes standard with most UNIX platforms and simply needs to be configured. The configuration procedure may vary from operating system to operating system, so consult your documentation for specifics.

    For platforms without NTP, source code distributions can be obtained from:

    http://www.eecis.udel.edu/~ntp/

    The latest version is (at least) NTP Version 4, and the latest release is (at least) 4.1.1a. See the INSTALL file for build instructions. The distribution has a scripts directory with some startup script skeletons.

  2. Configuration. You need to synchronize time with the three campus time servers, timeserver1.upenn.edu, timeserver2.upenn.edu, and timeserver3.upenn.edu . For NTP version 4, this configuration file will work:

    driftfile       /var/ntp/ntp.drift  
    server          timeserver1.upenn.edu version 3  
    server          timeserver2.upenn.edu version 3  
    server          timeserver3.upenn.edu version 3  
    Common locations for this file are /etc/inet/ntp.conf or /etc/ntp.conf.
  3. Make sure the /etc/services has the following entries for POP and IMAP service:
  4. time		37/tcp
    time 37/udp
  5. If you use firewalls, tcp-wrappers or other restrictions on access, be sure to modify firewall or tcp-wrappers rules to allow the new services.
HOME...