Synchronizing Time on the Server (UNIX)
Kerberos assumes a universal idea of time, and uses timestamps and expiration
dates in messages. So it is essential that all computers participating in
Kerberos have reasonably synchronized time. ISC Networking runs Internet
time servers synced via radio clock which you may use to ensure
accurate time on your server.
Using an NTP Daemon
Most UNIX platforms will work well running the
Network Time Protocol (NTP) for time synchronization. Here are
steps to using it.
Installation. An NTP daemon comes standard with most
UNIX platforms and simply needs to be configured.
The configuration procedure may vary from operating system to operating
system, so consult your documentation for specifics.
For platforms without NTP, source code distributions can be obtained
from:
http://www.eecis.udel.edu/~ntp/
The latest version is (at least) NTP Version 4, and the latest release is
(at least) 4.1.1a. See the INSTALL file for build instructions. The
distribution has a scripts directory with some startup script
skeletons.
Configuration. You need to synchronize time with the
three campus time servers, timeserver1.upenn.edu, timeserver2.upenn.edu,
and timeserver3.upenn.edu .
For NTP version 4, this configuration file will work:
driftfile /var/ntp/ntp.drift
server timeserver1.upenn.edu version 3
server timeserver2.upenn.edu version 3
server timeserver3.upenn.edu version 3
Common locations for this file are /etc/inet/ntp.conf
or /etc/ntp.conf.
Make sure the /etc/services has the following entries for POP
and IMAP service:
time 37/tcp
time 37/udp
If you use firewalls, tcp-wrappers or other restrictions on
access, be sure to modify firewall or tcp-wrappers rules to
allow the new services.
|
